|
Brad, A server application can use the GSK_CLIENT_AUTH_TYPE and the PASSTHRU option to allow an untrusted certificate. A client application can now use the GSK_SERVER_AUTH_TYPE and PASSTHRU operation if you have the requisite PTFs on V5R1. These are brand new (within the last week). If you have difficulting finding them I'll send them to you off-line. Patrick ----- Original Message ----- From: "Brad Stone" <brad@bvstools.com> To: <midrange-l@midrange.com> Sent: Friday, October 25, 2002 9:18 AM Subject: Re: SSL API Question > Well, right now that's not really an option. Basically the > error I'm getting is: > > SSL_ERROR_NOT_TRUSTED_ROOT > > which from the docs says the key isn't signed by a trusted > authority. But if I look at the key it is signed by > Verisign. Maybe I missed a point during SSL setup (this is > for a customer who says that SSL is already set up). > > As for the gsk API toolkit, what OS release are they good > for? > > Brad > > On Fri, 25 Oct 2002 11:56:49 -0500 (CDT) > Scott Klement <klemscot@klements.com> wrote: > > > > On Fri, 25 Oct 2002, Brad Stone wrote: > > > > > > With the SSL Handshake API, is there anyway to do this > > as > > > well? In other words, if there is a key but there's a > > > problem that you can opt to still accept the key, just > > > continue on without getting a Not Trusted error return > > code? > > > > > > > Hi Brad, > > > > Using the GSKit API for SSL (which is the recommended > > method, both > > by IBM and by me) you do this by setting the > > GSK_CLIENT_AUTH_TYPE > > attribute to the value of "GSK_CLIENT_AUTH_PASSTHRU" and > > then doing > > the certificate validation yourself. (I know this > > works, I've done it) > > > > You can read about this here: > > http://publib.boulder.ibm.com/iseries/v5r1/ic2924/info/apis/gsk_attribute_se t_enum.htm > > > > If you are using the SSL_xxx (yuck!) APIs, you should be > > able to > > define an "exit program" (though, actually, it's a > > procedure not a > > program) in the SSLHandleStr data structure. Then, you > > do your own > > certificate validation in that procedure. (I haven't > > tried it, but > > I read about it in the manuals) > > > > You can read about this here (tho the docs are a bit > > thin): > > http://publib.boulder.ibm.com/iseries/v5r1/ic2924/info/apis/sslhands.htm > > > > > > _______________________________________________ > > This is the Midrange Systems Technical Discussion > > (MIDRANGE-L) mailing list > > To post a message email: MIDRANGE-L@midrange.com > > To subscribe, unsubscribe, or change list options, > > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > > or email: MIDRANGE-L-request@midrange.com > > Before posting, please take a moment to review the > > archives > > at http://archive.midrange.com/midrange-l. > > > > Bradley V. Stone > BVS.Tools > www.bvstools.com > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
