tibemsSSLHostNameVerifier
Type
Purpose
Programs define functions of this type to check server identity based on the server’s host name.
C Declaration
typedef tibems_status (*tibemsSSLHostNameVerifier) ( const char* connected_hostname, const char* expected_hostname, const char* certificate_name, void* closure );
IBM Systems
This function is not supported on z/OS and IBM i systems. For more information, see TLS Implementation on IBM EBCDIC Systems.
Parameters
Parameter | Description |
---|---|
connected_hostname | Receive the actual host name of the server to which the client program is attempting to connect. |
expected_hostname | Receive the host name that the client expects the server to be running on. |
certificate_name | Receive the host name in the server’s public certificate. |
closure | Receive application-specific data. |
Remarks
TLS attempts to verify that the EMS server hostname (taken from the server’s certificate identity) matches the hostname in the server URL. Your program can use the default matching behavior, or customize it in different ways.
- The default behavior is a straightforward string comparison, matching the hostname from the server certificate against the hostname of the connected URL.
- If you set an expected hostname, then the match compares the hostname from the server certificate against the expected hostname (instead of the URL hostname).
- You may also define and set a hostname verifier function, which can override a string mismatch. If the string comparison fails, then TLS calls your verifier function to determine whether to accept the hostname anyway. Your function receives three hostnames—the connected name, the expected name, and the certificate hostname—and must return a status code indicating the final match result:
- TIBEMS_OK indicates a successful check.
- TIBEMS_SECURITY_EXCEPTION indicates a failed check.
Copyright © 2021. Cloud Software Group, Inc. All Rights Reserved.