ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/sslcreat.htm

322 lines
8.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>SSL_Create()--Enable SSL Support for the Specified Socket
Descriptor</title>
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Begin Header Records ========================================== -->
<!-- Direct1 SCRIPT J converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
<!--End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
</script>
<h2>SSL_Create()--Enable SSL Support for the Specified Socket Descriptor</h2>
<div class="box" style="width: 60%;">
<br>
&nbsp;&nbsp;Syntax<br>
<pre>
#include &lt;qsossl.h&gt;
SSLHandle* SSL_Create(int <em>socket_descriptor</em>,
int <em>flags</em>)
</pre>
<br>
&nbsp;&nbsp;Service Program Name: QSOSSLSR<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p>The <strong><em>SSL_Create()</em></strong> function is used by a program to
enable SSL support for the specified socket descriptor.</p>
<br>
<h3>Parameters</h3>
<dl>
<dt>int <strong><em>socket_descriptor</em></strong> &nbsp;(input)&nbsp;</dt>
<dd>The descriptor of the socket to be used for the SSL session. The socket
descriptor must have been created (using the <em>socket()</em> API) with a
type of SOCK_STREAM and an address family of AF_INET or AF_INET6.<br>
<br>
</dd>
<dt>int <strong><em>flags</em></strong> &nbsp;(input)&nbsp;</dt>
<dd>A flag value that controls the use of SSL for the session. The
<em>flags</em> value is either zero, or is obtained by the ORing of the
following constant:
<table cellpadding="5">
<!-- cols="25 75" -->
<tr>
<td align="left" valign="top"><em>SSL_ENCRYPT (1&lt;&lt;0)</em></td>
<td align="left" valign="top">Encrypt the connection.</td>
</tr>
<tr>
<td align="left" valign="top"><em>SSL_DONT_ENCRYPT (0)</em> </td>
<td align="left" valign="top">Do not encrypt the connection.</td>
</tr>
</table>
</dd>
</dl>
<br>
<h3>Authorities</h3>
<p>No authorization is required.</p>
<br>
<h3>Return Value</h3>
<p>The <em>SSL_Create()</em> API returns a pointer to an
<strong><em>SSLHandle</em></strong>. A value of NULL is returned when
<em>SSL_Create()</em> fails. An <strong><em>SSLHandle</em></strong> is a
typedef for a buffer of type struct <strong><em>SSLHandleStr</em></strong>. In
<strong>&lt;qsossl.h&gt;</strong>, struct <strong><em>SSLHandleStr</em></strong>
is defined as the following:</p>
<pre>
struct SSLHandleStr { /* SSLHandleStr */
int fd; /* Socket descriptor */
int createFlags; /* SSL_Create flags value */
unsigned protocol; /* SSL protocol version */
unsigned timeout; /* Timeout value in seconds */
unsigned char cipherKind[3]; /* Current 2.0 cipher suite*/
unsigned short int cipherSuite; /* Current 3.0 cipher suite */
unsigned short int* cipherSuiteList; /* List of cipher suites */
unsigned int cipherSuiteListLen; /* Number of entries in
the cipher suites list */
unsigned char* peerCert; /* Peer certificate */
unsigned peerCertLen; /* Peer certificate length */
int peerCertValidateRc; /* Return code from
validation of certficate */
int (*exitPgm)(struct SSLHandleStr* sslh);
/* Authentication exit
program called when a
certificate is received
during SSL handshake */
};
</pre>
<p><strong>Note</strong>: A full explanation of each of the members of the
above structure are defined in the <em>SSL_Handshake()</em> API
description.</p>
<p>The <strong><em>SSLHandle</em></strong> structure returned will be
initialized to hexadecimal zeros with the exception of the <em>fd</em> field,
which will be initialized to the <em>socket_descriptor</em> input parameter and
the <em>createFlags</em> field, which will be initialized to the <em>flags</em>
