Gets
an enumerated value.
Format
#include <gskssl.h>
gsk_status gsk_attribute_get_enum (
gsk_handle ssl_handle,
GSK_ENUM_ID enum_id,
GSK_ENUM_VALUE * enum_value)
Parameters
- ssl_handle
- Specifies an SSL environment handle that is returned by gsk_environment_open() or
an SSL connection handle that is returned by gsk_secure_socket_open().
- enum_id
- Specifies the enumeration identifier.
- enum_value
- Returns the enumeration value.
Results
The function return value is 0 (
GSK_OK)
if no error is detected. Otherwise, it is one of the return codes
that are listed in the
gskssl.h include file. These are some
possible errors:
- [GSK_ATTRIBUTE_INVALID_ID]
- The enumeration identifier is not valid or cannot be used with
the specified handle.
- [GSK_INVALID_HANDLE]
- The handle is not valid.
- [GSK_INVALID_STATE]
- The environment is closed or the SSL connection is established.
Usage
The gsk_attribute_get_enum() routine
returns an enumerated value for an SSL environment or an SSL connection.
These
enumeration identifiers are supported:
- GSK_CERT_VALIDATE_KEYRING_ROOT
- Returns the setting of how certificates in a SAF key ring are
validated. Returns GSK_CERT_VALIDATE_KEYRING_ROOT_ON if SAF key
ring certificates must be validated to the root CA certificate. Returns
GSK_CERT_VALIDATE_KEYRING_ROOT_OFF if SAF key ring certificates
are only validated to the trust anchor certificate. If a sole intermediate
certificate is found in a SAF key ring and the next issuer is not
found in the same SAF key ring, the intermediate certificate acts
as a trust anchor and the certificate chain is considered complete.
GSK_CERT_VALIDATE_KEYRING_ROOT can only be specified for an SSL environment.
- GSK_CERT_VALIDATION_MODE
- Returns the certificate validation mode setting. Returns GSK_CERT_VALIDATION_MODE_2459
if certificate validation is based on the RFC 2459 method, GSK_CERT_VALIDATION_MODE_3280
if certificate validation is based on the RFC 3280 method, and GSK_CERT_VALIDATION_MODE_5280
if certificate validation is based on the RFC 5280 method. Returns
GSK_CERT_VALIDATION_MODE_ANY if certificate validation can use any
supported X.509 certificate validation method. GSK_CERT_VALIDATION_MODE
can only be specified for an SSL environment.
- GSK_CLIENT_AUTH_ALERT
- Returns GSK_CLIENT_AUTH_NOCERT_ALERT_OFF if the SSL server
application is configured to allow client connections where client
authentication is requested and the client failed to supply an X.509
certificate. Returns GSK_CLIENT_AUTH_NOCERT_ALERT_ON if the
SSL server application is configured to terminate client connections
where client authentication is requested and the client failed to
supply an X.509 certificate. GSK_CLIENT_AUTH_ALERT can be specified
only for an SSL environment.
- GSK_CLIENT_AUTH_TYPE
- Returns GSK_CLIENT_AUTH_FULL_TYPE if received certificates are
validated by the System SSL runtime and GSK_CLIENT_AUTH_PASSTHRU_TYPE
otherwise. GSK_CLIENT_AUTH_TYPE can be specified only for an SSL environment.
- GSK_CRL_SECURITY_LEVEL
- Returns the level of security that is set for the SSL environment
when contact is attempted between the application and an LDAP server
that might contain a Certificate Revocation List (CRL). GSK_CRL_SECURITY_LEVEL
can be specified only for an SSL environment.
One of the three possible
settings for GSK_CRL_SECURITY_LEVEL are returned:
- GSK_CRL_SECURITY_LEVEL_LOW - Certificate validation does not fail
if the LDAP server cannot be contacted.
- GSK_CRL_SECURITY_LEVEL_MEDIUM - Certificate validation requires
the LDAP server to be contactable, but does not require a CRL to be
defined. This is the default setting.
- GSK_CRL_SECURITY_LEVEL_HIGH - Certificate validation requires
the LDAP server to be contactable, and a CRL to be defined.
- GSK_EXTENDED_RENEGOTIATION_INDICATOR
- Returns GSK_EXTENDED_RENEGOTIATION_INDICATOR_OPTIONAL if renegotiation
indication is not required during the initial SSL V3 or TLS handshake.
