System i: Programming Secure Sockets APIs - IBM

More documents

Recommendations

Info

unsigned int cipherSuiteListLen The number of cipher suite entries specified in the list pointed to by the (input) cipherSuiteList field. unsigned char* peerCert (output) The pointer to the certificate received from the peer system. For a client, this is a pointer to the server’s certificate. For a server with client authentication enabled, this is a pointer to the client’s certificate. For a server without client authentication this pointer value remains unchanged. unsigned peerCertLen (output) The length of the certificate pointed to by the peerCert field. int (*exitPgm)(SSLHandle* sslh) (input) A pointer to a user supplied function that is called whenever a certificate is received during handshake processing. The exitPgm will be passed the pointer to the handle, which could include the peer’s certificate. The exitPgm returns a nonzero value if the peer’s certificate is accepted. The return of a zero value by the exitPgm will cause the handshake processing to fail. Users of this function do not need to provide an exit program. The pointer should be a NULL value if there is not a user-supplied exit program. The exit program should be written in a threadsafe manner. int how (input) The type of SSL handshake to be performed. The following values may be specified for handshake type and are defined in . SSL_HANDSHAKE_AS_CLIENT (0) Perform the handshake as a client. SSL_HANDSHAKE_AS_SERVER (1) Perform the handshake as a server. SSL_HANDSHAKE_AS_SERVER_WITH_CLIENT_AUTH (2) Perform the handshake as a server with client authentication. SSL_HANDSHAKE_AS_SERVER_WITH_OPTIONAL_CLIENT_AUTH (3) Perform the handshake as a server with optional client authentication. Authorities Authorization of *R (allow access to the object) to the key ring file and its associated files is required. Return Value The SSL_Handshake() API returns an integer. Possible values are: [0] Successful return [SSL_ERROR_BAD_CERTIFICATE] The certificate is bad. [SSL_ERROR_BAD_CERT_SIG] The certificate’s signature is not valid. [SSL_ERROR_BAD_CERTIFICATE] The certificate is bad. [SSL_ERROR_BAD_CIPHER_SUITE] A cipher suite that is not valid was specified. [SSL_ERROR_BAD_MAC] A bad message authentication code was received. [SSL_ERROR_BAD_MALLOC] Unable to allocate storage required for SSL processing. 76 System i: Programming Secure Sockets APIs
[SSL_ERROR_BAD_MESSAGE] SSL received a badly formatted message. [SSL_ERROR_BAD_PEER] The peer system is not recognized. [SSL_ERROR_BAD_STATE] SSL detected a bad state in the SSL session. [SSL_ERROR_CERTIFICATE_REJECTED ] The certificate is not valid or was rejected by the exit program. [SSL_ERROR_CERT_EXPIRED] The validity time period of the certificate is expired. [SSL_ERROR_CLOSED] The SSL session ended. [SSL_ERROR_IO] An error occurred in SSL processing; check the errno value. [SSL_ERROR_NO_CERTIFICATE] No certificate is available for SSL processing. [SSL_ERROR_NO_CIPHERS] No ciphers available or specified. [SSL_ERROR_NO_INIT] SSL_Init() was not previously called for this job. [SSL_ERROR_NOT_TRUSTED_ROOT] The certificate is not signed by a trusted certificate authority. [SSL_ERROR_PERMISSION_DENIED] Permission was denied to access object. [SSL_ERROR_SSL_NOT_AVAILABLE] SSL is not available for use. [SSL_ERROR_UNKNOWN] An unknown or unexpected error occurred during SSL processing. [SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE] i5/OS ® does not support the certificate’s type. [SSL_ERROR_UNSUPPORTED] Operation is not supported by SSL. None of the specified protocol values are supported by System SSL. Error Conditions When the SSL_Handshake() API fails with a return code of [SSL_ERROR_IO], errno can be set to: [EACCES] Secure Sockets APIs 77
