C
C
Verify SSL Server Certificate
See more Socket/SSL/TLS Examples
Demonstrates how to connect to an SSL server and verify its SSL certificate.Chilkat C Downloads
#include <C_CkSocket.h>
#include <C_CkCert.h>
void ChilkatSample(void)
{
BOOL success;
HCkSocket socket;
BOOL ssl;
int maxWaitMillisec;
const char *sslServerHost;
int sslServerPort;
HCkCert cert;
BOOL bExpired;
BOOL bRevoked;
BOOL bSignatureVerified;
BOOL bTrustedRoot;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
socket = CkSocket_Create();
ssl = TRUE;
maxWaitMillisec = 20000;
// The SSL server hostname may be an IP address, a domain name,
// or "localhost".
sslServerHost = "www.paypal.com";
sslServerPort = 443;
// Connect to the SSL server:
success = CkSocket_Connect(socket,sslServerHost,sslServerPort,ssl,maxWaitMillisec);
if (success == FALSE) {
printf("%s\n",CkSocket_lastErrorText(socket));
CkSocket_Dispose(socket);
return;
}
cert = CkCert_Create();
success = CkSocket_GetServerCert(socket,cert);
if (success != FALSE) {
printf("Server Certificate:\n");
printf("Distinguished Name: %s\n",CkCert_subjectDN(cert));
printf("Common Name: %s\n",CkCert_subjectCN(cert));
printf("Issuer Distinguished Name: %s\n",CkCert_issuerDN(cert));
printf("Issuer Common Name: %s\n",CkCert_issuerCN(cert));
bExpired = CkCert_getExpired(cert);
bRevoked = CkCert_getRevoked(cert);
bSignatureVerified = CkCert_getSignatureVerified(cert);
bTrustedRoot = CkCert_getTrustedRoot(cert);
printf("Expired: %d\n",bExpired);
printf("Revoked: %d\n",bRevoked);
printf("Signature Verified: %d\n",bSignatureVerified);
printf("Trusted Root: %d\n",bTrustedRoot);
}
// Close the connection with the server
// Wait a max of 20 seconds (20000 millsec)
success = CkSocket_Close(socket,20000);
CkSocket_Dispose(socket);
CkCert_Dispose(cert);
}