This is the default.
Returns GSK_EXTENDED_RENEGOTIATION_INDICATOR_CLIENT
if the client initial handshake is allowed to proceed only if the
server indicates support for RFC 5746 renegotiation.
Returns
GSK_EXTENDED_RENEGOTIATION_INDICATOR_SERVER if the server initial
handshake is allowed to proceed only if the client indicates support
for RFC 5746 renegotiation.
Returns GSK_EXTENDED_RENEGOTIATION_INDICATOR_BOTH
if the server and client initial handshakes are allowed to proceed
only if partner indicates support for RFC 5746 renegotiation.
GSK_EXTENDED_RENEGOTIATION_INDICATOR
can only be specified for an SSL environment.
- GSK_PROTOCOL_SSLV2
- Returns GSK_PROTOCOL_SSLV2_ON if the SSL Version 2 protocol is
enabled and GSK_PROTOCOL_SSLV2_OFF if the SSL Version 2 protocol is
not enabled. GSK_PROTOCOL_SSLV2 can be specified for an SSL environment
or an SSL connection.
- GSK_PROTOCOL_SSLV3
- Returns GSK_PROTOCOL_SSLV3_ON if the SSL Version 3 protocol is
enabled and GSK_PROTOCOL_SSLV3_OFF if the SSL Version 3 protocol is
not enabled. GSK_PROTOCOL_SSLV3 can be specified for an SSL environment
or an SSL connection.
- GSK_PROTOCOL_TLSV1
- Returns GSK_PROTOCOL_TLSV1_ON if the TLS Version 1 protocol is
enabled and GSK_PROTOCOL_TLSV1_OFF if the TLS Version 1 protocol is
not enabled. GSK_PROTOCOL_TLSV1 can be specified for an SSL environment
or an SSL connection.
- GSK_PROTOCOL_TLSV1_1
- Returns GSK_PROTOCOL_TLSV1_1_ON if the TLS Version 1.1 protocol
is enabled and GSK_PROTOCOL_TLSV1_1_OFF if the TLS Version 1.1 protocol
is not enabled. GSK_PROTOCOL_TLSV1_1 can be specified for an SSL
environment or an SSL connection.
- GSK_PROTOCOL_TLSV1_2
- Returns GSK_PROTOCOL_TLSV1_2_ON if the TLS Version 1.2 protocol
is enabled and GSK_PROTOCOL_TLSV1_2_OFF if the TLS Version 1.2 protocol
is not enabled. GSK_PROTOCOL_TLSV1_2 can be specified for an SSL environment
or an SSL connection.
- GSK_PROTOCOL_USED
- Returns GSK_PROTOCOL_USED_SSLV2 if the SSL Version 2 protocol
was used to establish the connection, GSK_PROTOCOL_USED_SSLV3 if the
SSL Version 3 protocol was used to establish the connection, GSK_PROTOCOL_USED_TLSV1
if the TLS Version 1.0 protocol was used to establish the connection,
GSK_PROTOCOL_USED_TLSV1_1 if the TLS Version 1.1 protocol was used
to establish the connection, or GSK_PROTOCOL_USED_TLSV1_2 if the
TLS Version 1.2 protocol was used to establish the connection. GSK_NULL
is returned if a connection is not established. GSK_PROTOCOL_USED
can be specified only for an SSL connection.
- GSK_RENEGOTIATION
Returns GSK_RENEGOTIATION_NONE if SSL V3 and TLS handshake
renegotiation as a server is disabled, while RFC 5746 renegotiation
is allowed. This is the default.
Returns GSK_RENEGOTIATION_DISABLED
if SSL V3 and TLS handshake renegotiation, including RFC 5746 renegotiation,
is disabled.
Returns GSK_RENEGOTIATION_ALL if SSL V3 and TLS
handshake renegotiation as a server is enabled.
Returns GSK_RENEGOTIATION_ABBREVIATED
if SSL V3 and TLS abbreviated handshake renegotiation for resuming
the current session only is permitted as a server. RFC 5746 renegotiation
is also allowed.
GSK_RENEGOTIATION can only be specified for
an SSL environment.
- GSK_RENEGOTIATION_PEER_CERT_CHECK
- Returns GSK_RENEGOTIATION_PEER_CERT_CHECK_OFF if an identity check
against the peer's certificate is not performed during renegotiation.
