SSL communications programming

I know I have started down this path a little while ago with questions and
got some good info to keep me rolling. I think that I understand the
concept of what needs to be done in the program.



For those that missed the first set of questions, I am working with a
company that has client / server software that is currently communicating in
clear text with their IBMi client and they want to add TLS1.2. The server
already has the ability to do TLS1.2 and it already works with their Windows
and Linux clients.



Let me quickly walk you through the high level of what the programs do.
Please forgive me if this sounds completely wrong. I am repeating what I
think I heard is the process.

1. The server sends a HELLO packet to the agent to initiate the
commumication. This packet is in clear text.
2. The agent returns a HELLO packet to the server. In this packet is
an SSL value that tell the server what modes the agent can process. The
values that we are concerned with are

a. NONE = 1
b. TLS = 3

3. If the agent sends back a 1, the server remains in clear text mode.
4. If the agent sends back a 3, the server then switches to TLS1.2
mode.



Now what I am trying to figure out is how to link the SSL APIs and the
certificate. I have already loaded the certificate in the DCM but that is
where I am stuck. Replacing an expired cert in the DCM is the only thing I
have ever done with DCM.



I know I need to use the SSL APIs for the communication (SSL_Read,
SSL_Write, etc.) but how do they know which certificate to use? I've looked
at SSL_Init_Application thinking that might be the missing piece but I'm not
understanding the definitions of the parameters. For the first parm, do I
have to use the QsyRegisterAppForCertUse API or is this something that can
be done in DCM?



Does anyone know of any good documentation that would walk me through how
all of these pieces fit together.



Thanks in advance.