z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


gsk_get_cert_by_label()

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

Gets certificate information for a record label.

Format

   #include <gskssl.h>

   gsk_status gsk_get_cert_by_label (
                                      gsk_handle                ssl_handle,
                                      const char *              record_label,
                                      gsk_cert_data_elem **     cert_data,
                                      int *                     elem_count)

Parameters

ssl_handle
Specifies an SSL environment handle returned by gsk_environment_open() or an SSL connection handle returned by gsk_secure_socket_open().
record_label
Specifies the record label for the certificate.
cert_data
Returns the certificate data array. The gsk_free_cert_data() routine should be called to release the array when the certificate information is no longer needed.
elem_count
Returns the number of elements in the array of gsk_cert_data_elem structures.

Results

The function return value will be 0 (GSK_OK) if no error is detected. Otherwise, it will be one of the return codes listed in the gskssl.h include file. These are some possible errors:
[GSK_ERR_ASN]
Unable to decode certificate.
[GSK_ERR_MULTIPLE_LABEL]
Multiple certificates exist for label.
[GSK_INSUFFICIENT_STORAGE]
Insufficient storage is available.
[GSK_INVALID_HANDLE]
The handle is not valid.
[GSK_KEY_LABEL_NOT_FOUND]
The key record is not found.

Usage

The gsk_get_cert_by_label() routine returns certificate information for a record label. The supplied handle can be for an SSL environment or an SSL connection.

Each element of the certificate data array has an element identifier. The element identifiers used for a particular certificate depends upon the contents of the certificate. These element identifiers are currently provided:
CERT_BODY_BASE64
Certificate body in Base64-encoded format
CERT_BODY_DER
Certificate body in binary ASN.1 DER-encoded format
CERT_COMMON_NAME
Subject common name (CN)
CERT_COUNTRY
Subject country (C)
CERT_DN_DER
Subject distinguished name in binary ASN.1 DER-encoded format
CERT_DN_PRINTABLE
Subject distinguished name as a printable character string
These DN attribute names are recognized by the System SSL run time.
  • C - Country
  • CN - Common name
  • DC - Domain component
  • DNQUALIFIER - Distinguished name qualifier
  • EMAIL - email address
  • GENERATIONQUALIFIER - Generation qualifier
  • GIVENNAME - Given name
  • INITIALS - Initials
  • L - Locality
  • MAIL - RFC 822 style address
  • NAME - Name
  • O - Organization name
  • OU - Organizational unit name
  • PC - Postal code
  • SERIALNUMBER - Serial number
  • SN - Surname
  • ST - State or province
  • STREET - Street
  • T - Title
CERT_DNQUALIFIER
Subject distinguished name qualifier (DNQUALIFIER)
CERT_DOMAIN_COMPONENT
Subject domain component (DC)
CERT_EMAIL
Subject email address (EMAIL)
CERT_GENERATIONQUALIFIER
Subject generation qualifier (GENERATIONQUALIFIER)
CERT_GIVENNAME
Subject given name (GIVENNAME)
CERT_INITIALS
Subject initials (INITIALS)
CERT_ISSUER_COMMON_NAME
Issuer common name (CN)
CERT_ISSUER_COUNTRY
Issuer country (C)
CERT_ISSUER_DN_DER
Issuer distinguished name in binary ASN.1 DER-encoded format
CERT_ISSUER_DN_PRINTABLE
Issuer distinguished name as a printable character string
These DN attribute names are recognized by the System SSL run time.
  • C - Country
  • CN - Common name
  • DC - Domain component
  • DNQUALIFIER - Distinguished name qualifier
  • EMAIL - email address
  • GENERATIONQUALIFIER - Generation qualifier
  • GIVENNAME - Given name
  • INITIALS - Initials
  • L - Locality
  • MAIL - RFC 822 style address
  • NAME - Name
  • O - Organization name
  • OU - Organizational unit name
  • PC - Postal code
  • SERIALNUMBER - Serial number
  • SN - Surname
  • ST - State or province
  • STREET - Street
  • T - Title
CERT_ISSUER_DNQUALIFIER
Issuer distinguished name qualifier (DNQUALIFIER)
CERT_ISSUER_DOMAIN_COMPONENT
Issuer domain component (DC)
CERT_ISSUER_EMAIL
Issuer email address (EMAIL)
CERT_ISSUER_GENERATIONQUALIFIER
Issuer generation qualifier (GENERATIONQUALIFIER)
CERT_ISSUER_GIVENNAME
Issuer given name (GIVENNAME)
CERT_ISSUER_INITIALS
Issuer initials (INITIALS)
CERT_ISSUER_LOCALITY
Issuer locality (L)
CERT_ISSUER_MAIL
Issuer RFC 822 style address (MAIL)
CERT_ISSUER_NAME
Issuer name (NAME)
CERT_ISSUER_ORG
Issuer organization (O)
CERT_ISSUER_ORG_UNIT
Issuer organizational unit (OU)
CERT_ISSUER_POSTAL_CODE
Issuer postal code (PC)
CERT_ISSUER_SERIALNUMBER
Issuer serial number (SERIALNUMBER)
CERT_ISSUER_STATE_OR_PROVINCE
Issuer state or province (ST)
CERT_ISSUER_STREET
Issuer street (STREET)
CERT_ISSUER_SURNAME
Issuer surname (SN)
CERT_ISSUER_TITLE
Issuer title (T)
CERT_LOCALITY
Subject locality (L)
CERT_MAIL
Subject RFC 822 style address (MAIL)
CERT_NAME
Subject name (NAME)
CERT_ORG
Subject organization (O)
CERT_ORG_UNIT
Subject organizational unit (OU)
CERT_POSTAL_CODE
Subject postal code (PC)
CERT_SERIAL_NUMBER
Certificate serial number
CERT_SERIALNUMBER
Subject serial number (SERIALNUMBER)
CERT_STATE_OR_PROVINCE
Subject state or province (ST)
CERT_STREET
Subject street (STREET)
CERT_SURNAME
Subject surname (SN)
CERT_TITLE
Subject title (T)

The CERT_BODY_DER, CERT_BODY_BASE64, CERT_DN_DER, and CERT_ISSUER_DN_DER elements are not null-terminated and the 'cert_data_l' field must be used to get the element length. All of the other elements are null-terminated character strings and the 'cert_data_l' field is the length of the string excluding the string delimiter.

Related Topics

gsk_environment_init()

gsk_secure_socket_init()

Parent topic: API reference

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014