System i: Programming Secure Sockets APIs - IBM

More documents

Recommendations

Info

ignore attempts by applications to use disabled protocols or ciphers unless only disabled values are used. SSL_ERROR_UNSUPPORTED will be returned when no enabled values are specified. Related Information v QlgSSL_Init()—Initialize the Current Job for SSL (using NLS-enabled path name) v “SSL_Create()—Enable SSL Support for the Specified Socket Descriptor” on page 69—Enable SSL Support for the Specified Socket Descriptor v “SSL_Destroy()—End SSL Support for the Specified SSL Session” on page 71)—End SSL Support for the Specified SSL Session v “SSL_Handshake()—Initiate the SSL Handshake Protocol” on page 74—Initiate the SSL Handshake Protocol v “SSL_Init_Application()—Initialize the Current Job for SSL Processing Based on the Application Identifier”—Initialize the Current Job for SSL Processing Based on the Application Identifier v “SSL_Read()—Receive Data from an SSL-Enabled Socket Descriptor” on page 91—Receive Data from an SSL-Enabled Socket Descriptor v “SSL_Write()—Write Data to an SSL-Enabled Socket Descriptor” on page 97—Write Data to an SSL-Enabled Socket Descriptor API introduced: V4R3 Top | UNIX-Type APIs | APIs by category SSL_Init_Application()—Initialize the Current Job for SSL Processing Based on the Application Identifier Syntax #include int SSL_Init_Application(SSLInitApp* init_app) Service Program Name: QSOSSLSR Default Public Authority: *USE Threadsafe: Yes The SSL_Init_Application() function is used to establish the SSL security information to be used for all SSL sessions for the current job based on the specified application identifier. The SSL_Init_Application() API uses the application identifier to determine and then establish the certificate and the associated public and private key information for use by the SSL handshake protocol processing when acting as a server or when acting as a client. The certificate and key information is needed by an application that is acting as a client in the situaitons where the client is connecting to a server which has enabled and requires client authentication. Parameters SSLInitApp * init_app (input) The pointer to an SSLInitApp value. SSLInitApp is a typedef for a buffer of type struct SSLInitAppStr. In , struct SSLInitAppStr is defined as the following: 84 System i: Programming Secure Sockets APIs
struct SSLInitAppStr { /* SSLInitAppStr */ char* applicationID; /* application id value */ unsigned int applicationIDLen; /* length of application id */ char* localCertificate; /* local certificate */ unsigned int localCertificateLen; /* ength of local certificate */ unsigned short int* cipherSuiteList; /* List of cipher suites */ unsigned int cipherSuiteListLen; /* number of entries in the cipher suites list */ unsigned int sessionType; /* the type of application as registered */ unsigned int reserved1; /* reserved - must be 0 */ unsigned int protocol; /* SSL protocol version */ unsigned int timeout; /* cache timeout (seconds) */ char reserved[12]; /* reserved - must be NULL (0s)*/ }; The fields within the SSLInitApp structure as pointed to by init_app are defined as follows: char *applicationID (input) A pointer to a null terminated character string identifying the application identifier value that was used to register the application using the Register Application for Certificate Use, (OPM, QSYRGAP; ILE, QsyRegisterAppForCertUse) API. See the Register Application for Certificate Use API for information about the format and values allowed for the application identifier. char *applicationIDLen (input) The number of characters in the application identifier string as specified by the applicationID parameter. char *localCertificate (input) On input, the localCertificate pointer must be set to point to storage that has been allocated by the calling application that will be used on output to contain the application’s registered local certificate. If a certificate is not to be returned then set this pointer’s value to NULL and the localCertificateLen value to zero (0). The storage should be large enough to accomodate the size of the certificate. Most certificates are less than 2K in length. On output, the localCertificate pointer will not be changed, though the storage it points to will contain the registered application’s certificate. The certificate will be the one registered for that application by the Register Application for Certificate Use (OPM, QSYRGAP; ILE, QsyRegisterAppForCertUse) API. See