z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_attribute_get_enum()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Gets an enumerated value.

Format

   #include <gskssl.h>

   gsk_status gsk_attribute_get_enum (
                                       gsk_handle           ssl_handle,
                                       GSK_ENUM_ID          enum_id,
                                       GSK_ENUM_VALUE *     enum_value)

Parameters

ssl_handle
Specifies an SSL environment handle that is returned by gsk_environment_open() or an SSL connection handle that is returned by gsk_secure_socket_open().
enum_id
Specifies the enumeration identifier.
enum_value
Returns the enumeration value.

Results

The function return value is 0 (GSK_OK) if no error is detected. Otherwise, it is one of the return codes that are listed in the gskssl.h include file. These are some possible errors:
[GSK_ATTRIBUTE_INVALID_ID]
The enumeration identifier is not valid or cannot be used with the specified handle.
[GSK_INVALID_HANDLE]
The handle is not valid.
[GSK_INVALID_STATE]
The environment is closed or the SSL connection is established.

Usage

The gsk_attribute_get_enum() routine returns an enumerated value for an SSL environment or an SSL connection.

These enumeration identifiers are supported:
GSK_CERT_VALIDATE_KEYRING_ROOT
Returns the setting of how certificates in a SAF key ring are validated. Returns GSK_CERT_VALIDATE_KEYRING_ROOT_ON if SAF key ring certificates must be validated to the root CA certificate. Returns GSK_CERT_VALIDATE_KEYRING_ROOT_OFF if SAF key ring certificates are only validated to the trust anchor certificate. If a sole intermediate certificate is found in a SAF key ring and the next issuer is not found in the same SAF key ring, the intermediate certificate acts as a trust anchor and the certificate chain is considered complete. GSK_CERT_VALIDATE_KEYRING_ROOT can only be specified for an SSL environment.
GSK_CERT_VALIDATION_MODE
Returns the certificate validation mode setting. Returns GSK_CERT_VALIDATION_MODE_2459 if certificate validation is based on the RFC 2459 method, GSK_CERT_VALIDATION_MODE_3280 if certificate validation is based on the RFC 3280 method, and GSK_CERT_VALIDATION_MODE_5280 if certificate validation is based on the RFC 5280 method. Returns GSK_CERT_VALIDATION_MODE_ANY if certificate validation can use any supported X.509 certificate validation method. GSK_CERT_VALIDATION_MODE can only be specified for an SSL environment.
GSK_CLIENT_AUTH_ALERT
Returns GSK_CLIENT_AUTH_NOCERT_ALERT_OFF if the SSL server application is configured to allow client connections where client authentication is requested and the client failed to supply an X.509 certificate. Returns GSK_CLIENT_AUTH_NOCERT_ALERT_ON if the SSL server application is configured to terminate client connections where client authentication is requested and the client failed to supply an X.509 certificate. GSK_CLIENT_AUTH_ALERT can be specified only for an SSL environment.
GSK_CLIENT_AUTH_TYPE
Returns GSK_CLIENT_AUTH_FULL_TYPE if received certificates are validated by the System SSL runtime and GSK_CLIENT_AUTH_PASSTHRU_TYPE otherwise. GSK_CLIENT_AUTH_TYPE can be specified only for an SSL environment.
GSK_CRL_SECURITY_LEVEL
Returns the level of security that is set for the SSL environment when contact is attempted between the application and an LDAP server that might contain a Certificate Revocation List (CRL). GSK_CRL_SECURITY_LEVEL can be specified only for an SSL environment.
One of the three possible settings for GSK_CRL_SECURITY_LEVEL are returned:
  • GSK_CRL_SECURITY_LEVEL_LOW - Certificate validation does not fail if the LDAP server cannot be contacted.
  • GSK_CRL_SECURITY_LEVEL_MEDIUM - Certificate validation requires the LDAP server to be contactable, but does not require a CRL to be defined. This is the default setting.
  • GSK_CRL_SECURITY_LEVEL_HIGH - Certificate validation requires the LDAP server to be contactable, and a CRL to be defined.
GSK_EXTENDED_RENEGOTIATION_INDICATOR
Returns GSK_EXTENDED_RENEGOTIATION_INDICATOR_OPTIONAL if renegotiation indication is not required during the initial SSL V3 or TLS handshake. This is the default.

