322 lines
8.6 KiB
HTML
322 lines
8.6 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>SSL_Create()--Enable SSL Support for the Specified Socket
|
||
|
Descriptor</title>
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Begin Header Records ========================================== -->
|
||
|
<!-- Direct1 SCRIPT J converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
|
||
|
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
|
||
|
<!--End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- Java sync-link -->
|
||
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
<h2>SSL_Create()--Enable SSL Support for the Specified Socket Descriptor</h2>
|
||
|
|
||
|
<div class="box" style="width: 60%;">
|
||
|
<br>
|
||
|
Syntax<br>
|
||
|
<pre>
|
||
|
#include <qsossl.h>
|
||
|
|
||
|
SSLHandle* SSL_Create(int <em>socket_descriptor</em>,
|
||
|
int <em>flags</em>)
|
||
|
</pre>
|
||
|
|
||
|
<br>
|
||
|
Service Program Name: QSOSSLSR<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Default Public Authority: *USE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: Yes<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
|
||
|
<p>The <strong><em>SSL_Create()</em></strong> function is used by a program to
|
||
|
enable SSL support for the specified socket descriptor.</p>
|
||
|
|
||
|
<br>
|
||
|
<h3>Parameters</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt>int <strong><em>socket_descriptor</em></strong> (input) </dt>
|
||
|
|
||
|
<dd>The descriptor of the socket to be used for the SSL session. The socket
|
||
|
descriptor must have been created (using the <em>socket()</em> API) with a
|
||
|
type of SOCK_STREAM and an address family of AF_INET or AF_INET6.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt>int <strong><em>flags</em></strong> (input) </dt>
|
||
|
|
||
|
<dd>A flag value that controls the use of SSL for the session. The
|
||
|
<em>flags</em> value is either zero, or is obtained by the ORing of the
|
||
|
following constant:
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>SSL_ENCRYPT (1<<0)</em></td>
|
||
|
<td align="left" valign="top">Encrypt the connection.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>SSL_DONT_ENCRYPT (0)</em> </td>
|
||
|
<td align="left" valign="top">Do not encrypt the connection.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<br>
|
||
|
<h3>Authorities</h3>
|
||
|
|
||
|
<p>No authorization is required.</p>
|
||
|
|
||
|
<br>
|
||
|
<h3>Return Value</h3>
|
||
|
|
||
|
<p>The <em>SSL_Create()</em> API returns a pointer to an
|
||
|
<strong><em>SSLHandle</em></strong>. A value of NULL is returned when
|
||
|
<em>SSL_Create()</em> fails. An <strong><em>SSLHandle</em></strong> is a
|
||
|
typedef for a buffer of type struct <strong><em>SSLHandleStr</em></strong>. In
|
||
|
<strong><qsossl.h></strong>, struct <strong><em>SSLHandleStr</em></strong>
|
||
|
is defined as the following:</p>
|
||
|
|
||
|
<pre>
|
||
|
struct SSLHandleStr { /* SSLHandleStr */
|
||
|
int fd; /* Socket descriptor */
|
||
|
int createFlags; /* SSL_Create flags value */
|
||
|
unsigned protocol; /* SSL protocol version */
|
||
|
unsigned timeout; /* Timeout value in seconds */
|
||
|
unsigned char cipherKind[3]; /* Current 2.0 cipher suite*/
|
||
|
unsigned short int cipherSuite; /* Current 3.0 cipher suite */
|
||
|
unsigned short int* cipherSuiteList; /* List of cipher suites */
|
||
|
unsigned int cipherSuiteListLen; /* Number of entries in
|
||
|
the cipher suites list */
|
||
|
unsigned char* peerCert; /* Peer certificate */
|
||
|
unsigned peerCertLen; /* Peer certificate length */
|
||
|
int peerCertValidateRc; /* Return code from
|
||
|
validation of certficate */
|
||
|
int (*exitPgm)(struct SSLHandleStr* sslh);
|
||
|
/* Authentication exit
|
||
|
program called when a
|
||
|
certificate is received
|
||
|
during SSL handshake */
|
||
|
};
|
||
|
</pre>
|
||
|
|
||
|
<p><strong>Note</strong>: A full explanation of each of the members of the
|
||
|
above structure are defined in the <em>SSL_Handshake()</em> API
|
||
|
description.</p>
|
||
|
|
||
|
<p>The <strong><em>SSLHandle</em></strong> structure returned will be
|
||
|
initialized to hexadecimal zeros with the exception of the <em>fd</em> field,
|
||
|
which will be initialized to the <em>socket_descriptor</em> input parameter and
|
||
|
the <em>createFlags</em> field, which will be initialized to the <em>flags</em>
|
||
|
input parameter.</p>
|
||
|
|
||
|
<br>
|
||
|
<h3>Error Conditions</h3>
|
||
|
|
||
|
<p>When the <em>SSL_Create()</em> API fails, <em>errno</em> can be set to:</p>
|
||
|
|
||
|
<dl>
|
||
|