the Register Application for Certificate Use API for information about the format and values allowed for the application identifier. unsigned int localCertificateLen (input) On input, this value must equal the number of characters available in the storage pointed to by the localCertificate pointer. Set this value to 0 if you do not want a certificate returned by this API. On output, this value is equal to the length of the certificate. If the certificate will not fit into the storage provided, then this value will be set to the length required to contain the certificate. unsigned short int* cipherSuiteList (input) A pointer to the cipher specification list to be used during the SSL handshake protocol for this job. This list is a string of concatenated cipher specification values. A cipher specification value is an unsigned short integer. Any value provided will override any values provided by a previous SSL_Init_Application() API or SSL_Init() API or the system default cipher specification list if the previous SSL_Init_Application() API or SSL_Init() API did not provide a cipher specification list. A value of NULL for this parameter indicates one of the following: v Use the cipher specification list provided by a previous SSL_Init_Application() API or SSL_Init() API Secure Sockets APIs 85
Page 1:
System i Programming Secure Sockets
Page 4 and 5:
Note Before using this information
Page 6 and 7:
Related Information . . . . . . . .
Page 8 and 9:
vi System i: Programming Secure Soc
Page 10 and 11:
APIs These are the APIs for this ca
Page 12 and 13:
ufID (Input) The following values c
Page 14 and 15:
v GSK_CONNECT_CIPHER_SPEC v GSK_SID
Page 16 and 17:
[GSK_INSUFFICIENT_STORAGE] Not able
Page 18 and 19:
gsk_attribute_get_enum()—Get enum
Page 20 and 21:
secure session does not start, and
Page 22 and 23:
API introduced: V5R1 Top | UNIX-Typ
Page 24 and 25:
v GSK_FD v GSK_HANDSHAKE_TIMEOUT v
Page 26 and 27:
[GSK_INVALID_STATE] One of the foll
Page 28 and 29:
8. If GSK_OS400_APPLICATION_ID is s
Page 30 and 31:
if validation fails because the cer
Page 32 and 33:
gsk_attribute_set_enum()—Set enum
Page 34 and 35:
active secure sessions will continu
Page 36 and 37:
gsk_attribute_set_numeric_value()
Page 38 and 39:
v GSK_V3_SIDCACHE_SIZE v GSK_LDAP_S
Page 40 and 41:
v “gsk_secure_soc_init()—Negoti
Page 42 and 43: [ETERM] Operation terminated. If an
Page 44 and 45: 2. v GSK_SESSION_TYPE set to GSK_CL
Page 46 and 47: Error Messages Message ID Error Mes
Page 48 and 49: [GSK_AS400_ERROR_INVALID_POINTER] T
Page 50 and 51: attributes. In most cases, as resul
Page 54 and 55: v “gsk_secure_soc_misc()—Perfor
Page 56 and 57: matched sets. If a client applicati
Page 58 and 59: Authorities Authorization of *R (al
Page 60 and 61: gsk_secure_soc_startRecv()—Start
Page 62 and 63: The handle specified was not valid.
Page 64 and 65: v “gsk_secure_soc_misc()—Perfor
Page 66 and 67: Authorities No authorization is req
Page 68 and 69: 6. Socket option SO_SNDTIMEO is not
Page 70 and 71: [EPIPE] [EUNATCH] The specified des
Page 72 and 73: Example The following example shows
Page 74 and 75: Qlg_Path_Name_T *keyringFileName (i
Page 76 and 77: v The CCSID specified in the keyrin
Page 78 and 79: unsigned protocol; /* SSL protocol
Page 80 and 81: Service Program Name: QSOSSLSR Defa
Page 82 and 83: Related Information v “SSL_Create
Page 84 and 85: unsigned int cipherSuiteListLen The
Page 86 and 87: [EBADF] [EBUSY] Permission denied.
Page 88 and 89: ignore attempts by applications to
Page 90 and 91: C Constant System Value TLS_RSA_WIT
Page 94 and 95: v Use the system default cipher spe
Page 96 and 97: An error occurred in SSL processing
Page 98 and 99: Parameters int sslreturnvalue (Inpu
Page 100 and 101: Parameters SSLHandle* handle (input
Page 102 and 103: [EUNATCH] [EUNKNOWN] The protocol r
Page 104 and 105: Authorities No authorization is req
Page 106 and 107: struct SSLHandleStr { /* SSLHandleS
Page 110 and 111: Name of Header File Name of File in
Page 112 and 113: Name Value Text Details ENOTWRITE 3
Page 114 and 115: Name Value Text Details EHOSTDOWN 3
Page 116 and 117: Name Value Text Details EISDIR 3471
Page 118 and 119: Name Value Text Details EBADFID 351
Page 120 and 121: CONDITIONS OF MERCHANTABILITY, FITN
Page 122 and 123: IBM Corporation Software Interopera
Page 124 and 125: SAA SecureWay SOM System i System i
Page 126: 118 System i: Programming Secure So
show all

System i: Programming Secure Sockets APIs - IBM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?