Sample code for 30+ languages & platforms
Visual FoxPro

Examine Client Certificates for an Accepted TLS Connection

See more Socket/SSL/TLS Examples

Demonstrates how to access the client certificates for a TLS connection accepted by your application acting as the server.

Chilkat Visual FoxPro Downloads

Visual FoxPro
LOCAL lnSuccess
LOCAL loListenSslSocket
LOCAL loCert
LOCAL lnMyPort
LOCAL lnBackLog
LOCAL lnMaxWaitMillisec
LOCAL loClientSock
LOCAL lnNumClientCerts
LOCAL loClientCert
LOCAL i

lnSuccess = 0

* This example requires the Chilkat API to have been previously unlocked.
* See Global Unlock Sample for sample code.

loListenSslSocket = CreateObject('Chilkat.Socket')

* An SSL/TLS server needs a digital certificate.  This example loads it from a PFX file.
* This is the server's certificate.

loCert = CreateObject('Chilkat.Cert')
lnSuccess = loCert.LoadPfxFile("qa_data/serverCert/myServerCert.pfx","pfx_password")
IF (lnSuccess = 0) THEN
    ? loCert.LastErrorText
    RELEASE loListenSslSocket
    RELEASE loCert
    CANCEL
ENDIF

* To accept client client certificates in the TLS handshake,
* we must indicate a list of acceptable client certificate root CA DN's
* that are allowed.  (DN is an acronym for Distinguished Name.)
* Call AddSslAcceptableClientCaDn once for each acceptable CA DN.
* Here are a few examples so you can see the general format of a DN.
loListenSslSocket.AddSslAcceptableClientCaDn("C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root")
loListenSslSocket.AddSslAcceptableClientCaDn("O=Digital Signature Trust Co., CN=DST Root CA X3")

* Initialize with our server's TLS certificate.
lnSuccess = loListenSslSocket.InitSslServer(loCert)
IF (lnSuccess = 0) THEN
    ? loListenSslSocket.LastErrorText
    RELEASE loListenSslSocket
    RELEASE loCert
    CANCEL
ENDIF

* Bind and listen on a port:
lnMyPort = 8123
* Allow for a max of 5 queued connect requests.
lnBackLog = 5
lnSuccess = loListenSslSocket.BindAndListen(lnMyPort,lnBackLog)
IF (lnSuccess = 0) THEN
    ? loListenSslSocket.LastErrorText
    RELEASE loListenSslSocket
    RELEASE loCert
    CANCEL
ENDIF

* Accept the next incoming connection.
lnMaxWaitMillisec = 20000

loClientSock = CreateObject('Chilkat.Socket')
lnSuccess = loListenSslSocket.AcceptNext(lnMaxWaitMillisec,loClientSock)
IF (lnSuccess = 0) THEN
    ? loListenSslSocket.LastErrorText
    RELEASE loListenSslSocket
    RELEASE loCert
    RELEASE loClientSock
    CANCEL
ENDIF

* Examine the client certs chain.  The 1st cert will be the client certificate, and
* the subsequent certs will be the certs in the chain of authentication.
lnNumClientCerts = loClientSock.NumReceivedClientCerts
? "numClientCerts = " + STR(lnNumClientCerts)

loClientCert = CreateObject('Chilkat.Cert')
i = 0
DO WHILE i < lnNumClientCerts
    loClientSock.GetRcvdClientCert(i,loClientCert)
    ? loClientCert.SubjectDN
    i = i + 1
ENDDO

* Close the connection with the client
lnSuccess = loClientSock.Close(1000)

RELEASE loListenSslSocket
RELEASE loCert
RELEASE loClientSock
RELEASE loClientCert