System i: Programming Secure Sockets APIs - IBM

More documents

Recommendations

Info

gsk_attribute_get_enum()—Get enumerated information about a secure session or an SSL environment Syntax #include int gsk_attribute_get_enum(gsk_handle my_gsk_handle, GSK_ENUM_ID enumID, GSK_ENUM_VALUE *enumValue); Service Program Name: QSYS/QSOSSLSR Default Public Authority: *USE Threadsafe: Yes The gsk_attribute_get_enum() function is used to obtain values for specific enumerated data for a secure session or an SSL environment. Parameters my_gsk_handle (Input) Indicates one of the following handles: v The handle for the secure session. (my_session_handle) v The handle for the SSL environment. (my_env_handle) enumID (Input) The following values can be used to retrieve information about the secure session or SSL environment that is either defaulted or explicitly set: v GSK_PROTOCOL_SSLV2 (403) - Whether the SSL Version 2 protocol is enabled or disabled for this secure session or SSL environment. The enumValue returned will be one of the following values: – GSK_PROTOCOL_SSLV2_ON (510) - SSL Version 2 ciphers are enabled. – GSK_PROTOCOL_SSLV2_OFF (511) - SSL Version 2 ciphers are disabled. v GSK_PROTOCOL_SSLV3 (404) - Whether the SSL Version 3 protocol is enabled or disabled for this secure session or SSL environment. The enumValue returned will be one of the following values: – GSK_PROTOCOL_SSLV3_ON (512) - SSL Version 3 ciphers are enabled. – GSK_PROTOCOL_SSLV3_OFF (513) - SSL Version 3 ciphers are disabled. v GSK_PROTOCOL_TLSV1 (407) - Whether the TLS Version 1 protocol is enabled or disabled for this secure session or SSL environment. The enumValue returned will be one of the following values: – GSK_PROTOCOL_TLSV1_ON (518) - TLS Version 1 ciphers are enabled. – GSK_PROTOCOL_TLSV1_OFF (519) - TLS Version 1 ciphers are disabled. v GSK_SESSION_TYPE (402) - Type of handshake to be used for this secure session or SSL environment. enumValue returned will be one of the following values: – GSK_CLIENT_SESSION (507) - Secure sessions act as clients. – GSK_SERVER_SESSION (508) - Secure sessions act as a server with no client authentication. The client certificate is not requested. – GSK_SERVER_SESSION_WITH_CL_AUTH (509) - Secure sessions act as a server that requests the client to send a certificate. The value for GSK_CLIENT_AUTH_TYPE will determine what happens if the client certificate is not valid or not provided. 10 System i: Programming Secure Sockets APIs
v GSK_CLIENT_AUTH_TYPE (401) - Type of client authentication to use for this session. enumValue must specify one of the following: – GSK_CLIENT_AUTH_FULL (503) - All received certificates are validated. If a certificate that is not valid is received, the secure session does not start, and an error code is returned from gsk_secure_soc_init(). If no certificate is sent by the client, the start of the secure session is successful. Applications can detect this situation by checking the GSK_CERTIFICATE_VALIDATION_CODE enumId via gsk_attribute_get_numeric value(). A numValue of GSK_ERROR_NO_CERTIFICATE will indicate no certificate was sent by client. In this case, the application is responsible for the authentication of the client. – GSK_CLIENT_AUTH_PASSTHRU (505) - All received certificates are validated. If validation is successful or validation fails because the certificate is expired, or does not have a trusted root, the secure session will start. For the other validation failure cases the secure session does not start, and an error code is returned from gsk_secure_soc_init(). Applications can detect the situation where the secure session started but validation failed by checking the GSK_CERTIFICATE_VALIDATION_CODE enumId via gsk_attribute_get_numeric value(). The numValue will indicate the certificate validation return code for client’s certificate. In this situation, the application is responsible for the authentication of the client. If no certificate is sent by the client, the start of the secure session is successful. Applications can detect this situation by checking the GSK_CERTIFICATE_VALIDATION_CODE enumId as well. A numValue of GSK_ERROR_NO_CERTIFICATE will indicate no certificate was sent by client. In this case, the application is also responsible for the authentication of the client. – GSK_OS400_CLIENT_AUTH_REQUIRED (6995) - All received certificates are validated. If a certificate that is not valid is received, the secure session does not start, and an error code is returned from gsk_secure_soc_init(). If no certificate is sent by the client, the secure session does not start, and an error code of GSK_ERROR_NO_CERTIFICATE is returned from gsk_secure_soc_init(). v GSK_PROTOCOL_USED (405) - Which protocol was used for this secure session. The enumValue