Developer

API Reference

SSLInfo

Brew Release
Brew MP 1.0.2
See Also
ISSL_Negotiate(), SSLSecurityInfo, IX509CHAIN_Verify(), X509TrustResult
Description
This data type is the result of the SSL negotiation and includes the secured ISocket.
Members
  • nResult:          General result of an SSL negotiation. One of SSL_RESULT_* error codes.
                         See ISSL error codes.
  • SecInfo:          The security level negotiated. Valid on SSL_RESULT_SECURED
  • TrustResult:      Trust results; see X509TrustResult
  • pSSLSocket:       Open socket representing secured stream.  This value is
                         be NULL when using IPort.  To retrieve the pSSLPort, use
                         ISSL_QueryInterface() with AEECLSID_PORT.
    
Definition
   typedef struct SSLInfo
   {
      int             nResult;
      SSLSecurityInfo SecInfo;
      X509TrustResult TrustResult;
      ISocket        *pSSLSocket;
   } SSLInfo;
Comment
This returns the result of a negotiation. The results has two parts, the protocol negotiation result, and the trust result from the X509 chain verification.
Trust result is filled in only if nResult is either SSL_RESULT_TRUST_ERR or SSL_RESULT_SECURED. If the result is a secured connection there will be no trust errors, and only the chain length is of any use in the structure. If the error is SSL_RESULT_TRUST_ERR then the details of the error are reported in TrustResult structure. Note that nResult in the TrustResult structure does not show the details, see the auChainErrors and summary further down in the structure. nResult in the TrustResult structure is generally SUCCESS. Errors such as running out of memory or a very corrupt certificate are reported as nResult in the SSLInfo structure.
Trust errors can be overridden and allow the negotiation to continue. Other errors cannot be overridden.
pSSLSocket is the most important part of the result as it is the secured stream.
  • Follow