Sample code for 30+ languages & platforms
Tcl

Verify SSL Server Certificate

See more Socket/SSL/TLS Examples

Demonstrates how to connect to an SSL server and verify its SSL certificate.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set socket [new_CkSocket]

set ssl 1
set maxWaitMillisec 20000

# The SSL server hostname may be an IP address, a domain name,
# or "localhost". 

set sslServerHost "www.paypal.com"
set sslServerPort 443

# Connect to the SSL server:
set success [CkSocket_Connect $socket $sslServerHost $sslServerPort $ssl $maxWaitMillisec]
if {$success == 0} then {
    puts [CkSocket_lastErrorText $socket]
    delete_CkSocket $socket
    exit
}

set cert [new_CkCert]

set success [CkSocket_GetServerCert $socket $cert]
if {$success != 0} then {

    puts "Server Certificate:"
    puts "Distinguished Name: [CkCert_subjectDN $cert]"
    puts "Common Name: [CkCert_subjectCN $cert]"
    puts "Issuer Distinguished Name: [CkCert_issuerDN $cert]"
    puts "Issuer Common Name: [CkCert_issuerCN $cert]"

    set bExpired [CkCert_get_Expired $cert]
    set bRevoked [CkCert_get_Revoked $cert]
    set bSignatureVerified [CkCert_get_SignatureVerified $cert]
    set bTrustedRoot [CkCert_get_TrustedRoot $cert]

    puts "Expired: $bExpired"
    puts "Revoked: $bRevoked"
    puts "Signature Verified: $bSignatureVerified"
    puts "Trusted Root: $bTrustedRoot"

}

# Close the connection with the server
# Wait a max of 20 seconds (20000 millsec)
set success [CkSocket_Close $socket 20000]

delete_CkSocket $socket
delete_CkCert $cert