Re: C400-L Digest, Vol 11, Issue 34

Tim, thanks for a quick reply.
I'm writing an SSL client. It works without a certificate. I just don't
understand why I need to register application.

Thanks
Boris.


-----Original Message-----
From: c400-l-bounces@xxxxxxxxxxxx [mailto:c400-l-bounces@xxxxxxxxxxxx] On
Behalf Of c400-l-request@xxxxxxxxxxxx
Sent: Friday, November 15, 2013 1:00 PM
To: c400-l@xxxxxxxxxxxx
Subject: C400-L Digest, Vol 11, Issue 34

Send C400-L mailing list submissions to
c400-l@xxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.midrange.com/mailman/listinfo/c400-l
or, via email, send a message with subject or body 'help' to
c400-l-request@xxxxxxxxxxxx

You can reach the person managing the list at
c400-l-owner@xxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific than
"Re: Contents of C400-L digest..."


Today's Topics:

1. Re: SSL_Handshake() returns -23 not signed by a trusted
(Tim Bronski)


----------------------------------------------------------------------

message: 1
date: Fri, 15 Nov 2013 12:35:57 +0100
from: Tim Bronski <tim.bronski@xxxxxxxxx>
subject: Re: [C400-L] SSL_Handshake() returns -23 not signed by a
trusted

You have to provide a server certificate/key. It's what ssl on the ibm i
requires you to do even though you dont HAVE to have one to get ssl to work.
You can either do that by creating an application and linking a server cert
to it or you can give the path to the file directly. If you use the
*ssl_init_application* api you have to provide an application name. If you
use the *ssl_init* api instead you can provide the cert/keyring file name
directly. You can use the default one e.g.*sslinit.keyringFileName =
"/QIBM/USERDATA/ICSS/CERT/SERVER/DEFAULT.KYR" with sslinit.keyringPassword =
NULL;

*
On 11/14/2013 12:38 AM, bbresc512@xxxxxxxxxx wrote:

Hi Tim,
Thanks a lot! I just now came around to try it and it worked.

Also, SSL_Init_Application() seems to require application ID. Is there
a way to avoid registering application? I don't want to use client
certificate. I just want to encrypt the communication.

Thanks
Boris.

-----Original Message-----
From: c400-l-bounces@xxxxxxxxxxxx [mailto:c400-l-bounces@xxxxxxxxxxxx]
On Behalf Of c400-l-request@xxxxxxxxxxxx
Sent: Thursday, October 24, 2013 1:00 PM
To: c400-l@xxxxxxxxxxxx
Subject: C400-L Digest, Vol 11, Issue 31

Send C400-L mailing list submissions to
c400-l@xxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.midrange.com/mailman/listinfo/c400-l
or, via email, send a message with subject or body 'help' to
c400-l-request@xxxxxxxxxxxx

You can reach the person managing the list at
c400-l-owner@xxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than
"Re: Contents of C400-L digest..."


Today's Topics:

1. Re: SSL_Handshake() returns -23 not signed by a trusted
certificate authority (Tim Bronski)


----------------------------------------------------------------------

message: 1
date: Wed, 23 Oct 2013 21:05:44 +0200
from: Tim Bronski <tim.bronski@xxxxxxxxx>
subject: Re: [C400-L] SSL_Handshake() returns -23 not signed by a
trusted certificate authority

You need to create a function for the handshake and set the ssh handle
(psslh) member exitPgm to the function address :
psslh -> exitPgm = &SSLcertCheck;

where SSLcertCheck has this prototype
int SSLcertCheck (SSLHandle *);

and returns 1 like this:

int SSLcertCheck (SSLHandle *sslh)
{
return 1;
}

On 10/23/2013 4:18 PM, bbresc512@xxxxxxxxxx wrote:

Hi Everybody,

Is there a way to avoid SSL_Handshake return "not signed by a trusted
certificate authority" error? I don't really care if it's not trusted.
I just want to encrypt the connection.


Thanks

Boris.

--
Need secure FTP? Download your native sFTP solution here:
www.arpeggiosoftware.com


------------------------------

--
Need secure FTP? Download your native sFTP solution here:
www.arpeggiosoftware.com


------------------------------