System i: Programming Secure Sockets APIs - IBM

More documents

Recommendations

Info

8. If GSK_OS400_APPLICATION_ID is set, the GSK_KEYRING_FILE, the GSK_KEYRING_LABEL, and the GSK_KEYRING_PASSWORD values are ignored. Related Information v “gsk_attribute_get_buffer()—Get character information about a secure session or an SSL environment” on page 3 v “gsk_attribute_set_enum()—Set enumerated information for a secure session or an SSL environment” on page 24 v “gsk_attribute_set_numeric_value()—Set numeric information for a secure session or an SSL environment” on page 28 v “gsk_environment_init()—Initialize an SSL environment” on page 32 v “gsk_environment_open()—Get a handle for an SSL environment” on page 34 v “gsk_secure_soc_init()—Negotiate a secure session” on page 38 v “gsk_secure_soc_misc()—Perform miscellaneous functions for a secure session” on page 41 v “gsk_secure_soc_open()—Get a handle for a secure session” on page 44 v “gsk_strerror()—Retrieve GSKit runtime error message” on page 62 API introduced: V5R1 Top | UNIX-Type APIs | APIs by category gsk_attribute_set_callback()—Set callback pointers to routines in the user application Syntax #include int gsk_attribute_set_callback(gsk_handle my_gsk_handle, GSK_CALLBACK_ID callBackID, void *callBackAreaPtr); Service Program Name: QSYS/QSOSSLSR Default Public Authority: *USE Threadsafe: Yes The gsk_attribute_set_callback() function is used to set callback pointers to routines in the user application. These routines may be used for special purposes by the application. Parameters my_gsk_handle (Input) Indicates one of the following handles: v The handle for the secure session. (my_session_handle) v The handle for the SSL environment. (my_env_handle) callBackID (Input) Indicates one of the following operations: v GSK_ENVIRONMENT_CLOSE_CALLBACK (804) - This is the callback to have a user routine be called when the last secure session is closed that was created based on secure environment that already has been closed. 20 System i: Programming Secure Sockets APIs
v GSK_CERT_VALIDATION_CALLBACK (805) This is the callback that is required to do additional certificate validation callBackAreaPtr (Input) Address of a callback routine or address of a structure containing pointers to callback routines appropriate to the callBackID. The following indicate what should be pointed to by the callBackAreaPtr based on the value of the callBackID. v GSK_ENVIRONMENT_CLOSE_CALLBACK - The callBackAreaPtr should be set to the address of a function with prototype pGSK_ENVIRONMENT_CLOSE_CALLBACK. pGSK_ENVIRONMENT_CLOSE_CALLBACK is defined as: typedef void ( *pGSK_ENVIRONMENT_CLOSE_CALLBACK) (gsk_handle my_env_handle); v GSK_CERT_VALIDATION_CALLBACK - The callBackAreaPtr must point to a validationCallBack structure. That structure is defined as: typedef struct validationCallBack_struct { pgsk_cert_validation_callback validation_callback; VALIDATE_REQUIRED validateRequired; CERT_NEEDED certificateNeeded; } validationCallBack; – validationCallBack.validation_callback should be set to a value of type pgsk_cert_validation_callback. This is the pgsk_cert_validation_callback typedef: typedef int (*pgsk_cert_validation_callback)(const unsigned char * my_CertificateChain, int my_validation_status) Do not use pgsk_cert_validation_callback as a variable type when you create your prototype and function though. The following prototype should be used in the code for the function whose address will be assigned to validationCallBack.validation_callback: int foo(const unsigned char * my_CertificateChain, int my_validation_status); The return value from this function will be one of following: - GSK_OK (0) - Application accepts the certificate, and SSL will continue the handshake with this value. - GSK_ERROR_CERT_VALIDATION (8) - Application does not accept the certificate, and SSL handshake will terminate immediately with this value. If callback routine return other than GSK_OK, SSL will consider it as GSK_ERROR_CERT_VALIDATION and terminate the handshake. Parameters my_CertificateChain (Input) A pointer to a copy of buffer which contains the data of certificate chain. my_validation_status (Input) Results from SSL certificate validation: - GSK_VALIDATION_SUCCESSFUL (0) - Validation is successful. - GSK_OS400_ERROR_NOT_TRUSTED_ROOT (6000) - The certificate is not signed by a trusted certificate authority - GSK_KEYFILE_CERT_EXPIRED (107) - The validity time period of the certificate has expired. – validationCallBack.validateRequired - This is the flag to inform SSL when to call the certificate validation callback. The following values can be used : - GSK_NO_VALIDATION (900) - User application would like SSL to validate and authenticate the certificate first before calling the certificate validation callback. However, Secure Sockets APIs 21
Page 1: System i Programming Secure Sockets
Page 4 and 5: Note Before using this information
Page 6 and 7: Related Information . . . . . . . .
Page 8 and 9: vi System i: Programming Secure Soc
Page 10 and 11: APIs These are the APIs for this ca
Page 12 and 13: ufID (Input) The following values c
Page 14 and 15: v GSK_CONNECT_CIPHER_SPEC v GSK_SID
Page 16 and 17: [GSK_INSUFFICIENT_STORAGE] Not able
Page 18 and 19: gsk_attribute_get_enum()—Get enum
Page 20 and 21: secure session does not start, and
Page 22 and 23: API introduced: V5R1 Top | UNIX-Typ
Page 24 and 25: v GSK_FD v GSK_HANDSHAKE_TIMEOUT v
Page 26 and 27: [GSK_INVALID_STATE] One of the foll
Page 30 and 31: if validation fails because the cer
Page 32 and 33: gsk_attribute_set_enum()—Set enum
Page 34 and 35: active secure sessions will continu
Page 36 and 37: gsk_attribute_set_numeric_value()
Page 38 and 39: v GSK_V3_SIDCACHE_SIZE v GSK_LDAP_S
Page 40 and 41: v “gsk_secure_soc_init()—Negoti
Page 42 and 43: [ETERM] Operation terminated. If an
Page 44 and 45: 2. v GSK_SESSION_TYPE set to GSK_CL
Page 46 and 47: Error Messages Message ID Error Mes
Page 48 and 49: [GSK_AS400_ERROR_INVALID_POINTER] T
Page 50 and 51: attributes. In most cases, as resul
Page 52 and 53: Error Messages Message ID Error Mes
Page 54 and 55: v “gsk_secure_soc_misc()—Perfor
Page 56 and 57: matched sets. If a client applicati
Page 58 and 59: Authorities Authorization of *R (al
Page 60 and 61: gsk_secure_soc_startRecv()—Start
Page 62 and 63: The handle specified was not valid.
Page 64 and 65: v “gsk_secure_soc_misc()—Perfor
Page 66 and 67: Authorities No authorization is req
Page 68 and 69: 6. Socket option SO_SNDTIMEO is not
Page 70 and 71: [EPIPE] [EUNATCH] The specified des
Page 72 and 73: Example The following example shows
Page 74 and 75: Qlg_Path_Name_T *keyringFileName (i
Page 76 and 77: v The CCSID specified in the keyrin
Page 78 and 79:
unsigned protocol; /* SSL protocol
Page 80 and 81:
Service Program Name: QSOSSLSR Defa
Page 82 and 83:
Related Information v “SSL_Create
Page 84 and 85:
unsigned int cipherSuiteListLen The
Page 86 and 87:
[EBADF] [EBUSY] Permission denied.
Page 88 and 89:
ignore attempts by applications to
Page 90 and 91:
C Constant System Value TLS_RSA_WIT
Page 92 and 93:
ignore attempts by applications to
Page 94 and 95:
v Use the system default cipher spe
Page 96 and 97:
An error occurred in SSL processing
Page 98 and 99:
Parameters int sslreturnvalue (Inpu
Page 100 and 101:
Parameters SSLHandle* handle (input
Page 102 and 103:
[EUNATCH] [EUNKNOWN] The protocol r
Page 104 and 105:
Authorities No authorization is req
Page 106 and 107:
struct SSLHandleStr { /* SSLHandleS
Page 108 and 109:
Error Messages Message ID Error Mes
Page 110 and 111:
Name of Header File Name of File in
Page 112 and 113:
Name Value Text Details ENOTWRITE 3
Page 114 and 115:
Name Value Text Details EHOSTDOWN 3
Page 116 and 117:
Name Value Text Details EISDIR 3471
Page 118 and 119:
Name Value Text Details EBADFID 351
Page 120 and 121:
CONDITIONS OF MERCHANTABILITY, FITN
Page 122 and 123:
IBM Corporation Software Interopera
Page 124 and 125:
SAA SecureWay SOM System i System i
Page 126:
118 System i: Programming Secure So
show all

System i: Programming Secure Sockets APIs - IBM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?