gsk_attribute_get_cert_info()--Get information about a local or partner certificate

Syntax

 #include <gskssl.h>

 int gsk_attribute_get_cert_info(gsk_handle my_gsk_handle,
                                 GSK_CERT_ID certID,
                                 const gsk_cert_data_elem **certDataElem,  
                                 int *certDataElemCount);

  Service Program Name: QSYS/QSOSSLSR

  Default Public Authority: *USE

  Threadsafe: Yes

The gsk_attribute_get_cert_info() function is used to obtain specific information about either the server or client certificate for a secure session or an SSL environment.

Parameters

my_gsk_handle (Input)

Indicates one of the following handles:

The handle for the secure session. (my_session_handle)
The handle for the SSL environment. (my_env_handle)

certID (Input)

Indicates one of the following:

GSK_LOCAL_CERT_INFO (701) - Retrieve certificate data information for the local certificate that may be sent to the remote connection. This can be retrieved using the SSL environment handle or the secure session handle.
GSK_PARTNER_CERT_INFO (700) - Retrieve certificate data information for the partner certificate that may have been received during the SSL handshake. This can only be retrieved using the secure session handle.

certDataElem (Output)

The address of a pointer to the certificate information returned from this function call. On output, certDataElem will contain the pointer to the information. The storage for this information was allocated by the system from user heap storage and will be freed by the gsk_secure_soc_close() API or the gsk_environment_close() API.

certDataElemCount (Output)

A pointer to an integer that will contain the number of certificate data elements returned from this function call.

Authorities

No authorization is required.

Return Value

gsk_attribute_get_cert_info() returns an integer. Possible values are:

[GSK_OK]

gsk_attribute_get_cert_info() was successful.

[GSK_ATTRIBUTE_INVALID_ID]

The specified certID was not valid.

[GSK_INVALID_HANDLE]

The handle passed in to this function was not valid.

[GSK_INVALID_STATE]

One of the following occurred:

A SSL environment handle was specified with a certID of GSK_LOCAL_CERT_INFO before a gsk_environment_init() has been issued.
A secure session handle was specified before a gsk_secure_soc_init() has been issued.

[GSK_AS400_ERROR_INVALID_POINTER]

The certDataElem or certDataElemCount pointer is not valid.

[GSK_INSUFFICIENT_STORAGE]

Not able to allocate storage for the requested operation.

[GSK_ERROR_IO]

An error occurred in SSL processing, check the errno value.

Error Conditions

When the gsk_attribute_get_cert_info() API fails with return code [GSK_ERROR_IO], errno can be set to:

[EINTR]: Interrupted function call.
[EDEADLK]: Resource deadlock avoided.
[ETERM]: Operation terminated.

If an errno is returned that is not in this list, look in Errno Values for UNIX^®-Type Functions for a description of the errno.

Usage Notes

After gsk_attribute_get_cert_info() returns with a GSK_OK return value, certDataElem points to an array of structures of type gsk_cert_data_elem. The following structure is the gsk_cert_data_elem structure:
```
typedef struct gsk_cert_data_elem_t
{
  GSK_CERT_DATA_ID cert_data_id;
  char *cert_data_p;
  int cert_data_l;

} gsk_cert_data_elem;
```
Each element consists of the following fields:
- cert_data_id is the identifier for each element of the certificate. The following are the valid identifiers:
  - CERT_BODY_DER (600)
  - CERT_BODY_BASE64 (601)
  - CERT_SERIAL_NUMBER (602)
  - CERT_COMMON_NAME (610)
  - CERT_LOCALITY (611)
  - CERT_STATE_OR_PROVINCE (612)
  - CERT_COUNTRY (613)
  - CERT_ORG (614)
  - CERT_ORG_UNIT (615)
  - CERT_DN_PRINTABLE (616)
  - CERT_DN_DER (617)
  - CERT_POSTAL_CODE (618)
  - CERT_EMAIL (619)
  - CERT_ISSUER_COMMON_NAME (650)
  - CERT_ISSUER_LOCALITY (651)
  - CERT_ISSUER_STATE_OR_PROVINCE (652)
  - CERT_ISSUER_COUNTRY (653)
  - CERT_ISSUER_ORG (654)
  - CERT_ISSUER_ORG_UNIT (655)
  - CERT_ISSUER_DN_PRINTABLE (656)
  - CERT_ISSUER_DN_DER (657)
  - CERT_ISSUER_POSTAL_CODE (658)
  - CERT_ISSUER_EMAIL (659)
  - CERT_VERSION (660)
  - CERT_VALID_FROM (662)
  - CERT_VALID_TO (663)
  - CERT_PUBLIC_KEY_ALGORITHM (664)
  - CERT_ISSUER_UNIQUEID (669)
  - CERT_SUBJECT_UNIQUEID (670)
  - CERT_SUBJECT_ALTERNATIVE_NAME_RFC822NAME (672)
  - CERT_VALID_FROM_EX (681)
  - CERT_VALID_TO_EX (682)
- cert_data_p points to the specific certificate data.
- cert_data_l contains the length of the data element.
Many fields are character strings and are terminated with a trailing null. The length does not include the null.
Other fields (CERT_BODY_DER, CERT_DN_DER, and so on) may have imbedded nulls and therefore must use the integer length for processing.
Not all certificates contain all fields, so the number of fields returned depends on the certificate being processed. This open-ended approach means new fields can be added from time to time without disrupting existing usage.
All certificate data is returned in ASCII CCSID 850.
You can reference the certDataElem pointers as long as the handle for the secure session or SSL environment is open.

Related Information

gsk_attribute_get_buffer()--Get character information about a secure session or a SSL environment
gsk_attribute_get_enum()--Get enumerated information about a secure session or an SSL environment.
gsk_attribute_get_numeric_value()--Get numeric information about a secure session or an SSL environment
gsk_environment_close()--Close the SSL environment
gsk_environment_init()--Initialize an SSL environment
gsk_environment_open()--Get a handle for an SSL environment
gsk_secure_soc_close()--Close a secure session
gsk_secure_soc_init()--Negotiate a secure session
gsk_secure_soc_misc()--Perform miscellaneous functions for a secure session
gsk_secure_soc_open()--Get a handle for a secure session
gsk_strerror()--Retrieve GSK runtime error message

API introduced: V5R1

Top | UNIX-Type APIs | APIs by category