SSL_CTX_set_new_pending_conn

Updated: 2025/Nov/16
Please read Privacy Policy. It's for your privacy.
SSL_CTX_set_new_pending_conn_cb(3)  OpenSSL SSL_CTX_set_new_pending_conn_cb(3)


NAME
       SSL_CTX_set_new_pending_conn_cb, SSL_set_new_pending_conn_cb_fn -
       callback function to report creation of QUIC connection SSL objects

SYNOPSIS
        typedef int (*SSL_set_new_pending_conn_cb_fn)(SSL_CTX *c, SSL *new_ssl,
                                                      void *arg);
        void SSL_CTX_set_new_pending_conn_cb(SSL_CTX *c,
                                            SSL_set_new_pending_conn_cb_fn *f,
                                            void *arg);

DESCRIPTION
       SSL_CTX_set_new_pending_conn_cb() sets the new_pending_conn callback
       function and associated application data argument arg.  When using the
       QUIC transport, TLS handshake processing may occur independently from
       the thread which accepts the connection that the handshake is
       establishing.  As such, SSL objects representing the connection may be
       allocated and initialized prior to a call to SSL_accept_connection().
       This registered callback may be used to decorate the preallocated SSL
       object or create other associations with its parent SSL prior to a call
       to SSL_accept_connection().

RETURN VALUES
       SSL_CTX_set_new_pending_conn_cb() returns no value.

       SSL_set_new_pending_conn_cb_fn() returns an integer value.  A return
       value of 0 indicates that the QUIC stack must discard this newly
       created SSL object, implying that the associated new connection will
       not be available for handling on a subsequent call to
       SSL_accept_connection().  A nonzero return value is treated as success,
       allowing the new connection to be enqueued to the accept queue.

SEE ALSO
       SSL_set_ex_data(3)

NOTES
       Callbacks in QUIC connections have some limitations to them that should
       be taken into consideration when writing an application.

           QUIC connections may begin processing prior to when an application
           calls SSL_accept_connection() on them.  As such, it may occur that
           callbacks are delivered to applications' registered TLS callbacks
           prior to those SSL objects being returned in
           SSL_accept_connection().  Applications should expect this
           possibility.

           In particular no references should be held on SSL objects passed to
           callbacks for QUIC connections until such time as they are returned
           through a call to SSL_accept_connection.

HISTORY
       SSL_CTX_set_new_pending_conn_cb() was added in OpenSSL 3.5

COPYRIGHT
       Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.5.1                             2025-07-01
                                            SSL_CTX_set_new_pending_conn_cb(3)