Manualshelf

CORBA 2.6 Programmer's Guide for C++

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
string cipher;
};
typedef sequence<TaggedData> ServiceContextBody;
};
#pragma prefix "omg.org"
};
#pragma prefix ""
#endif
SSLIOP::Current
To obtain a reference to SSLIOP::Current, use the standard CORBA::resolve_initial_references mechanism to pass an
objectid string of SSLIOPCurrent. The following example obtains a reference to SSLIOP::Current:
int argc = 0;
CORBA::ORB_var orb = CORBA::ORB_init( argc, , my_orb);
CORBA::Object_var obj = orb->resolve_initial_references( SSLIOPCurrent );
SSLIOP::Current_var ssliop = SSLIOP::Current::_narrow( obj.in() );
SSLIOP::Current::get_peer_certificate()
Once an SSL session is active, the peer certificate (client or server) may be obtained by calling get_peer_certificate()
which returns the certificate in DER format. DER (a variant of ASN.1) is the binary, on-the-wire format of the certificate.
Once a pointer to the certificate is obtained, you can use OpenSSL library routines to extract information from the
certificate (for example, the issuer or the subject). The following example obtains the peer certificate by calling
SSLIOP::Current::get_peer_certificate():
// If within an SSL session, obtain a pointer to the certificate
if ( ssiop->SSL_session() )
{
SSLIOP::ASN1_cert_var cert = ssliop->get_peer_certificate();
CORBA::Octet *der_cert = cert->get_buffer();
// Use OpenSSL to parse the certificate.
// Convert to OpenSSL internal X509 format (DER to Internal X509)
X509 *peer_x509 = ::d2i_X509(0, &der_cert, cert->length() );
// Obtain the subject's DN.
char dn[256];
::X509_NAME_oneline( ::X509_get_subject_name(peer_x509), dn, sizeof(dn) );
cout << "Peer certificate subject DN is: " << dn >> endl;
}
SSLIOP::Current::get_peer_certificate_chain()
Once an SSL session is active, you can obtain the peer certificate chain by calling get_peer_certificate_chain which
returns a sequence of certificates in DER format. The following example obtains the peer certificate chain by calling
SSLIOP::Current::get_peer_certificate_chain():
// If within an SSL session, obtain a pointer to the certificate chain.
if ( ssiop->SSL_session() )
{