|
On Fri, 25 Oct 2002, Brad Stone wrote: > > With the SSL Handshake API, is there anyway to do this as > well? In other words, if there is a key but there's a > problem that you can opt to still accept the key, just > continue on without getting a Not Trusted error return code? > Hi Brad, Using the GSKit API for SSL (which is the recommended method, both by IBM and by me) you do this by setting the GSK_CLIENT_AUTH_TYPE attribute to the value of "GSK_CLIENT_AUTH_PASSTHRU" and then doing the certificate validation yourself. (I know this works, I've done it) You can read about this here: http://publib.boulder.ibm.com/iseries/v5r1/ic2924/info/apis/gsk_attribute_set_enum.htm If you are using the SSL_xxx (yuck!) APIs, you should be able to define an "exit program" (though, actually, it's a procedure not a program) in the SSLHandleStr data structure. Then, you do your own certificate validation in that procedure. (I haven't tried it, but I read about it in the manuals) You can read about this here (tho the docs are a bit thin): http://publib.boulder.ibm.com/iseries/v5r1/ic2924/info/apis/sslhands.htm
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