Returns GSK_EXTENDED_RENEGOTIATION_INDICATOR_CLIENT if the client initial handshake is allowed to proceed only if the server indicates support for RFC 5746 renegotiation.

Returns GSK_EXTENDED_RENEGOTIATION_INDICATOR_SERVER if the server initial handshake is allowed to proceed only if the client indicates support for RFC 5746 renegotiation.

Returns GSK_EXTENDED_RENEGOTIATION_INDICATOR_BOTH if the server and client initial handshakes are allowed to proceed only if partner indicates support for RFC 5746 renegotiation.

GSK_EXTENDED_RENEGOTIATION_INDICATOR can only be specified for an SSL environment.

GSK_PROTOCOL_SSLV2
Returns GSK_PROTOCOL_SSLV2_ON if the SSL Version 2 protocol is enabled and GSK_PROTOCOL_SSLV2_OFF if the SSL Version 2 protocol is not enabled. GSK_PROTOCOL_SSLV2 can be specified for an SSL environment or an SSL connection.
GSK_PROTOCOL_SSLV3
Returns GSK_PROTOCOL_SSLV3_ON if the SSL Version 3 protocol is enabled and GSK_PROTOCOL_SSLV3_OFF if the SSL Version 3 protocol is not enabled. GSK_PROTOCOL_SSLV3 can be specified for an SSL environment or an SSL connection.
GSK_PROTOCOL_TLSV1
Returns GSK_PROTOCOL_TLSV1_ON if the TLS Version 1 protocol is enabled and GSK_PROTOCOL_TLSV1_OFF if the TLS Version 1 protocol is not enabled. GSK_PROTOCOL_TLSV1 can be specified for an SSL environment or an SSL connection.
GSK_PROTOCOL_TLSV1_1
Returns GSK_PROTOCOL_TLSV1_1_ON if the TLS Version 1.1 protocol is enabled and GSK_PROTOCOL_TLSV1_1_OFF if the TLS Version 1.1 protocol is not enabled. GSK_PROTOCOL_TLSV1_1 can be specified for an SSL environment or an SSL connection.
GSK_PROTOCOL_TLSV1_2
Returns GSK_PROTOCOL_TLSV1_2_ON if the TLS Version 1.2 protocol is enabled and GSK_PROTOCOL_TLSV1_2_OFF if the TLS Version 1.2 protocol is not enabled. GSK_PROTOCOL_TLSV1_2 can be specified for an SSL environment or an SSL connection.
GSK_PROTOCOL_USED
Returns GSK_PROTOCOL_USED_SSLV2 if the SSL Version 2 protocol was used to establish the connection, GSK_PROTOCOL_USED_SSLV3 if the SSL Version 3 protocol was used to establish the connection, GSK_PROTOCOL_USED_TLSV1 if the TLS Version 1.0 protocol was used to establish the connection, GSK_PROTOCOL_USED_TLSV1_1 if the TLS Version 1.1 protocol was used to establish the connection, or GSK_PROTOCOL_USED_TLSV1_2 if the TLS Version 1.2 protocol was used to establish the connection. GSK_NULL is returned if a connection is not established. GSK_PROTOCOL_USED can be specified only for an SSL connection.
GSK_RENEGOTIATION

Returns GSK_RENEGOTIATION_NONE if SSL V3 and TLS handshake renegotiation as a server is disabled, while RFC 5746 renegotiation is allowed. This is the default.

Returns GSK_RENEGOTIATION_DISABLED if SSL V3 and TLS handshake renegotiation, including RFC 5746 renegotiation, is disabled.

Returns GSK_RENEGOTIATION_ALL if SSL V3 and TLS handshake renegotiation as a server is enabled.

Returns GSK_RENEGOTIATION_ABBREVIATED if SSL V3 and TLS abbreviated handshake renegotiation for resuming the current session only is permitted as a server. RFC 5746 renegotiation is also allowed.

GSK_RENEGOTIATION can only be specified for an SSL environment.

GSK_RENEGOTIATION_PEER_CERT_CHECK
Returns GSK_RENEGOTIATION_PEER_CERT_CHECK_OFF if an identity check against the peer's certificate is not performed during renegotiation. This is the default.

