OpenBSD manual page server

Manual Page Search Parameters


SSL_CTX_set_tlsext_servername_callback, SSL_CTX_set_tlsext_servername_arg, SSL_get_servername_type, SSL_get_servername, SSL_set_tlsext_host_name
handle server name indication (SNI)

#include <openssl/ssl.h>

SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx, int (*cb)(SSL_CTX *, int *, void *));

SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);

const char *
SSL_get_servername(const SSL *s, const int type);

SSL_get_servername_type(const SSL *s);

SSL_set_tlsext_host_name(const SSL *s, const char *name);

SSL_CTX_set_tlsext_servername_callback() sets the application callback cb used by a server to perform any actions or configuration required based on the servername extension received in the incoming connection. When cb is NULL, SNI is not used. The arg value is a pointer which is passed to the application callback.

SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be passed into the callback for ctx.

SSL_set_tlsext_host_name() sets the server name indication ClientHello extension to contain the value name, or clears it if name is NULL. The type of server name indication extension is set to TLSEXT_NAMETYPE_host_name as defined in RFC 3546.

All three functions are implemented as macros.

The ALPN and SNI callbacks are both executed during Client Hello processing. The servername callback is executed first, followed by the ALPN callback.

SSL_CTX_set_tlsext_servername_callback() and SSL_CTX_set_tlsext_servername_arg() always return 1 indicating success.

SSL_get_servername() returns a servername extension value of the specified type if provided in the Client Hello, or NULL otherwise.

SSL_get_servername_type() returns the servername type or -1 if no servername is present. Currently the only supported type (defined in RFC 3546) is TLSEXT_NAMETYPE_host_name.

SSL_set_tlsext_host_name() returns 1 on success or 0 in case of an error.

ssl(3), SSL_CTX_callback_ctrl(3), SSL_CTX_set_alpn_select_cb(3)

These functions first appeared in OpenSSL 0.9.8f and have been available since OpenBSD 4.5.
June 12, 2019 OpenBSD-current