input parameter.</p>
<br>
<h3>Error Conditions</h3>
<p>When the <em>SSL_Create()</em> API fails, <em>errno</em> can be set to:</p>
<dl>
<dt><em>[EALREADY]</em></dt>
<dd>
<p>Operation already in progress.</p>
</dd>
<dt><em>[EBADF]</em></dt>
<dd>
<p>Descriptor not valid.</p>
</dd>
<dt><em>[EFAULT]</em></dt>
<dd>
<p>Bad address.</p>
</dd>
<dt><em>[EINVAL]</em></dt>
<dd>
<p>Parameter not valid.</p>
<p>This error code indicates one of the following:</p>
<ul compact>
<li>The <em>socket_descriptor</em> type is not SOCK_STREAM or address family is
not AF_INET or AF_INET6.</li>
<li>One of the parameters passed is not valid or is NULL.</li>
</ul>
<br>
</dd>
<dt><em>[EIO]</em></dt>
<dd>
<p>Input/output error.</p>
</dd>
<dt><em>[ENOBUFS]</em></dt>
<dd>
<p>There is not enough buffer space for the requested operation.</p>
</dd>
<dt><em>[ENOTSOCK]</em></dt>
<dd>
<p>The specified descriptor does not reference a socket.</p>
</dd>
<dt><em>[EPIPE]</em></dt>
<dd>
<p>Broken pipe.</p>
</dd>
<dt><em>[EUNATCH]</em></dt>
<dd>
<p>The protocol required to support the specified address family is not
available at this time.</p>
</dd>
<dt><em>[EUNKNOWN]</em></dt>
<dd>
<p>Unknown system state.</p>
</dd>
</dl>
<br>
<br>
<h3>Error Messages</h3>
<table width="100%" cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td align="left" valign="top">CPE3418 E</td>
<td align="left" valign="top">Possible APAR condition or hardware failure.</td>
</tr>
<tr>
<td align="left" valign="top">CPF9872 E</td>
<td align="left" valign="top">Program or service program &amp;1 in library
&amp;2 ended. Reason code &amp;3.</td>
</tr>
<tr>
<td align="left" valign="top">CPFA081 E</td>
<td align="left" valign="top">Unable to set return value or error code.</td>
</tr>
</table>
<br>
<br>
<h3>Usage Notes</h3>
<ol>
<li>The <em>SSL_Create()</em> function is only valid on sockets that have an
address family of <samp>AF_INET</samp> or <samp>AF_INET6</samp> and a socket
type of <samp>SOCK_STREAM</samp>. If the descriptor pointed to by the
<em>socket_descriptor</em> parameter does not have the correct address family
and socket type, [SSL_ERROR_IO] is returned and the <em>errno</em> value is set
to EINVAL.<br>
<br>
</li>
<li>If the <em>flags</em> parameter specifies a value that does not include the
SSL_ENCRYPT flag, then the SSL protocol will not be used for the connection.
Not using the SSL protocol has the following effects:<br>
<br>
<ul>
<li>The <em>SSL_Handshake()</em> API will simply return successful without
performing any function.<br>
<br>
</li>
<li>The <em>SSL_Read()</em> API will simply call the sockets <em>read()</em>
API with the same set of input parameters.<br>
<br>
</li>
<li>The <em>SSL_Write()</em> API will simply call the sockets <em>write()</em>
API with the same set of input parameters.</li>
</ul>
<br>
</li>
<li>Any use of <em>givedescriptor()</em> and <em>takedescriptor()</em> APIs
must be performed prior to issuing an <em>SSL_Create()</em>.</li>
</ol>
<br>
<h3>Related Information</h3>
<ul>
<li><a href="ssldest.htm">SSL_Destroy()</a>--End SSL Support for the Specified
SSL Session<br>
<br>
</li>
<li><a href="sslhands.htm">SSL_Handshake()</a>--Initiate the SSL Handshake
Protocol<br>
<br>
</li>
<li><a href="sslinit.htm">SSL_Init()</a>--Initialize the Current Job for
SSL<br>
<br>
</li>
<li><a href="sslread.htm">SSL_Read(</a>)--Receive Data from an SSL-Enabled
Socket Descriptor<br>
<br>
</li>
<li><a href="sslwrite.htm">SSL_Write()</a>--Write Data to an SSL-Enabled Socket
Descriptor</li>
</ul>
<br>
<hr>
API introduced: V4R3
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by category</a> </td>
</tr>
</table>
</center>
</body>
</html>