Returns GSK_RENEGOTIATION_PEER_CERT_CHECK_ON if a comparison is performed against the peer's certificate to ensure that certificate does not change during renegotiation.

GSK_RENEGOTIATION_PEER_CERT_CHECK can only be specified for an SSL environment.

GSK_SESSION_TYPE
Returns GSK_CLIENT_SESSION if the SSL handshake is to be performed as a client, GSK_SERVER_SESSION if the SSL handshake is to be performed as a server, or GSK_SERVER_SESSION_WITH_CL_AUTH if the SSL handshake is to be performed as a server requiring client authentication. GSK_SESSION_TYPE can be specified for an SSL environment or an SSL connection.
GSK_SID_FIRST
Returns GSK_SID_IS_FIRST if a full SSL handshake was performed to establish the connection or GSK_SID_NOT_FIRST if an existing session was used to establish the connection. GSK_NULL is returned if a connection is not established. GSK_SID_FIRST can be specified only for an SSL connection.
GSK_SUITE_B_PROFILE
Returns the Suite B for TLS profile setting. Returns:
  • GSK_SUITE_B_PROFILE_128 if the 128-bit Suite B security profile is being applied by the SSL client or server to TLS sessions.
  • GSK_SUITE_B_PROFILE_192 if the 192-bit Suite B security profile is being applied by the SSL client or server to TLS sessions.
  • GSK_SUITE_B_PROFILE_ALL if either the 128-bit or 192-bit Suite B security profile is allowed by the SSL client or server for TLS sessions.
  • GSK_SUITE_B_PROFILE_OFF if there is no Suite B security profile being applied by the SSL client or server to TLS sessions.
GSK_SUITE_B_PROFILE can only be specified for an SSL environment.
GSK_SYSPLEX_SIDCACHE
Returns GSK_SYSPLEX_SIDCACHE_ON if sysplex session caching is enabled for this application or GSK_SYSPLEX_SIDCACHE_OFF if sysplex session caching is not enabled. GSK_SYSPLEX_SIDCACHE can be specified only for an SSL environment.
GSK_TLSEXT_MFL
Returns GSK_TLSEXT_MFL_OFF if the "Maximum Fragment Length" type TLS extension is not negotiated, and the SSL connection is therefore using the default fragment length (16384 bytes). Returns GSK_TLSEXT_MFL_512, GSK_TLSEXT_MFL_1024, GSK_TLSEXT_MFL_2048 or GSK_TLSEXT_MFL_4096 if the "Maximum Fragment Length" type TLS extension is negotiated, where the returned value reflects the negotiated maximum fragment length. GSK_TLSEXT_MFL can be specified only for an SSL connection.
GSK_TLSEXT_THMAC
Returns GSK_TLSEXT_THMAC_ON if the "Truncated HMAC" type TLS extension is negotiated and is in use. Returns GSK_TLSEXT_THMAC_OFF if the "Truncated HMAC" type TLS extension is not negotiated. GSK_TLSEXT_MFL can be specified only for an SSL connection.
GSK_TLSEXT_SNI
Returns GSK_TLSEXT_SNI_ON if the "Server Name Indication" type TLS extension is negotiated and is in use. Returns GSK_TLSEXT_SNI_OFF if the "Server Name Indication" type TLS extension is not negotiated. GSK_TLSEXT_SNI can be specified only for an SSL connection.
GSK_T61_AS_LATIN1
Returns GSK_T61_AS_LATIN1_ON if the ISO8859-1 character set is used when converting a string tagged as TELETEXSTRING or GSK_T61_AS_LATIN1_OFF if the T.61 character set is used. GSK_T61_AS_LATIN1 can be specified only for an SSL environment. The GSK_T61_AS_LATIN1 setting is global and applies to all SSL environments.
GSK_V3_CIPHERS
Returns the V3 cipher specification size. When 2 characters in size; GSK_V3_CIPHERS_CHAR2 is returned. When 4 characters in size; GSK_V3_CIPHERS_CHAR4 is returned. GSK_V3_CIPHERS can be specified for an SSL environment or an SSL connection.

Related Topics

gsk_attribute_set_enum()

gsk_environment_open()

gsk_secure_socket_open()

Parent topic: API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014