z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


System SSL server program

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

You can use these sockets and System SSL calls to enable a server program to communicate with a client program.

To create a stream socket to which client programs can connect, use this function call:

    int server_sock;

    server_sock = socket(AF_INET, SOCK_STREAM, 0);

Now that the server program socket is created, bind the socket to a port (for example, 1234) that is known to the client program using this function call:

    int rc;
    int namelength;
    struct sockaddr_in name;

    nameLength = sizeof(name);
    memset(&name, ’\0’, nameLength);
    name.sin_family = AF_INET;
    name.sin_port = 1234;
    name.sin_addr.s_addr = INADDR_ANY;

    rc = bind(server_sock, (struct sockaddr *)&name, nameLength);

To make the server program socket ready to listen for incoming connection request, use this function call:

    int rc;

    rc = listen(server_sock, 5);  /* allow max of 5 connections */

The server program is now ready to begin accepting connections from client programs. To accept connections, use these function calls:

    int client_sock;
    int incomingNameLength;
    struct sockaddr_in incomingName;

    client_sock = accept(server_sock, (struct sockaddr *)incomingName, &incomingNameLength);

After successfully accepting a connection from a client program, the server program must establish the secure socket connection which will result in the SSL handshake being performed. Once the handshake is completed, secure transfer of application data can be done. The secure socket connection is established with these attribute values:

  • The socket descriptor over which the communication is to occur.
  • Certificate with label "ServerCertLabel"
  • The type of handshake (for example, server) to be performed.
  • The set of SSL protocol cipher specifications to be allowed for the secure session specified using 4-character cipher specifications . (For example, ciphers utilizing a RSA key exchange with either AES 128/256 or 3DES encryption.) The cipher is selected by the System SSL server program according to the server's order of usage preference.
  • The 4-character cipher specification list in GSK_V3_CIPHER_SPECS_EXPANDED is used.
  • The address of a routine to be called by System SSL to read data from the socket for the secure session.
  • The address of a routine to be called by System SSL to write data on the socket for the secure session.
    gsk_handle  soc_handle;
    int rc;
    gsk_iocallback local_io = {secureSocRecv, secureSocSend, NULL, NULL, NULL, NULL};

    rc = gsk_secure_socket_open(env_handle, &soc_handle);

    rc = gsk_attribute_set_numeric_value(soc_handle, GSK_FD, client_sock);
    rc = gsk_attribute_set_buffer(soc_handle, GSK_KEYRING_LABEL, "ServerCertLabel",0);
    rc = gsk_attribute_set_enum(soc_handle, GSK_SESSION_TYPE, GSK_SERVER_SESSION);
    rc = gsk_attribute_set_buffer(soc_handle, GSK_V3_CIPHER_SPECS_EXPANDED, "0035002F000A",0);
    rc = gsk_attribute_set_enum(soc_handle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4);
    rc = gsk_attribute_set_callback(soc_handle, GSK_IO_CALLBACK, &local_io);

    rc = gsk_secure_socket_init(soc_handle);

The System SSL program should provide the function to send and receive data over the application socket. For more information, see I/O routine replacement. Use these function calls, send() and recv(), to send and receive the application data.

    int secureSocRecv(int fd, void *data, int len, char *user_data) {
        return( recv( fd, data, len,0 ));
    }

    int secureSocSend(int fd, void *data, int len, char *user_data) {
        return( send( fd, data, len,0 ));
    }

After the server program successfully calls gsk_secure_socket_init(), it can now read and write data securely over the application socket. To read application data from the application socket, use this code:

    int rc;
    int buffer_length;
    int length_read;
    char *data_buffer;

    rc = gsk_secure_socket_read(soc_handle, data_buffer, buffer_length, &length_read);

To write application data over the application socket, use this code:

    int rc;
    int buffer_length;
    int length_written;
    char *data_buffer;

    rc = gsk_secure_socket_write(soc_handle, data_buffer, buffer_length, &length_written);

Once the server program is finished using the application socket to securely send and receive data, it must free all of the System SSL resources for the SSL session and close the socket. To free the System SSL resource for the SSL session, use the gsk_secure_socket_close() call:

    gsk_secure_socket_close(&soc_handle);

To free the resources used by the SSL environment, use the gsk_environment_close() call:

    gsk_environment_close(&env_handle);

Finally, to close the application socket, use this function call:

    int rc;
    rc = close(client_sock);
Parent topic: Writing a System SSL source program

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014