Page 1:
System i Programming Secure Sockets
Page 4 and 5:
Note Before using this information
Page 6 and 7:
Related Information . . . . . . . .
Page 8 and 9:
vi System i: Programming Secure Soc
Page 10 and 11:
APIs These are the APIs for this ca
Page 12 and 13:
ufID (Input) The following values c
Page 14 and 15:
v GSK_CONNECT_CIPHER_SPEC v GSK_SID
Page 16 and 17:
[GSK_INSUFFICIENT_STORAGE] Not able
Page 18 and 19:
gsk_attribute_get_enum()—Get enum
Page 20 and 21:
secure session does not start, and
Page 22 and 23:
API introduced: V5R1 Top | UNIX-Typ
Page 24 and 25:
v GSK_FD v GSK_HANDSHAKE_TIMEOUT v
Page 26 and 27:
[GSK_INVALID_STATE] One of the foll
Page 28 and 29:
8. If GSK_OS400_APPLICATION_ID is s
Page 30 and 31:
if validation fails because the cer
Page 32 and 33:
gsk_attribute_set_enum()—Set enum
Page 34 and 35: active secure sessions will continu
Page 36 and 37: gsk_attribute_set_numeric_value()
Page 38 and 39: v GSK_V3_SIDCACHE_SIZE v GSK_LDAP_S
Page 40 and 41: v “gsk_secure_soc_init()—Negoti
Page 42 and 43: [ETERM] Operation terminated. If an
Page 44 and 45: 2. v GSK_SESSION_TYPE set to GSK_CL
Page 46 and 47: Error Messages Message ID Error Mes
Page 48 and 49: [GSK_AS400_ERROR_INVALID_POINTER] T
Page 50 and 51: attributes. In most cases, as resul
Page 54 and 55: v “gsk_secure_soc_misc()—Perfor
Page 56 and 57: matched sets. If a client applicati
Page 58 and 59: Authorities Authorization of *R (al
Page 60 and 61: gsk_secure_soc_startRecv()—Start
Page 62 and 63: The handle specified was not valid.
Page 64 and 65: v “gsk_secure_soc_misc()—Perfor
Page 66 and 67: Authorities No authorization is req
Page 68 and 69: 6. Socket option SO_SNDTIMEO is not
Page 70 and 71: [EPIPE] [EUNATCH] The specified des
Page 72 and 73: Example The following example shows
Page 74 and 75: Qlg_Path_Name_T *keyringFileName (i
Page 76 and 77: v The CCSID specified in the keyrin
Page 78 and 79: unsigned protocol; /* SSL protocol
Page 80 and 81: Service Program Name: QSOSSLSR Defa
Page 82 and 83: Related Information v “SSL_Create
Page 86 and 87: [EBADF] [EBUSY] Permission denied.
Page 88 and 89: ignore attempts by applications to
Page 90 and 91: C Constant System Value TLS_RSA_WIT
Page 92 and 93: ignore attempts by applications to
Page 94 and 95: v Use the system default cipher spe
Page 96 and 97: An error occurred in SSL processing
Page 98 and 99: Parameters int sslreturnvalue (Inpu
Page 100 and 101: Parameters SSLHandle* handle (input
Page 102 and 103: [EUNATCH] [EUNKNOWN] The protocol r
Page 104 and 105: Authorities No authorization is req
Page 106 and 107: struct SSLHandleStr { /* SSLHandleS
Page 110 and 111: Name of Header File Name of File in
Page 112 and 113: Name Value Text Details ENOTWRITE 3
Page 114 and 115: Name Value Text Details EHOSTDOWN 3
Page 116 and 117: Name Value Text Details EISDIR 3471
Page 118 and 119: Name Value Text Details EBADFID 351
Page 120 and 121: CONDITIONS OF MERCHANTABILITY, FITN
Page 122 and 123: IBM Corporation Software Interopera
Page 124 and 125: SAA SecureWay SOM System i System i
Page 126: 118 System i: Programming Secure So
show all

System i: Programming Secure Sockets APIs - IBM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?