z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_attribute_get_data()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Returns information related to a certificate request.

Format

   #include <gskssl.h>

   gsk_status gsk_attribute_get_data ( 
                                       gsk_handle      soc_handle,
                                       GSK_DATA_ID     data_id, 
                                       void **         data_ptr)

Parameters

soc_handle
Specifies the connection handle returned by the gsk_secure_socket_open() routine.
data_id
Specifies the data identifier.
data_ptr
Returns the address of the requested data. The address will be NULL if the requested data is not available.

Results

The function return value will be 0 (GSK_OK) if no error is detected. Otherwise, it will be one of the return codes listed in the gskssl.h include file. These are some possible errors:
[GSK_ATTRIBUTE_INVALID_ID]
The data identifier is not valid.
[GSK_ERR_ASN]
Unable to decode certification authority name.
[GSK_ERR_ECURVE_NOT_SUPPORTED]
Elliptic Curve is not supported.
[GSK_ERR_ICSF_FIPS_DISABLED]
ICSF PKCS #11 services are disabled.
[GSK_ERR_ICSF_NOT_AVAILABLE]
ICSF services are not available.
[GSK_ERR_ICSF_SERVICE_FAILURE]
ICSF callable service returned an error.
[GSK_INSUFFICIENT_STORAGE]
Insufficient storage is available.
[GSK_INVALID_HANDLE]
The connection handle is not valid.
[GSK_INVALID_STATE]
The connection is not initialized.

Usage

The gsk_attribute_get_data() routine returns information related to a certificate request. The server sends a certificate request to the client as part of the client authentication portion of the SSL handshake. The connection must be in the initialized state.

These data identifiers are supported:
GSK_DATA_ID_SUPPORTED_KEYS
Returns a list of labels in the key database for certificates signed by a certification authority that is in the list provided by the server. A database entry is included in the list only if it has both a certificate and a private key. If executing in FIPS mode, the list only includes labels that can be used in FIPS mode. If using the TLS V1.2 protocol, the list includes only those certificates that use the key and signature algorithms supported by the server. The gsk_list_free() routine should be called to release the list when it is no longer needed.
GSK_DATA_ID_SERVER_ISSUERS
Returns a list of distinguished names of certification authorities provided by the server in the certificate request. The gsk_list_free() routine should be called to release the list when it is no longer needed.

Related Topics

gsk_list_free()

Parent topic: API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014