System i: Programming Secure Sockets APIs - IBM

More documents

Recommendations

Info

if validation fails because the certificate is expired or does not have a trusted root the certificate validation callback will still be called. - GSK_VALIDATION_REQUIRED (901) - User application would like SSL to validate and authenticate the certificate first before calling the certificate validation callback. - NOTE: If Authentication PassThru is set, and the application set the certificate callback to GSK_VALIDATION_REQUIRED, SSL will reject the call with an error code GSK_CONFLICTING_VALIDATION_SETTING. If a certificate validation callback has been set to GSK_VALIDATION_REQUIRED, and application set authentication to PassThru, SSL will also reject the call with an error code GSK_CONFLICTING_VALIDATION_SETTING. – validationCallBack.certificateNeeded - Provides certificate chain flag which informs SSL what certificate chain should be passed to the certificate validation callback. The following values can be used: - GSK_COMPLETED_CERTIFICATE_CHAIN (951) - To pass the callback routine the complete certificate chain built by SSL during certificate validation and authentication. - GSK_CERTIFICATE_CHAIN_SENT_VIA_SSL (950) - To pass the callback routine the complete certificate chain built by SSL during certificate validation and authentication. - GSK_END_ENTITY_CERTIFICATE (952) - To pass the callback routine the EE certificate only. Note: This value will be ignored when the user set certificate validation flag to GSK_NO_VALIDATION. In other words, SSL will set it to GSK_CERTIFICATE_CHAIN_SENT_VIA_SSL. Authorities No authorization is required. Return Value gsk_attribute_set_callback() returns an integer. Possible values are: [GSK_OK] gsk_attribute_set_callback() was successful. [GSK_ATTRIBUTE_INVALID_ID] The callBackID specified was not valid. [GSK_ATTRIBUTE_INVALID_ENUMERATION] An enumeration referenced by the callBackAreaPtr was not valid. [GSK_CONFLICTING_VALIDATION_SETTING] The value for the validationCallBack.validateRequired field for GSK_CERT_VALIDATION_CALLBACK conflicts with the setting for either GSK_SERVER_AUTH_TYPE or GSK_CLIENT_AUTH_TYPE set by gsk_attribute_set_enum(). [GSK_INVALID_STATE] The callBackID cannot be set after a gsk_environment_init() has been issued. [GSK_INVALID_HANDLE] The handle specified was not valid. [GSK_ERROR_UNSUPPORTED] The callBackID is currently not supported. [GSK_ERROR_IO] An error occurred in SSL processing, check the errno value. 22 System i: Programming Secure Sockets APIs
Error Conditions When the gsk_attribute_set_callback() API fails with return code [GSK_ERROR_IO], errno can be set to: [EINTR] Interrupted function call. [EDEADLK] Resource deadlock avoided. [ETERM] Operation terminated. If an errno is returned that is not in this list, look in “Errno Values for UNIX-Type Functions” on page 103 for a description of the errno. Usage Notes 1. The following GSK_CALLBACK_ID values may be set in the SSL environment after gsk_environment_open() and before gsk_environment_init(). They are used as defaults for subsequent secure sessions: v GSK_ENVIRONMENT_CLOSE_CALLBACK v GSK_CERT_VALIDATION_CALLBACK 2. The following GSK_CALLBACK_ID values currently are not supported in the i5/OS ® implementation: v GSK_IO_CALLBACK v GSK_SID_CACHE_CALLBACK v GSK_CLIENT_CERT_CALLBACK v GSK_PKCS11_CALLBACK Related Information v “gsk_attribute_set_enum()—Set enumerated information for a secure session or an SSL environment” on page 24—Set enumerated information for a secure session or an SSL environment. v “gsk_attribute_set_buffer()—Set character information for a secure session or an SSL environment” on page 16—Set character string information for a secure session or an SSL environment. v “gsk_attribute_set_numeric_value()—Set numeric information for a secure session or an SSL environment” on page 28—Set numeric information for a secure session or an SSL environment v “gsk_environment_init()—Initialize an SSL