This is the default.
Returns GSK_RENEGOTIATION_PEER_CERT_CHECK_ON
if a comparison is performed against the peer's certificate to ensure
that certificate does not change during renegotiation.
GSK_RENEGOTIATION_PEER_CERT_CHECK
can only be specified for an SSL environment.
- GSK_SESSION_TYPE
- Returns GSK_CLIENT_SESSION if the SSL handshake is to be performed
as a client, GSK_SERVER_SESSION if the SSL handshake is to be performed
as a server, or GSK_SERVER_SESSION_WITH_CL_AUTH if the SSL handshake
is to be performed as a server requiring client authentication. GSK_SESSION_TYPE
can be specified for an SSL environment or an SSL connection.
- GSK_SID_FIRST
- Returns GSK_SID_IS_FIRST if a full SSL handshake was performed
to establish the connection or GSK_SID_NOT_FIRST if an existing session
was used to establish the connection. GSK_NULL is returned if a connection
is not established. GSK_SID_FIRST can be specified only for an SSL
connection.
- GSK_SUITE_B_PROFILE
- Returns the Suite B for TLS profile setting. Returns:
- GSK_SUITE_B_PROFILE_128 if the 128-bit Suite B security profile
is being applied by the SSL client or server to TLS sessions.
- GSK_SUITE_B_PROFILE_192 if the 192-bit Suite B security profile
is being applied by the SSL client or server to TLS sessions.
- GSK_SUITE_B_PROFILE_ALL if either the 128-bit or 192-bit Suite
B security profile is allowed by the SSL client or server for TLS
sessions.
- GSK_SUITE_B_PROFILE_OFF if there is no Suite B security profile
being applied by the SSL client or server to TLS sessions.
GSK_SUITE_B_PROFILE can only be specified for an SSL environment.
- GSK_SYSPLEX_SIDCACHE
- Returns GSK_SYSPLEX_SIDCACHE_ON if sysplex session caching is
enabled for this application or GSK_SYSPLEX_SIDCACHE_OFF if sysplex
session caching is not enabled. GSK_SYSPLEX_SIDCACHE can be specified
only for an SSL environment.
- GSK_TLSEXT_MFL
- Returns GSK_TLSEXT_MFL_OFF if the "Maximum Fragment Length" type
TLS extension is not negotiated, and the SSL connection is therefore
using the default fragment length (16384 bytes). Returns GSK_TLSEXT_MFL_512,
GSK_TLSEXT_MFL_1024, GSK_TLSEXT_MFL_2048 or GSK_TLSEXT_MFL_4096 if
the "Maximum Fragment Length" type TLS extension is negotiated, where
the returned value reflects the negotiated maximum fragment length.
GSK_TLSEXT_MFL can be specified only for an SSL connection.
- GSK_TLSEXT_THMAC
- Returns GSK_TLSEXT_THMAC_ON if the "Truncated HMAC" type TLS extension
is negotiated and is in use. Returns GSK_TLSEXT_THMAC_OFF if the "Truncated
HMAC" type TLS extension is not negotiated. GSK_TLSEXT_MFL can be
specified only for an SSL connection.
- GSK_TLSEXT_SNI
- Returns GSK_TLSEXT_SNI_ON if the "Server Name Indication" type
TLS extension is negotiated and is in use. Returns GSK_TLSEXT_SNI_OFF
if the "Server Name Indication" type TLS extension is not negotiated.
GSK_TLSEXT_SNI can be specified only for an SSL connection.
- GSK_T61_AS_LATIN1
- Returns GSK_T61_AS_LATIN1_ON if the ISO8859-1 character set is
used when converting a string tagged as TELETEXSTRING or GSK_T61_AS_LATIN1_OFF
if the T.61 character set is used. GSK_T61_AS_LATIN1 can be specified
only for an SSL environment. The GSK_T61_AS_LATIN1 setting is global
and applies to all SSL environments.
- GSK_V3_CIPHERS
- Returns the V3 cipher specification size. When 2 characters in
size; GSK_V3_CIPHERS_CHAR2 is returned. When 4 characters in size;
GSK_V3_CIPHERS_CHAR4 is returned. GSK_V3_CIPHERS can be specified
for an SSL environment or an SSL connection.