returned will be one of the following values: – GSK_PROTOCOL_USED_SSLV2 (514) - The protocol used for this secure session is SSL Version 2. – GSK_PROTOCOL_USED_SSLV3 (515) - The protocol used for this secure session is SSL Version 3. – GSK_PROTOCOL_USED_TLSV1 (520) - The protocol used for this secure session is TLS Version 1. v GSK_SID_FIRST (406) - Whether a full handshake or abbreviated handshake occurred for this secure session. The enumValue returned will be one of the following values: – GSK_SID_IS_FIRST (516) - A full handshake occurred for this secure session. – GSK_SID_NOT_FIRST (517) - An abbreviated handshake occurred for this secure session. v GSK_SERVER_AUTH_TYPE (410) - Type of server authentication to use for this session. enumValue must specify one of the following: – GSK_SERVER_AUTH_FULL (534) - All received certificates are validated. If a certificate that is not valid is received, the secure session does not start, and an error code is returned from gsk_secure_soc_init(). If no certificate is sent by the server, the secure session does not start, and an error code of GSK_ERROR_NO_CERTIFICATE is returned from gsk_secure_soc_init(). – GSK_SERVER_AUTH_PASSTHRU (535) - All received certificates are validated. If validation is successful or validation fails because the certificate has expired or does not have a trusted root, the secure session will start. For the other validation failure cases the Secure Sockets APIs 11
Page 1: System i Programming Secure Sockets
Page 4 and 5: Note Before using this information
Page 6 and 7: Related Information . . . . . . . .
Page 8 and 9: vi System i: Programming Secure Soc
Page 10 and 11: APIs These are the APIs for this ca
Page 12 and 13: ufID (Input) The following values c
Page 14 and 15: v GSK_CONNECT_CIPHER_SPEC v GSK_SID
Page 16 and 17: [GSK_INSUFFICIENT_STORAGE] Not able
Page 20 and 21: secure session does not start, and
Page 22 and 23: API introduced: V5R1 Top | UNIX-Typ
Page 24 and 25: v GSK_FD v GSK_HANDSHAKE_TIMEOUT v
Page 26 and 27: [GSK_INVALID_STATE] One of the foll
Page 28 and 29: 8. If GSK_OS400_APPLICATION_ID is s
Page 30 and 31: if validation fails because the cer
Page 32 and 33: gsk_attribute_set_enum()—Set enum
Page 34 and 35: active secure sessions will continu
Page 36 and 37: gsk_attribute_set_numeric_value()
Page 38 and 39: v GSK_V3_SIDCACHE_SIZE v GSK_LDAP_S
Page 40 and 41: v “gsk_secure_soc_init()—Negoti
Page 42 and 43: [ETERM] Operation terminated. If an
Page 44 and 45: 2. v GSK_SESSION_TYPE set to GSK_CL
Page 46 and 47: Error Messages Message ID Error Mes
Page 48 and 49: [GSK_AS400_ERROR_INVALID_POINTER] T
Page 50 and 51: attributes. In most cases, as resul
Page 52 and 53: Error Messages Message ID Error Mes
Page 54 and 55: v “gsk_secure_soc_misc()—Perfor
Page 56 and 57: matched sets. If a client applicati
Page 58 and 59: Authorities Authorization of *R (al
Page 60 and 61: gsk_secure_soc_startRecv()—Start
Page 62 and 63: The handle specified was not valid.
Page 64 and 65: v “gsk_secure_soc_misc()—Perfor
Page 66 and 67: Authorities No authorization is req
Page 68 and 69:
6. Socket option SO_SNDTIMEO is not
Page 70 and 71:
[EPIPE] [EUNATCH] The specified des
Page 72 and 73:
Example The following example shows
Page 74 and 75:
Qlg_Path_Name_T *keyringFileName (i
Page 76 and 77:
v The CCSID specified in the keyrin
Page 78 and 79:
unsigned protocol; /* SSL protocol
Page 80 and 81:
Service Program Name: QSOSSLSR Defa
Page 82 and 83:
Related Information v “SSL_Create
Page 84 and 85:
unsigned int cipherSuiteListLen The
Page 86 and 87:
[EBADF] [EBUSY] Permission denied.
Page 88 and 89:
ignore attempts by applications to
Page 90 and 91:
C Constant System Value TLS_RSA_WIT
Page 92 and 93:
ignore attempts by applications to
Page 94 and 95:
v Use the system default cipher spe
Page 96 and 97:
An error occurred in SSL processing
Page 98 and 99:
Parameters int sslreturnvalue (Inpu
Page 100 and 101:
Parameters SSLHandle* handle (input
Page 102 and 103:
[EUNATCH] [EUNKNOWN] The protocol r
Page 104 and 105:
Authorities No authorization is req
Page 106 and 107:
struct SSLHandleStr { /* SSLHandleS
Page 108 and 109:
Error Messages Message ID Error Mes
Page 110 and 111:
Name of Header File Name of File in
Page 112 and 113:
Name Value Text Details ENOTWRITE 3
Page 114 and 115:
Name Value Text Details EHOSTDOWN 3
Page 116 and 117:
Name Value Text Details EISDIR 3471
Page 118 and 119:
Name Value Text Details EBADFID 351
Page 120 and 121:
CONDITIONS OF MERCHANTABILITY, FITN
Page 122 and 123:
IBM Corporation Software Interopera
Page 124 and 125:
SAA SecureWay SOM System i System i
Page 126:
118 System i: Programming Secure So
show all

System i: Programming Secure Sockets APIs - IBM

Create successful ePaper yourself

Delete template?

Save as template?