Chapter 6: Using SSL in C++ Clients
To initialize the SSL security service, you must retrieve the SSL security service context and set the quality of security services as well as any global properties for that context.
You must decide if you want to:
Respond to any authentication request by the server.
Use the Sybase PKCS #11 token (the default) or an Entrust ID.
In this example, you use CORBA::ORB_init to initialize the ORB as an instance, orb1.
CORBA::ORB_var orb1 =
Use resolve_initial_references to
obtain the initial context from the SSL security service URL string
SSLServiceProvider) as an
object reference, object, on orb1.
You must use
the URL string. You use CtsSecurity::SSLServiceProvider::_narrow to
convert object to the sslServProv instance
(an instance of the SSLServiceProvider interface).
object = orb1->resolve_initial_references ("SSLServiceProvider"); sslServProv = CtsSecurity::SSLServiceProvider ::_narrow(object);
To return the available qualities of security services from the availableQop property, call getGlobalProperty on the sslServProv instance. The qualities of security services refer to the security profile characteristic, which specifies the supported CipherSuites.
// query Available quality of services and set
// whatever we want. CtsSecurity::StringSeq_var * availQop = sslServProv->getGlobalProperty("availableQop");
At this time, you can also set any global properties, such as the callback component with the callbackImpl property. You specify the callback component using the setGlobalProperty method. The setGlobalProperty method takes the name of the global property, callbackImpl, and the name of the callback component. The name of the component is the DLL or shared library name (without the file extension) followed by a forward slash, and the package and component name separated by forward slashes as shown in this example:
// Set callbacks. sslServProv->setGlobalProperty
To respond to a server’s request for client authentication, you can:
Use the setGlobalProperty method to set the certificateLabel property to the client certificate to use when the server asks for one, or
Use the callback interface to provide a dialog (GUI- or text-based) where the user can enter a certificate to be sent back to the server.
|Copyright © 2005. Sybase Inc. All rights reserved.|