Chapter 6 Using SSL in C++ Clients


Initializing the SSL security service

To initialize the SSL security service, you must retrieve the SSL security service context and set the quality of security services as well as any global properties for that context.

You must decide if you want to:

Retrieve the SSL security service context

In this example, you use CORBA::ORB_init to initialize the ORB as an instance, orb1.

CORBA::ORB_var orb1 = 
CORBA::ORB_init(argc,argv, "");

Use resolve_initial_references to obtain the initial context from the SSL security service URL string (SSLServiceProvider ) as an object reference, object, on orb1. You must use SSLServiceProvider as the URL string. You use CtsSecurity::SSLServiceProvider::_narrow to convert object to the sslServProv instance (an instance of the SSLServiceProvider interface).

object = orb1->resolve_initial_references
    ("SSLServiceProvider");
sslServProv = CtsSecurity::SSLServiceProvider
    ::_narrow(object); 

Set the quality of security services and global properties

To return the available qualities of security services from the availableQop property, call getGlobalProperty on the sslServProv instance. The qualities of security services refer to the security profile characteristic, which specifies the supported CipherSuites.

// query Available quality of services and set 
// whatever we want. 
CtsSecurity::StringSeq_var * availQop = 
  sslServProv->getGlobalProperty("availableQop");

At this time, you can also set any global properties, such as the callback component with the callbackImpl property. You specify the callback component using the setGlobalProperty method. The setGlobalProperty method takes the name of the global property, callbackImpl, and the name of the callback component. The name of the component is the DLL name (without the file extension) followed by a forward slash, and the package and component name separated by forward slashes as shown in this example:

// Set callbacks. sslServProv->setGlobalProperty
    ("callbackImpl", "myDLL/myPackage/myComponent"); 

Enable client authentication

To respond to a server's request for client authentication, you can:

 


Copyright © 2002 Sybase, Inc. All rights reserved.