gsk_attribute_get_cert_info()--Get information about a local or partner
certificate
Syntax
#include <gskssl.h>
int gsk_attribute_get_cert_info(gsk_handle my_gsk_handle,
GSK_CERT_ID certID,
const gsk_cert_data_elem **certDataElem,
int *certDataElemCount);
Service Program Name: QSYS/QSOSSLSR
Default Public Authority: *USE
Threadsafe: Yes
The gsk_attribute_get_cert_info() function is used to
obtain specific information about either the server or client certificate for a
secure session or an SSL environment.
Parameters
my_gsk_handle (Input)
Indicates one of the following handles:
The handle for the secure session. (my_session_handle)
The handle for the SSL environment. (my_env_handle)
certID (Input)
Indicates one of the following:
GSK_LOCAL_CERT_INFO (701) - Retrieve certificate data
information for the local certificate that may be sent to the remote
connection. This can be retrieved using the SSL environment handle or the
secure session handle.
GSK_PARTNER_CERT_INFO (700) - Retrieve certificate data
information for the partner certificate that may have been received during the
SSL handshake. This can only be retrieved using the secure session handle.
certDataElem (Output)
The address of a pointer to the certificate information returned from this
function call. On output, certDataElem will contain the pointer to the
information. The storage for this information was allocated by the system from
user heap storage and will be freed by the
gsk_secure_soc_close() API or the
gsk_environment_close() API.
certDataElemCount (Output)
A pointer to an integer that will contain the number of certificate data
elements returned from this function call.
Authorities
No authorization is required.
Return Value
gsk_attribute_get_cert_info() returns an integer. Possible
values are:
[GSK_OK]
gsk_attribute_get_cert_info() was successful.
[GSK_ATTRIBUTE_INVALID_ID]
The specified certID was not valid.
[GSK_INVALID_HANDLE]
The handle passed in to this function was not valid.
[GSK_INVALID_STATE]
One of the following occurred:
A SSL environment handle was specified with a certID of
GSK_LOCAL_CERT_INFO before a gsk_environment_init() has been
issued.
A secure session handle was specified before a
gsk_secure_soc_init() has been
issued.
[GSK_AS400_ERROR_INVALID_POINTER]
The certDataElem or certDataElemCount pointer is not
valid.
[GSK_INSUFFICIENT_STORAGE]
Not able to allocate storage for the requested operation.
[GSK_ERROR_IO]
An error occurred in SSL processing, check the errno value.
Error Conditions
When the gsk_attribute_get_cert_info() API fails with
return code [GSK_ERROR_IO], errno can be set to:
After gsk_attribute_get_cert_info() returns with a GSK_OK
return value, certDataElem points to an array of structures of type
gsk_cert_data_elem. The following structure is the
gsk_cert_data_elem structure:
cert_data_id is the identifier for each element of the
certificate. The following are the valid identifiers:
CERT_BODY_DER (600)
CERT_BODY_BASE64 (601)
CERT_SERIAL_NUMBER (602)
CERT_COMMON_NAME (610)
CERT_LOCALITY (611)
CERT_STATE_OR_PROVINCE (612)
CERT_COUNTRY (613)
CERT_ORG (614)
CERT_ORG_UNIT (615)
CERT_DN_PRINTABLE (616)
CERT_DN_DER (617)
CERT_POSTAL_CODE (618)
CERT_EMAIL (619)
CERT_ISSUER_COMMON_NAME (650)
CERT_ISSUER_LOCALITY (651)
CERT_ISSUER_STATE_OR_PROVINCE (652)
CERT_ISSUER_COUNTRY (653)
CERT_ISSUER_ORG (654)
CERT_ISSUER_ORG_UNIT (655)
CERT_ISSUER_DN_PRINTABLE (656)
CERT_ISSUER_DN_DER (657)
CERT_ISSUER_POSTAL_CODE (658)
CERT_ISSUER_EMAIL (659)
CERT_VERSION (660)
CERT_VALID_FROM (662)
CERT_VALID_TO (663)
CERT_PUBLIC_KEY_ALGORITHM (664)
CERT_ISSUER_UNIQUEID (669)
CERT_SUBJECT_UNIQUEID (670)
CERT_SUBJECT_ALTERNATIVE_NAME_RFC822NAME (672)
CERT_VALID_FROM_EX (681)
CERT_VALID_TO_EX (682)
cert_data_p points to the specific certificate data.
cert_data_l contains the length of the data element.
Many fields are character strings and are terminated with a trailing null.
The length does not include the null.
Other fields (CERT_BODY_DER, CERT_DN_DER, and so on) may have imbedded
nulls and therefore must use the integer length for processing.
Not all certificates contain all fields, so the number of fields returned
depends on the certificate being processed. This open-ended approach means new
fields can be added from time to time without disrupting existing usage.
All certificate data is returned in ASCII CCSID 850.
You can reference the certDataElem pointers as long as the handle
for the secure session or SSL environment is open.