z/OS Cryptographic Services System SSL Programming
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


System SSL client program

z/OS Cryptographic Services System SSL Programming
SC14-7495-00

The socket and System SSL API calls used by the client program are very similar to the calls used by the server program. Rather than accepting connections like a server program, a client program connects to the server program.

To create a stream socket that the client program can use to connect to the server, use this function call:

    int sock;

    sock = socket(AF_INET, SOCK_STREAM,0);

Now that the client program socket is created, connect the socket to the server program port using this function call:

    int rc;
    int namelength;
    struct sockaddr_in name;
    char *ServeHostName;

    nameLength = sizeof(name);
    memset(&name, ’\0’, nameLength);
    name.sin_family = AF_INET;
    name.sin_port = 1234;
    name.sin_addr.s_addr = ServerHostName;
    rc = connect(sock, (struct sockaddr *)&name, nameLength);

After successfully connecting to the server program, the client program must establish the secure socket connection. This connection causes the SSL handshake to be performed. Once the handshake is complete, secure communication of the application data can be done. This example code establishes the connection using these attribute values:

  • The socket descriptor over which the communication is to occur.
  • Certificate with label "THELABEL"
  • The type of handshake (client) to be performed.
  • The set of SSL protocol cipher specifications to be allowed for the secure session in client-preferred order specified using 4-character cipher specifications. (For example, ciphers utilizing a RSA key exchange with either AES 128/256 or 3DES encryption.)
    Note: Although the client is allowed to specify a preference order, an SSL server might not accept the preference.
  • The 4-character cipher specification list in GSK_V3_CIPHER_SPECS_EXPANDED is used.
  • The address of a routine to be called by System SSL to read data from the socket for the secure session.
  • The address of a routine to be called by System SSL to write data on the socket for the secure session.
    int rc;
    gsk_handle  soc_handle;
    gsk_iocallback local_io = {secureSocRecv, secureSocSend, NULL, NULL, NULL, NULL};

    rc = gsk_secure_socket_open(env_handle, &soc_handle);
    rc = gsk_attribute_set_numeric_value(soc_handle, GSK_FD, sock);
    rc = gsk_attribute_set_buffer(soc_handle, GSK_KEYRING_LABEL, "THELABEL",0);
    rc = gsk_attribute_set_enum(soc_handle, GSK_SESSION_TYPE, GSK_CLIENT_SESSION);
    rc = gsk_attribute_set_buffer(soc_handle, GSK_V3_CIPHER_SPECS_EXPANDED, "0035002F000A",0);
    rc = gsk_attribute_set_enum(soc_handle, GSK_V3_CIPHERS, GSK_V3_CIPHERS_CHAR4);
    rc = gsk_attribute_set_callback(soc_handle, GSK_IO_CALLBACK, &local_io);

    rc = gsk_secure_socket_init(soc_handle);

The System SSL program should provide the function to send and receive data over the application socket. For more information, see I/O routine replacement. Use these function calls, send() and recv(), to send and receive the application data.

    int secureSocRecv(int fd, void *data, int len, char *user_data) {
       return( recv( fd, data, len,0 ));
    }

    int secureSocSend(int fd, void *data, int len, char *user_data) {
       return(send( fd, data, len,0 ));
    }

After the client program successfully calls gsk_secure_socket_init(), it can now read and write data securely over the application socket. To read application data from the application socket, use this code:

    int rc;
    int buffer_length;
    int length_read;
    char *data_buffer;

    rc = gsk_secure_socket_read(soc_handle, data_buffer, buffer_length, &length_read);

To write application data over the application socket, use this code:

    int rc;
    int buffer_length;
    int length_written;
    char *data_buffer;

    rc = gsk_secure_socket_write(soc_handle, data_buffer, buffer_length, &length_written);

Once the client program is finished using the application socket to securely send and receive data, it must free all of the System SSL resources for the SSL session and close the socket.

To free the System SSL resource for the SSL session, use the gsk_secure_socket_close() call:

    gsk_secure_socket_close(&soc_handle);

To free the resources used by the SSL environment, use the gsk_environment_close() call:

    gsk_environment_close(&env_handle);

Finally, to close the application socket, use this function call:

    int rc;
    rc=close(sock);
Parent topic: Writing a System SSL source program

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014