Implementing an SSL callback  Chapter 9: Using TLS and FIPS in EAServer

Chapter 8: Using SSL in ActiveX Clients

Retrieving session security information

The CtsSecurity.SSLSession and CtsSecurity.SSLSessionInfo classes allow you to determine whether SSL is used on connections from a proxy to the server, and if so, retrieve the SSL session settings. The code below illustrates the sequence of calls:

  ... deleted code to set ORB ssl properties, 
     create session, instantiate proxy myComp ...
  Dim sslSess As CtsSecurity.SSLSession
  Dim sslSessInfo As CtsSecurity.SSLSessionInfo
  sslSess =   myComp.Narrow_("CtsSecurity/SSLSession")
  On Error Go To noSSLError
  Set sslSessInfo = _
    sslSess.getSessionInfo.Narrow_( _
     ... an error raised by getSessionInfo most likely 
         means that the proxy does not use SSL ...

You can narrow the proxy for any CORBA object to CtsSecurity/SSLSession to obtain information about the session in which the proxy was created. When narrowing the SSLSession proxy to CTSSecurity/SSLSessionInfo, the proxy server raises an error if the session is not using SSL.

The SSLSessionInfo methods allow you to determine the SSL session properties, such as the server’s address, the client certificate in use, the server certificate in use, and so forth. For more information, see the generated Interface Repository documentation for the CtsSecurity::SSLSessionInfo interface.

Example: inspecting SSL session properties

The Visual Basic fragment below prints a description of the SSL session in which a SesssionManager::Session proxy was created:

Public Function SessionDetails( _
  title As String, _
  obj As JaguarTypeLibary.Object _
   Me.Caption = title
   Call clearOutput
   output (title & ":" & vbCrLf)
   Dim sslSess As CtsSecurity.SSLSession
   Dim sslSessInfo As CtsSecurity.SSLSessionInfo
   Dim host, port, prop As String
   Dim inError As Boolean
   inError = False
   On Error GoTo errorGetSession
   Set sslSess = obj.Narrow_("CtsSecurity/SSLSession")
   Set sslSessInfo = sslSess. _
   On Error GoTo errorGetProperties
   host = sslSessInfo.getProperty("host")
   port = sslSessInfo.getProperty("port")
   output ("Connected to " & host & ":" & port & vbCrLf)
   prop = sslSessInfo.getProperty("cipherSuite")
   output ("Negotiated CipherSuite: " & prop & vbCrLf)
   ' Print the server certificate details
   On Error GoTo errorGetServerCert
   Dim cert As CtsSecurity.X509Certificate
   Set cert = sslSessInfo.getPeerCertificate().Narrow_("CtsSecurity/X509Certificate")
   output (vbCrLf & "Server certificate info:" & vbCrLf)
   output (certInfo(cert))
   ' Print the client certificate details
   On Error GoTo errorGetClientCert
   Set cert = sslSessInfo.
   output (vbCrLf & "Personal certificate info:" & vbCrLf)
   output (certInfo(cert))
   inError = True ' Fall through error cases
' Error handling code. Labels are in reverse order of the
' On Error activations.
' Code to handle errors when retrieving the client certificate.
' Sessions will not have a client certificate unless mutual 
' authentication is used. So, this is not necessarily an error.
   If Not inError Then
     inError = True
     output (vbCrLf & "No personal certificate in use." & vbCrLf)
   End If
' Code to handle errors raised when getting the server certificate.
' If a connection uses SSL, it should at least have a server certificate,
' so errors raised are likely due to coding errors.
   If Not inError Then
     inError = True
      output (vbCrLf & "** Error retrieving server certificate properties. **" _
         & vbCrLf)
   End If
' Code for errors raised when retrieving session properties. Any error
' raised is likely due to a coding error.
   If Not inError Then
      inError = True
      output ("Error retrieving SSL session properties." & vbCrLf)
   End If
' Code for errors raised when retrieving the session information.
' Errors here most likely mean that the connection does not use SSL.
   If Not inError Then
      inError = True
      output ("SSL not used on this connection.")
   End If
   ' All error handlers must fall through to here.
End Function

Example: inspecting X.509 certificate properties

The previous example calls the following function to print a description of an SSL certificate represented in a CtsSecurity::X509Certificate instance:

Private Function certInfo( _
  cert As CtsSecurity.X509Certificate _
  ) As String   Dim description As String
   Dim prop As String
   description = ""
   prop = cert.getSubjectDN()
   description = description _
     & "  Subject name: " & prop & vbCrLf

   prop = cert.getIssuerDN()
   description = description _
     & "  Issuer name: " & prop & vbCrLf

   description = description _
     & "  Not valid before: " & Format(cert.getNotBefore()) & vbCrLf
   description = description _
     & "  Not valid after: " & Format(cert.getNotAfter()) & vbCrLf
   certInfo = description
End Function

Copyright © 2005. Sybase Inc. All rights reserved. Chapter 9: Using TLS and FIPS in EAServer