environment” on page 32—Initialize an SSL environment v “gsk_environment_open()—Get a handle for an SSL environment” on page 34—Get a handle for an SSL environment v “gsk_secure_soc_init()—Negotiate a secure session” on page 38—Negotiate a secure session v “gsk_secure_soc_misc()—Perform miscellaneous functions for a secure session” on page 41—Perform miscellaneous functions for a secure session v “gsk_secure_soc_open()—Get a handle for a secure session” on page 44—Get a handle for a secure session v “gsk_strerror()—Retrieve GSKit runtime error message” on page 62—Retrieve GSK runtime error message API introduced: V5R3 Top | UNIX-Type APIs | APIs by category Secure Sockets APIs 23
Page 1: System i Programming Secure Sockets
Page 4 and 5: Note Before using this information
Page 6 and 7: Related Information . . . . . . . .
Page 8 and 9: vi System i: Programming Secure Soc
Page 10 and 11: APIs These are the APIs for this ca
Page 12 and 13: ufID (Input) The following values c
Page 14 and 15: v GSK_CONNECT_CIPHER_SPEC v GSK_SID
Page 16 and 17: [GSK_INSUFFICIENT_STORAGE] Not able
Page 18 and 19: gsk_attribute_get_enum()—Get enum
Page 20 and 21: secure session does not start, and
Page 22 and 23: API introduced: V5R1 Top | UNIX-Typ
Page 24 and 25: v GSK_FD v GSK_HANDSHAKE_TIMEOUT v
Page 26 and 27: [GSK_INVALID_STATE] One of the foll
Page 28 and 29: 8. If GSK_OS400_APPLICATION_ID is s
Page 32 and 33: gsk_attribute_set_enum()—Set enum
Page 34 and 35: active secure sessions will continu
Page 36 and 37: gsk_attribute_set_numeric_value()
Page 38 and 39: v GSK_V3_SIDCACHE_SIZE v GSK_LDAP_S
Page 40 and 41: v “gsk_secure_soc_init()—Negoti
Page 42 and 43: [ETERM] Operation terminated. If an
Page 44 and 45: 2. v GSK_SESSION_TYPE set to GSK_CL
Page 46 and 47: Error Messages Message ID Error Mes
Page 48 and 49: [GSK_AS400_ERROR_INVALID_POINTER] T
Page 50 and 51: attributes. In most cases, as resul
Page 52 and 53: Error Messages Message ID Error Mes
Page 54 and 55: v “gsk_secure_soc_misc()—Perfor
Page 56 and 57: matched sets. If a client applicati
Page 58 and 59: Authorities Authorization of *R (al
Page 60 and 61: gsk_secure_soc_startRecv()—Start
Page 62 and 63: The handle specified was not valid.
Page 64 and 65: v “gsk_secure_soc_misc()—Perfor
Page 66 and 67: Authorities No authorization is req
Page 68 and 69: 6. Socket option SO_SNDTIMEO is not
Page 70 and 71: [EPIPE] [EUNATCH] The specified des
Page 72 and 73: Example The following example shows
Page 74 and 75: Qlg_Path_Name_T *keyringFileName (i
Page 76 and 77: v The CCSID specified in the keyrin
Page 78 and 79: unsigned protocol; /* SSL protocol
Page 80 and 81:
Service Program Name: QSOSSLSR Defa
Page 82 and 83:
Related Information v “SSL_Create
Page 84 and 85:
unsigned int cipherSuiteListLen The
Page 86 and 87:
[EBADF] [EBUSY] Permission denied.
Page 88 and 89:
ignore attempts by applications to
Page 90 and 91:
C Constant System Value TLS_RSA_WIT
Page 92 and 93:
ignore attempts by applications to
Page 94 and 95:
v Use the system default cipher spe
Page 96 and 97:
An error occurred in SSL processing
Page 98 and 99:
Parameters int sslreturnvalue (Inpu
Page 100 and 101:
Parameters SSLHandle* handle (input
Page 102 and 103:
[EUNATCH] [EUNKNOWN] The protocol r
Page 104 and 105:
Authorities No authorization is req
Page 106 and 107:
struct SSLHandleStr { /* SSLHandleS
Page 108 and 109:
Error Messages Message ID Error Mes
Page 110 and 111:
Name of Header File Name of File in
Page 112 and 113:
Name Value Text Details ENOTWRITE 3
Page 114 and 115:
Name Value Text Details EHOSTDOWN 3
Page 116 and 117:
Name Value Text Details EISDIR 3471
Page 118 and 119:
Name Value Text Details EBADFID 351
Page 120 and 121:
CONDITIONS OF MERCHANTABILITY, FITN
Page 122 and 123:
IBM Corporation Software Interopera
Page 124 and 125:
SAA SecureWay SOM System i System i
Page 126:
118 System i: Programming Secure So
show all

System i: Programming Secure Sockets APIs - IBM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?