View Source ssl_session_cache_api behaviour (ssl v11.2)

TLS session cache API

Defines the API for the TLS session cache (pre TLS-1.3) so that the data storage scheme can be replaced by defining a new callback module implementing this API.

Summary

Types

The opaque part of the key. Does not need to be handled by the callback.

The session data that is stored for each session.

A key to an entry in the session cache.

Callbacks

Deletes a cache entry. Is only called from the cache handling process.

Calls Fun(Elem, AccIn) on successive elements of the cache, starting with AccIn == Acc0. Fun/2 must return a new accumulator, which is passed to the next call. The function returns the final value of the accumulator. Acc0 is returned if the cache is empty.

Includes property {role, client | server}. Currently this is the only predefined property, there can also be user-defined properties. See also application environment variable session_cb_init_args.

Looks up a cache entry. Is to be callable from any process.

Selects sessions that can be reused, that is sessions that include PartialKey in its key. Is to be callable from any process.

Returns the number of sessions in the cache. If size exceeds the maximum number of sessions, the current cache entries will be invalidated regardless of their remaining lifetime. Is to be callable from any process.

Takes care of possible cleanup that is needed when the cache handling process terminates.

Caches a new session or updates an already cached one. Is only called from the cache handling process.

Types

Link to this opaque

partial_key()

View Source (opaque) (since OTP R14B)
-opaque partial_key()

The opaque part of the key. Does not need to be handled by the callback.

Link to this opaque

session()

View Source (opaque) (since OTP R14B)
-opaque session()

The session data that is stored for each session.

Link to this type

session_cache_key()

View Source (since OTP R14B)
-type session_cache_key() :: {partial_key(), ssl:session_id()}.

A key to an entry in the session cache.

Link to this type

session_cache_ref()

View Source (since OTP R14B)
-type session_cache_ref() :: any().

Callbacks

Link to this callback

delete/2

View Source (since OTP R14B)
-callback delete(session_cache_ref(), session_cache_key()) -> any().

Deletes a cache entry. Is only called from the cache handling process.

Link to this callback

foldl/3

View Source (optional) (since OTP R14B)
-callback foldl(fun(), term(), session_cache_ref()) -> term().

Calls Fun(Elem, AccIn) on successive elements of the cache, starting with AccIn == Acc0. Fun/2 must return a new accumulator, which is passed to the next call. The function returns the final value of the accumulator. Acc0 is returned if the cache is empty.

Note

Since OTP-23.3 this functions is only used on the client side and does not need to implemented for a server cache.

-callback init(list()) -> session_cache_ref().

Includes property {role, client | server}. Currently this is the only predefined property, there can also be user-defined properties. See also application environment variable session_cb_init_args.

Performs possible initializations of the cache and returns a reference to it that is used as parameter to the other API functions. Is called by the cache handling processes init function, hence putting the same requirements on it as a normal process init function. This function is called twice when starting the SSL application, once with the role client and once with the role server, as the SSL application must be prepared to take on both roles.

Link to this callback

lookup/2

View Source (since OTP R14B)
-callback lookup(session_cache_ref(), session_cache_key()) ->
          #session{session_id :: term(),
                   internal_id :: term(),
                   peer_certificate :: term(),
                   own_certificates :: term(),
                   private_key :: term(),
                   cipher_suite :: term(),
                   master_secret :: term(),
                   srp_username :: term(),
                   is_resumable :: term(),
                   time_stamp :: term(),
                   ecc :: term(),
                   sign_alg :: term(),
                   dh_public_value :: term()} |
          undefined.

Looks up a cache entry. Is to be callable from any process.

Link to this callback

select_session/2

View Source (optional) (since OTP R14B)
-callback select_session(session_cache_ref(), {ssl:host(), inet:port_number()} | inet:port_number()) ->
                  [#session{session_id :: term(),
                            internal_id :: term(),
                            peer_certificate :: term(),
                            own_certificates :: term(),
                            private_key :: term(),
                            cipher_suite :: term(),
                            master_secret :: term(),
                            srp_username :: term(),
                            is_resumable :: term(),
                            time_stamp :: term(),
                            ecc :: term(),
                            sign_alg :: term(),
                            dh_public_value :: term()}].

Selects sessions that can be reused, that is sessions that include PartialKey in its key. Is to be callable from any process.

Note

Since OTP-23.3 This functions is only used on the client side and does not need to implemented for a server cache.

-callback size(session_cache_ref()) -> integer().

Returns the number of sessions in the cache. If size exceeds the maximum number of sessions, the current cache entries will be invalidated regardless of their remaining lifetime. Is to be callable from any process.

Link to this callback

terminate/1

View Source (since OTP R14B)
-callback terminate(session_cache_ref()) -> any().

Takes care of possible cleanup that is needed when the cache handling process terminates.

Link to this callback

update/3

View Source (since OTP R14B)
-callback update(session_cache_ref(),
       session_cache_key(),
       #session{session_id :: term(),
                internal_id :: term(),
                peer_certificate :: term(),
                own_certificates :: term(),
                private_key :: term(),
                cipher_suite :: term(),
                master_secret :: term(),
                srp_username :: term(),
                is_resumable :: term(),
                time_stamp :: term(),
                ecc :: term(),
                sign_alg :: term(),
                dh_public_value :: term()}) ->
          any().

Caches a new session or updates an already cached one. Is only called from the cache handling process.