DataFlex
DataFlex
Examine Client Certificates for an Accepted TLS Connection
See more Socket/SSL/TLS Examples
Demonstrates how to access the client certificates for a TLS connection accepted by your application acting as the server.Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoListenSslSocket
Variant vCert
Handle hoCert
Integer iMyPort
Integer iBackLog
Integer iMaxWaitMillisec
Variant vClientSock
Handle hoClientSock
Integer iNumClientCerts
Variant vClientCert
Handle hoClientCert
Integer i
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatSocket)) To hoListenSslSocket
If (Not(IsComObjectCreated(hoListenSslSocket))) Begin
Send CreateComObject of hoListenSslSocket
End
// An SSL/TLS server needs a digital certificate. This example loads it from a PFX file.
// This is the server's certificate.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
Get ComLoadPfxFile Of hoCert "qa_data/serverCert/myServerCert.pfx" "pfx_password" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// To accept client client certificates in the TLS handshake,
// we must indicate a list of acceptable client certificate root CA DN's
// that are allowed. (DN is an acronym for Distinguished Name.)
// Call AddSslAcceptableClientCaDn once for each acceptable CA DN.
// Here are a few examples so you can see the general format of a DN.
Get ComAddSslAcceptableClientCaDn Of hoListenSslSocket "C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root" To iSuccess
Get ComAddSslAcceptableClientCaDn Of hoListenSslSocket "O=Digital Signature Trust Co., CN=DST Root CA X3" To iSuccess
// Initialize with our server's TLS certificate.
Get pvComObject of hoCert to vCert
Get ComInitSslServer Of hoListenSslSocket vCert To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoListenSslSocket To sTemp1
Showln sTemp1
Procedure_Return
End
// Bind and listen on a port:
Move 8123 To iMyPort
// Allow for a max of 5 queued connect requests.
Move 5 To iBackLog
Get ComBindAndListen Of hoListenSslSocket iMyPort iBackLog To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoListenSslSocket To sTemp1
Showln sTemp1
Procedure_Return
End
// Accept the next incoming connection.
Move 20000 To iMaxWaitMillisec
Get Create (RefClass(cComChilkatSocket)) To hoClientSock
If (Not(IsComObjectCreated(hoClientSock))) Begin
Send CreateComObject of hoClientSock
End
Get pvComObject of hoClientSock to vClientSock
Get ComAcceptNext Of hoListenSslSocket iMaxWaitMillisec vClientSock To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoListenSslSocket To sTemp1
Showln sTemp1
Procedure_Return
End
// Examine the client certs chain. The 1st cert will be the client certificate, and
// the subsequent certs will be the certs in the chain of authentication.
Get ComNumReceivedClientCerts Of hoClientSock To iNumClientCerts
Showln "numClientCerts = " iNumClientCerts
Get Create (RefClass(cComChilkatCert)) To hoClientCert
If (Not(IsComObjectCreated(hoClientCert))) Begin
Send CreateComObject of hoClientCert
End
Move 0 To i
While (i < iNumClientCerts)
Get pvComObject of hoClientCert to vClientCert
Get ComGetRcvdClientCert Of hoClientSock i vClientCert To iSuccess
Get ComSubjectDN Of hoClientCert To sTemp1
Showln sTemp1
Move (i + 1) To i
Loop
// Close the connection with the client
Get ComClose Of hoClientSock 1000 To iSuccess
End_Procedure