OpenSSL

Cryptography and SSL/TLS Toolkit

SSL_INCOMING_STREAM_POLICY_ACCEPT

NAME

SSL_set_incoming_stream_policy, SSL_INCOMING_STREAM_POLICY_AUTO, SSL_INCOMING_STREAM_POLICY_ACCEPT, SSL_INCOMING_STREAM_POLICY_REJECT - manage the QUIC incoming stream policy

SYNOPSIS

#include <openssl/ssl.h>

#define SSL_INCOMING_STREAM_POLICY_AUTO
#define SSL_INCOMING_STREAM_POLICY_ACCEPT
#define SSL_INCOMING_STREAM_POLICY_REJECT

int SSL_set_incoming_stream_policy(SSL *conn, int policy,
                                          uint64_t app_error_code);

DESCRIPTION

SSL_set_incoming_stream_policy() policy changes the incoming stream policy for a QUIC connection. Depending on the policy configured, OpenSSL QUIC may automatically reject incoming streams initiated by the peer. This is intended to ensure that legacy applications using single-stream operation with a default stream on a QUIC connection SSL object are not passed remotely-initiated streams by a peer which those applications are not prepared to handle.

app_error_code is an application error code which will be used in any QUIC STOP_SENDING or RESET_STREAM frames generated to implement the policy. The default application error code is 0.

The valid values for policy are:

SSL_INCOMING_STREAM_POLICY_AUTO

This is the default setting. Incoming streams are accepted according to the following rules:

  • If the default stream mode (configured using SSL_set_default_stream_mode(3)) is set to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI (the default) or SSL_DEFAULT_STREAM_MODE_AUTO_UNI, the incoming stream is rejected.

  • Otherwise (where the default stream mode is SSL_DEFAULT_STREAM_MODE_NONE), the application is assumed to be stream aware, and the incoming stream is accepted.

SSL_INCOMING_STREAM_POLICY_ACCEPT

Always accept incoming streams, allowing them to be dequeued using SSL_accept_stream(3).

SSL_INCOMING_STREAM_POLICY_REJECT

Always reject incoming streams.

Where an incoming stream is rejected, it is rejected immediately and it is not possible to gain access to the stream using SSL_accept_stream(3). The stream is rejected using QUIC STOP_SENDING and RESET_STREAM frames as appropriate.

RETURN VALUES

Returns 1 on success and 0 on failure.

This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL object.

SEE ALSO

SSL_set_default_stream_mode(3), SSL_accept_stream(3)

HISTORY

SSL_set_incoming_stream_policy() was added in OpenSSL 3.2.

Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.