(Tcl) Verify SSL Server Certificate

Demonstrates how to connect to an SSL server and verify its SSL certificate.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set socket [new_CkSocket]

set ssl 1
set maxWaitMillisec 20000

# The SSL server hostname may be an IP address, a domain name,
# or "localhost". 

set sslServerHost "www.paypal.com"
set sslServerPort 443

# Connect to the SSL server:
set success [CkSocket_Connect $socket $sslServerHost $sslServerPort $ssl $maxWaitMillisec]
if {$success != 1} then {
    puts [CkSocket_lastErrorText $socket]
    delete_CkSocket $socket
    exit
}

# cert is a CkCert

set cert [CkSocket_GetSslServerCert $socket]
if {[CkSocket_get_LastMethodSuccess $socket] != 0} then {

    puts "Server Certificate:"
    puts "Distinguished Name: [CkCert_subjectDN $cert]"
    puts "Common Name: [CkCert_subjectCN $cert]"
    puts "Issuer Distinguished Name: [CkCert_issuerDN $cert]"
    puts "Issuer Common Name: [CkCert_issuerCN $cert]"

    set bExpired [CkCert_get_Expired $cert]
    set bRevoked [CkCert_get_Revoked $cert]
    set bSignatureVerified [CkCert_get_SignatureVerified $cert]
    set bTrustedRoot [CkCert_get_TrustedRoot $cert]

    puts "Expired: $bExpired"
    puts "Revoked: $bRevoked"
    puts "Signature Verified: $bSignatureVerified"
    puts "Trusted Root: $bTrustedRoot"

    delete_CkCert $cert

}

# Close the connection with the server
# Wait a max of 20 seconds (20000 millsec)
set success [CkSocket_Close $socket 20000]

delete_CkSocket $socket