System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
v GSK_CERT_VALIDATION_CALLBACK (805) This is the callback that is required to do<br />
additional certificate validation<br />
callBackAreaPtr (Input)<br />
Address of a callback routine or address of a structure containing pointers to callback routines<br />
appropriate to the callBackID. The following indicate what should be pointed to by the<br />
callBackAreaPtr based on the value of the callBackID.<br />
v GSK_ENVIRONMENT_CLOSE_CALLBACK - The callBackAreaPtr should be set to the<br />
address of a function with prototype pGSK_ENVIRONMENT_CLOSE_CALLBACK.<br />
pGSK_ENVIRONMENT_CLOSE_CALLBACK is defined as:<br />
typedef void ( *pGSK_ENVIRONMENT_CLOSE_CALLBACK) (gsk_handle my_env_handle);<br />
v GSK_CERT_VALIDATION_CALLBACK - The callBackAreaPtr must point to a<br />
validationCallBack structure. That structure is defined as:<br />
typedef struct validationCallBack_struct<br />
{<br />
pgsk_cert_validation_callback validation_callback;<br />
VALIDATE_REQUIRED validateRequired;<br />
CERT_NEEDED certificateNeeded;<br />
} validationCallBack;<br />
– validationCallBack.validation_callback should be set to a value of type<br />
pgsk_cert_validation_callback. This is the pgsk_cert_validation_callback typedef:<br />
typedef int (*pgsk_cert_validation_callback)(const unsigned char * my_CertificateChain,<br />
int my_validation_status)<br />
Do not use pgsk_cert_validation_callback as a variable type when you create your prototype<br />
and function though. The following prototype should be used in the code for the function<br />
whose address will be assigned to validationCallBack.validation_callback:<br />
int foo(const unsigned char * my_CertificateChain,<br />
int my_validation_status);<br />
The return value from this function will be one of following:<br />
- GSK_OK (0) - Application accepts the certificate, and SSL will continue the handshake<br />
with this value.<br />
- GSK_ERROR_CERT_VALIDATION (8) - Application does not accept the certificate, and<br />
SSL handshake will terminate immediately with this value. If callback routine return other<br />
than GSK_OK, SSL will consider it as GSK_ERROR_CERT_VALIDATION and terminate<br />
the handshake.<br />
Parameters<br />
my_CertificateChain (Input)<br />
A pointer to a copy of buffer which contains the data of certificate chain.<br />
my_validation_status (Input)<br />
Results from SSL certificate validation:<br />
- GSK_VALIDATION_SUCCESSFUL (0) - Validation is successful.<br />
- GSK_OS400_ERROR_NOT_TRUSTED_ROOT (6000) - The certificate is not signed<br />
by a trusted certificate authority<br />
- GSK_KEYFILE_CERT_EXPIRED (107) - The validity time period of the certificate<br />
has expired.<br />
– validationCallBack.validateRequired - This is the flag to inform SSL when to call the certificate<br />
validation callback. The following values can be used :<br />
- GSK_NO_VALIDATION (900) - User application would like SSL to validate and<br />
authenticate the certificate first before calling the certificate validation callback. However,<br />
<strong>Secure</strong> <strong>Sockets</strong> <strong>APIs</strong> 21