<dt><em>[EALREADY]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Operation already in progress.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[EBADF]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Descriptor not valid.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[EFAULT]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Bad address.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[EINVAL]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Parameter not valid.</p>
|
||
|
|
||
|
<p>This error code indicates one of the following:</p>
|
||
|
|
||
|
<ul compact>
|
||
|
<li>The <em>socket_descriptor</em> type is not SOCK_STREAM or address family is
|
||
|
not AF_INET or AF_INET6.</li>
|
||
|
|
||
|
<li>One of the parameters passed is not valid or is NULL.</li>
|
||
|
</ul>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[EIO]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Input/output error.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[ENOBUFS]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>There is not enough buffer space for the requested operation.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[ENOTSOCK]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>The specified descriptor does not reference a socket.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[EPIPE]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Broken pipe.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[EUNATCH]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>The protocol required to support the specified address family is not
|
||
|
available at this time.</p>
|
||
|
</dd>
|
||
|
|
||
|
<dt><em>[EUNKNOWN]</em></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Unknown system state.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
<h3>Error Messages</h3>
|
||
|
|
||
|
<table width="100%" cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<th align="left" valign="top">Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPE3418 E</td>
|
||
|
<td align="left" valign="top">Possible APAR condition or hardware failure.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9872 E</td>
|
||
|
<td align="left" valign="top">Program or service program &1 in library
|
||
|
&2 ended. Reason code &3.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPFA081 E</td>
|
||
|
<td align="left" valign="top">Unable to set return value or error code.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
<h3>Usage Notes</h3>
|
||
|
|
||
|
<ol>
|
||
|
<li>The <em>SSL_Create()</em> function is only valid on sockets that have an
|
||
|
address family of <samp>AF_INET</samp> or <samp>AF_INET6</samp> and a socket
|
||
|
type of <samp>SOCK_STREAM</samp>. If the descriptor pointed to by the
|
||
|
<em>socket_descriptor</em> parameter does not have the correct address family
|
||
|
and socket type, [SSL_ERROR_IO] is returned and the <em>errno</em> value is set
|
||
|
to EINVAL.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>If the <em>flags</em> parameter specifies a value that does not include the
|
||
|
SSL_ENCRYPT flag, then the SSL protocol will not be used for the connection.
|
||
|
Not using the SSL protocol has the following effects:<br>
|
||
|
<br>
|
||
|
<ul>
|
||
|
<li>The <em>SSL_Handshake()</em> API will simply return successful without
|
||
|
performing any function.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>The <em>SSL_Read()</em> API will simply call the sockets <em>read()</em>
|
||
|
API with the same set of input parameters.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>The <em>SSL_Write()</em> API will simply call the sockets <em>write()</em>
|
||
|
API with the same set of input parameters.</li>
|
||
|
</ul>
|
||
|
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>Any use of <em>givedescriptor()</em> and <em>takedescriptor()</em> APIs
|
||
|
must be performed prior to issuing an <em>SSL_Create()</em>.</li>
|
||
|
</ol>
|
||
|
|
||
|
<br>
|
||
|
<h3>Related Information</h3>
|
||
|
|
||
|
<ul>
|
||
|
<li><a href="ssldest.htm">SSL_Destroy()</a>--End SSL Support for the Specified
|
||
|
SSL Session<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li><a href="sslhands.htm">SSL_Handshake()</a>--Initiate the SSL Handshake
|
||
|
Protocol<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li><a href="sslinit.htm">SSL_Init()</a>--Initialize the Current Job for
|
||
|
SSL<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li><a href="sslread.htm">SSL_Read(</a>)--Receive Data from an SSL-Enabled
|
||
|
Socket Descriptor<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li><a href="sslwrite.htm">SSL_Write()</a>--Write Data to an SSL-Enabled Socket
|
||
|
Descriptor</li>
|
||
|
</ul>
|
||
|
|
||
|
<br>
|
||
|
<hr>
|
||
|
API introduced: V4R3
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by category</a> </td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</body>
|
||
|
</html>
|
||
|
|