tibemsSSLHostNameVerifier

Type

Purpose

Programs define functions of this type to check server identity based on the server’s host name.

C Declaration

typedef tibems_status (*tibemsSSLHostNameVerifier) (
    const char* connected_hostname,
    const char* expected_hostname,
    const char* certificate_name,
    void* closure );

IBM Systems

This function is not supported on z/OS and IBM i systems. For more information, see TLS Implementation on IBM EBCDIC Systems.

Parameters

Parameter Description
connected_hostname Receive the actual host name of the server to which the client program is attempting to connect.
expected_hostname Receive the host name that the client expects the server to be running on.
certificate_name Receive the host name in the server’s public certificate.
closure Receive application-specific data.

Remarks

TLS attempts to verify that the EMS server hostname (taken from the server’s certificate identity) matches the hostname in the server URL. Your program can use the default matching behavior, or customize it in different ways.

  • The default behavior is a straightforward string comparison, matching the hostname from the server certificate against the hostname of the connected URL.
  • If you set an expected hostname, then the match compares the hostname from the server certificate against the expected hostname (instead of the URL hostname).
  • You may also define and set a hostname verifier function, which can override a string mismatch. If the string comparison fails, then TLS calls your verifier function to determine whether to accept the hostname anyway. Your function receives three hostnames—the connected name, the expected name, and the certificate hostname—and must return a status code indicating the final match result: