Tcl
Tcl
Examine SSL/TLS Server Certificate
See more Socket/SSL/TLS Examples
Demonstrates how an application can examine and check a server's SSL/TLS certificate.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set socket [new_CkSocket]
# Connect to a server.
set useTls 1
set maxWaitMs 2000
set success [CkSocket_Connect $socket "www.intel.com" 443 $useTls $maxWaitMs]
if {$success == 0} then {
puts [CkSocket_lastErrorText $socket]
delete_CkSocket $socket
exit
}
# If we get here, the TLS connection ws made..
# In any SSL/TLS handshake, the server sends its certificate in a TLS handshake message.
# Chilkat will keep it cached within the object that made the connection.
# Get the server's cert and examine a few things.
set cert [new_CkCert]
CkSocket_GetServerCert $socket $cert
puts "Distinguished Name: [CkCert_subjectDN $cert]"
puts "Common Name: [CkCert_subjectCN $cert]"
puts "Issuer Distinguished Name: [CkCert_issuerDN $cert]"
puts "Issuer Common Name: [CkCert_issuerCN $cert]"
puts "Expired: [CkCert_get_Expired $cert]"
puts "Revoked: [CkCert_get_Revoked $cert]"
puts "Signature Verified: [CkCert_get_SignatureVerified $cert]"
puts "Trusted Root: [CkCert_get_TrustedRoot $cert]"
# Sample output:
# Distinguished Name: C=US, ST=California, O=Intel Corporation, CN=*.intel.com
# Common Name: *.intel.com
# Issuer Distinguished Name: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
# Issuer Common Name: Sectigo RSA Organization Validation Secure Server CA
# Expired: False
# Revoked: False
# Signature Verified: True
# Trusted Root: True
delete_CkSocket $socket
delete_CkCert $cert