Tcl
Tcl
Verify SSL Server Certificate
See more Socket/SSL/TLS Examples
Demonstrates how to connect to an SSL server and verify its SSL certificate.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set socket [new_CkSocket]
set ssl 1
set maxWaitMillisec 20000
# The SSL server hostname may be an IP address, a domain name,
# or "localhost".
set sslServerHost "www.paypal.com"
set sslServerPort 443
# Connect to the SSL server:
set success [CkSocket_Connect $socket $sslServerHost $sslServerPort $ssl $maxWaitMillisec]
if {$success == 0} then {
puts [CkSocket_lastErrorText $socket]
delete_CkSocket $socket
exit
}
set cert [new_CkCert]
set success [CkSocket_GetServerCert $socket $cert]
if {$success != 0} then {
puts "Server Certificate:"
puts "Distinguished Name: [CkCert_subjectDN $cert]"
puts "Common Name: [CkCert_subjectCN $cert]"
puts "Issuer Distinguished Name: [CkCert_issuerDN $cert]"
puts "Issuer Common Name: [CkCert_issuerCN $cert]"
set bExpired [CkCert_get_Expired $cert]
set bRevoked [CkCert_get_Revoked $cert]
set bSignatureVerified [CkCert_get_SignatureVerified $cert]
set bTrustedRoot [CkCert_get_TrustedRoot $cert]
puts "Expired: $bExpired"
puts "Revoked: $bRevoked"
puts "Signature Verified: $bSignatureVerified"
puts "Trusted Root: $bTrustedRoot"
}
# Close the connection with the server
# Wait a max of 20 seconds (20000 millsec)
set success [CkSocket_Close $socket 20000]
delete_CkSocket $socket
delete_CkCert $cert