This topic describes the steps of updating the
server application to implement an aware server application.
Procedure
To implement an aware server application, create or update
the server application as follows:
- If the server is using non-blocking sockets, the server
should issue select on the new socket to wait for the socket to become
writable, which indicates that the initial handshake is complete.
If using blocking sockets, the select is not needed.
- When the new socket is writeable the server can issue the
SIOCTTLSCTL ioctl with TTLSi_Req_Type set to TTLS_RETURN_CERTIFICATE
to retrieve the certificate presented by the client (if provided). The ioctl should return with a policy status of TTLS_POL_ENABLED
and a connection status of TTLS_CONN_SECURE. The server program can
examine the negotiated session attributes and the certificate that
is supplied by the client (if provided). If this certificate is registered
with the security product and associated with a user ID, then the
user ID fields are also returned in the ioctl data.