System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
System i: Programming Secure Sockets APIs - IBM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
If no certificate is sent by the client, the start of the secure session is successful. Applications<br />
can detect this situation by checking the GSK_CERTIFICATE_VALIDATION_CODE enumId<br />
through gsk_attribute_get_numeric value(). A numValue of GSK_ERROR_NO_CERTIFICATE<br />
will indicate no certificate was sent by client. In this case, the application is responsible for<br />
the authentication of the client.<br />
– GSK_CLIENT_AUTH_PASSTHRU (505) - All received certificates are validated. If<br />
validation is successful or validation fails because the certificate is expired or does not have<br />
a trusted root, the secure session will start. For the other validation failure cases the secure<br />
session does not start, and an error code is returned from gsk_secure_soc_init().<br />
Applications can detect the situation where the secure session started but validation failed<br />
by checking the GSK_CERTIFICATE_VALIDATION_CODE enumId via<br />
gsk_attribute_get_numeric value(). The numValue will indicate the certificate validation<br />
return code for client’s certificate. In this situation, the application is responsible for the<br />
authentication of the client.<br />
If no certificate is sent by the client, the start of the secure session is successful. Applications<br />
can detect this situation by checking the GSK_CERTIFICATE_VALIDATION_CODE enumId<br />
as well. A numValue of GSK_ERROR_NO_CERTIFICATE will indicate no certificate was sent<br />
by client. In this case, the application is also responsible for the authentication of the client.<br />
NOTE: If Authentication PassThru is set, and the application set the certificate callback to<br />
GSK_VALIDATION_REQUIRED, SSL will reject the call with an error code<br />
GSK_CONFLICTING_VALIDATION_SETTING. If a certificate validation callback has been<br />
set to GSK_VALIDATION_REQUIRED, and application set authentication to PassThru, SSL<br />
will also reject the call with an error code GSK_CONFLICTING_VALIDATION_SETTING.<br />
– GSK_OS400_CLIENT_AUTH_REQUIRED (6995) - All received certificates are validated. If<br />
a certificate that is not valid is received, the secure session does not start, and an error code<br />
is returned from gsk_secure_soc_init(). If no certificate is sent by the client, the secure<br />
session does not start, and an error code of GSK_ERROR_NO_CERTIFICATE is returned<br />
from gsk_secure_soc_init().<br />
v GSK_SERVER_AUTH_TYPE (410) - Type of server authentication to use for this session.<br />
enumValue must specify one of the following:<br />
– GSK_SERVER_AUTH_FULL (534) - All received certificates are validated. If a certificate<br />
that is not valid is received, the secure session does not start, and an error code is returned<br />
from gsk_secure_soc_init(). If no certificate is sent by the server, the secure session does not<br />
start, and an error code of GSK_ERROR_NO_CERTIFICATE is returned from<br />
gsk_secure_soc_init().<br />
– GSK_SERVER_AUTH_PASSTHRU (535) - All received certificates are validated. If<br />
validation is successful or validation fails because the certificate has expired or does not<br />
have a trusted root, the secure session will start. For the other validation failure cases the<br />
secure session does not start, and an error code is returned from gsk_secure_soc_init().<br />
Applications can detect the situation where the secure session started but validation failed<br />
by checking the GSK_CERTIFICATE_VALIDATION_CODE enumId via<br />
gsk_attribute_get_numeric value(). The numValue will indicate the certificate validation<br />
return code for server’s certificate. In this situation, the application is responsible for the<br />
authentication of the server.<br />
It is highly recommended that this option only be used if an alternate authentication method<br />
is used.<br />
NOTE: If Authentication PassThru is set, and the application set the certificate callback to<br />
GSK_VALIDATION_REQUIRED, SSL will reject the call with an error code<br />
GSK_CONFLICTING_VALIDATION_SETTING. If a certificate validation callback has been<br />
set to GSK_VALIDATION_REQUIRED, and application set authentication to PassThru, SSL<br />
will also reject the call with an error code GSK_CONFLICTING_VALIDATION_SETTING.<br />
v GSK_ENVIRONMENT_CLOSE_OPTIONS (411) - Type of special close options to use for this<br />
environment. If gsk_environment_close() is issued prior to all secure sessions being closed, the<br />
<strong>Secure</strong> <strong>Sockets</strong> <strong>APIs</strong> 25