SSL_set_incoming_stream_policy.3ossl - Man Page

manage the QUIC incoming stream policy

Synopsis

 #include <openssl/ssl.h>

 #define SSL_INCOMING_STREAM_POLICY_AUTO
 #define SSL_INCOMING_STREAM_POLICY_ACCEPT
 #define SSL_INCOMING_STREAM_POLICY_REJECT

 int SSL_set_incoming_stream_policy(SSL *conn, int policy,
                                           uint64_t app_error_code);

Description

SSL_set_incoming_stream_policy() policy changes the incoming stream policy for a QUIC connection. Depending on the policy configured, OpenSSL QUIC may automatically reject incoming streams initiated by the peer. This is intended to ensure that legacy applications using single-stream operation with a default stream on a QUIC connection SSL object are not passed remotely-initiated streams by a peer which those applications are not prepared to handle.

app_error_code is an application error code which will be used in any QUIC STOP_SENDING or RESET_STREAM frames generated to implement the policy. The default application error code is 0.

The valid values for policy are:

SSL_INCOMING_STREAM_POLICY_AUTO

This is the default setting. Incoming streams are accepted according to the following rules:

  • If the default stream mode (configured using SSL_set_default_stream_mode(3)) is set to SSL_DEFAULT_STREAM_MODE_AUTO_BIDI (the default) or SSL_DEFAULT_STREAM_MODE_AUTO_UNI, the incoming stream is rejected.
  • Otherwise (where the default stream mode is SSL_DEFAULT_STREAM_MODE_NONE), the application is assumed to be stream aware, and the incoming stream is accepted.
SSL_INCOMING_STREAM_POLICY_ACCEPT

Always accept incoming streams, allowing them to be dequeued using SSL_accept_stream(3).

SSL_INCOMING_STREAM_POLICY_REJECT

Always reject incoming streams.

Where an incoming stream is rejected, it is rejected immediately and it is not possible to gain access to the stream using SSL_accept_stream(3). The stream is rejected using QUIC STOP_SENDING and RESET_STREAM frames as appropriate.

Return Values

Returns 1 on success and 0 on failure.

This function fails if called on a QUIC stream SSL object, or on a non-QUIC SSL object.

See Also

SSL_set_default_stream_mode(3), SSL_accept_stream(3)

History

SSL_set_incoming_stream_policy() was added in OpenSSL 3.2.

Referenced By

openssl-quic.7ossl(7), ossl-guide-quic-multi-stream.7ossl(7), SSL_accept_stream.3ossl(3), SSL_set_default_stream_mode.3ossl(3).

The man pages SSL_INCOMING_STREAM_POLICY_ACCEPT.3ossl(3), SSL_INCOMING_STREAM_POLICY_AUTO.3ossl(3) and SSL_INCOMING_STREAM_POLICY_REJECT.3ossl(3) are aliases of SSL_set_incoming_stream_policy.3ossl(3).

2024-09-12 3.2.2 OpenSSL