SSL enables the application to prompt the client user to select a certificate from a list during the client authentication process in the SSL handshake.

This is accomplished with a registered callback routine that is invoked from inside the gsk_secure_socket_init() function call. This topic provides an overview of that code.

The client application code must provide these functions:

• Register a standard C linkage callback routine using the gsk_attribute_set_callback() function call.
• Implement the callback routine that performs these functions:
  • Get the list of available certificates using the gsk_attribute_get_data() function call with the GSK_DATA_ID_SUPPORTED_KEYS option. This returns a list of labels from the key data base file, SAF key ring, or z/OS® PKCS #11 token.
  • Display the list of labels to the user.
  • Prompt the user to select the label from the list
  • Set the label to be used with a gsk_attribute_set_buffer() function call with the GSK_KEYRING_LABEL option.
  • Return to SSL with the return value set to indicate use client authentication.
  • If the user elects to not use any of the certificates in the list, return with the value set to skip client authentication. A certificate is not sent to the partner, but the SSL handshake completes. The server decides whether to continue or close the connection.
  • Optionally, the application can display certificate information using the gsk_get_cert_by_label() function call.
  • Optionally, the application can use the gsk_attribute_get_data() function call with the GSK_DATA_ID_SERVER_ISSUERS option to display a list of server signer certificates.