SSL_new_domain.3ossl - Man Page
SSL object interface for managing QUIC event domains
Synopsis
#include <openssl/ssl.h> SSL *SSL_new_domain(SSL_CTX *ctx, uint64_t flags); int SSL_is_domain(SSL *ssl); SSL *SSL_get0_domain(SSL *ssl);
Description
The SSL_new_domain() function creates a new QUIC event domain, represented as an SSL object. This is known as a QUIC domain SSL object (QDSO). The concept of a QUIC event domain is discussed in detail in openssl-quic-concurrency(7).
The flags argument to SSL_new_domain() specifies a set of domain flags. If the flags argument to SSL_new_domain() does not specify one of the flags SSL_DOMAIN_FLAG_SINGLE_THREAD, SSL_DOMAIN_FLAG_MULTI_THREAD or SSL_DOMAIN_FLAG_THREAD_ASSISTED, the domain flags configured on the SSL_CTX are inherited as a default and any other flags in flags are added to the set of inherited flags. Otherwise, the domain flags in flags are used. See SSL_CTX_set_domain_flags(3) for details of the available domain flags and how they can be configured on a SSL_CTX.
A QUIC domain SSL object can be managed in the same way as any other SSL object, in that it can be refcounted and freed normally. A QUIC domain SSL object is the parent of a number of child objects such as QUIC listener SSL objects. Once a QUIC domain SSL object has been created, a listener can be created under it using SSL_new_listener_from(3).
SSL_is_domain() returns 1 if a SSL object is a QUIC domain SSL object.
SSL_get0_domain() obtains a pointer to the QUIC domain SSL object in a SSL object hierarchy (if any).
All SSL objects in a QUIC event domain use the same domain flags, and the domain flags for a QUIC domain cannot be changed after construction.
Supported Operations
A QUIC domain SSL object exists to contain other QUIC SSL objects and provide unified event handling. As such, it supports only the following operations:
- Standard reference counting and free operations, such as SSL_up_ref(3) and SSL_free(3);
- Event processing and polling enablement APIs such as SSL_handle_events(3), and SSL_get_event_timeout(3).
- Creating listeners under the domain using SSL_new_listener_from(3).
The basic workflow of using a domain object is as follows:
- Create a new domain object using SSL_new_domain() using a SSL_CTX which uses a supported SSL_METHOD (such as OSSL_QUIC_server_method(3));
- Create listeners under the domain using SSL_new_listener_from(3).
Refer to SSL_new_listener_from(3) for details on using listeners.
Currently, domain SSL objects are only supported for QUIC usage via any QUIC SSL_METHOD.
Return Values
SSL_new_domain() returns a new domain SSL object or NULL on failure.
SSL_is_domain() returns 0 or 1 depending on the type of the SSL object on which it is called.
SSL_get0_domain() returns an SSL object pointer (potentially to the same object on which it is called) or NULL.
See Also
SSL_new_listener_from(3) SSL_handle_events(3), SSL_CTX_set_domain_flags(3), openssl-quic-concurrency(7)
History
These functions were added in OpenSSL 3.5.
Copyright
Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
Referenced By
openssl-quic.7ossl(7), openssl-quic-concurrency.7ossl(7), SSL_CTX_set_domain_flags.3ossl(3), SSL_new_listener.3ossl(3).
The man pages SSL_get0_domain.3ossl(3) and SSL_is_domain.3ossl(3) are aliases of SSL_new_domain.3ossl(3).