Hi,
After calling below successfully.
callp SSL_debug_cert_info(wkSSLh : GSK_PARTNER_CERT_INFO )
callp http_dmsg('Protocol Used: ' SSL_protocol(wkSSLh: *OMIT))
I try to get cipher in wkSSLh by
D wwBufferPtr S *
D wwBufSize s 10I 0
C Eval rc = gsk_attribute_get_buffer(wkSSLh:
GSK_CONNECT_SEC_TYPE:
wwBufferPtr:
wwBufSize)
But rc return 6010 ([GSK_IBMI_ERROR_INVALID_POINTER], The numValue pointer is not valid.)
GSKSSL_H
=================================
D gsk_attribute_get_buffer...
D PR 10I 0 extproc('gsk_attribute_get_buffer')
D my_gsk_handle like(gsk_handle) value
D bufID like(GSK_BUF_ID) value
D buffer * value
D bufSize 10I 0
=================================
Any help?
Regards
Get Cipher used in a SSL Connection
-
Scott Klement
- Site Admin
- Posts: 872
- Joined: Sun Jul 04, 2021 5:12 am
Re: Get Cipher used in a SSL Connection
The 'buffer' parameter (the third parameter) needs to be a pointer to a pointer. The error message seems to be saying that you aren't passing a valid pointer-to-a-pointer.
Re: Get Cipher used in a SSL Connection
Thank, but I just follow your coding in LIBHTTP145/QRPGLESRC/GSKSSL_H
=================================
D gsk_attribute_get_buffer...
D PR 10I 0 extproc('gsk_attribute_get_buffer')
D my_gsk_handle like(gsk_handle) value
D bufID like(GSK_BUF_ID) value
D buffer * value
D bufSize 10I 0
=================================
And I already know that is const char **, as in
https://www.ibm.com/docs/en/zos/2.2.0?t ... get-buffer
========================================================================
#include <gskssl.h>
gsk_status gsk_attribute_get_buffer (
gsk_handle ssl_handle,
GSK_BUF_ID buffer_id,
const char ** buffer_value,
int * buffer_length)
========================================================================
And according your https://www.scottklement.com/rpg/socktut/tutorial.pdf, page 7,
"char **s" is "It is a pointer to an array. That array
is an array of pointers. Each element of that array points to an alphanumeric string"
=========================================================================
struct servent {
char *s_name;
char **s_aliases;
int s_port;
char *s_proto
};
...
....
can be defined in RPG D-spec as
DName+++++++++++ETDsFrom+++To/L+++IDc.Keywords+++++++++++++++++++++++
D p_servent S *
D servent DS based(p_servent)
D s_name *
D s_aliases *
D s_port 10I 0
D s_proto *
=========================================================================
Is my understanding is correct ?
Regards
=================================
D gsk_attribute_get_buffer...
D PR 10I 0 extproc('gsk_attribute_get_buffer')
D my_gsk_handle like(gsk_handle) value
D bufID like(GSK_BUF_ID) value
D buffer * value
D bufSize 10I 0
=================================
And I already know that is const char **, as in
https://www.ibm.com/docs/en/zos/2.2.0?t ... get-buffer
========================================================================
#include <gskssl.h>
gsk_status gsk_attribute_get_buffer (
gsk_handle ssl_handle,
GSK_BUF_ID buffer_id,
const char ** buffer_value,
int * buffer_length)
========================================================================
And according your https://www.scottklement.com/rpg/socktut/tutorial.pdf, page 7,
"char **s" is "It is a pointer to an array. That array
is an array of pointers. Each element of that array points to an alphanumeric string"
=========================================================================
struct servent {
char *s_name;
char **s_aliases;
int s_port;
char *s_proto
};
...
....
can be defined in RPG D-spec as
DName+++++++++++ETDsFrom+++To/L+++IDc.Keywords+++++++++++++++++++++++
D p_servent S *
D servent DS based(p_servent)
D s_name *
D s_aliases *
D s_port 10I 0
D s_proto *
=========================================================================
Is my understanding is correct ?
Regards
-
Scott Klement
- Site Admin
- Posts: 872
- Joined: Sun Jul 04, 2021 5:12 am
Re: Get Cipher used in a SSL Connection
Hello,
I'm not sure that I understand your point, or why you are showing me the "servent" (services entry) data structure.
Can you show me the RPG code for the variable you are passing in the 'buffer' parameter, please? All you've provided so far is the prototype. I need everything related to that parameter, it's definition, how you are using it, and so forth.
I'm not sure that I understand your point, or why you are showing me the "servent" (services entry) data structure.
Can you show me the RPG code for the variable you are passing in the 'buffer' parameter, please? All you've provided so far is the prototype. I need everything related to that parameter, it's definition, how you are using it, and so forth.
Re: Get Cipher used in a SSL Connection
Hi,
Showing "servent" as reference for, how I learn to define a pointer of pointer, after reading "servent"
"const char ** aliases" in C can be defined as "D s aliases *" in RPG
As in https://www.ibm.com/docs/en/i/7.2?topic ... buffer.htm, I need to define "const char ** buffer" written in C.
Then I follow the same way in defining "servent", and use "D s buffer *" in RPG
i.e. defining it as below "D wwBufferPtr S * "
In my RPG, I copy from "CommSSL_Upgrade..." in LIBHTTP145/QRPGLESRC/COMMSSLR4, to make my own "UpgradeSock"
P *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
P UpgradeSock B export
D UpgradeSock PI like(gsk_handle)
D peSSLEnv like(gsk_handle) value
D peSD 10I 0 value
D peEndHost * value options(*string)
D peTimeout 10P 3 value
*
D wksslh S like(gsk_handle)
D rc s 10I 0
D wwValCode s 10I 0
D wwSniHost s 256a inz(*blanks)
D wwBufferPtr S *
D wwBufSize s 10I 0
....
c callp http_dmsg('Protocol Used: ' +
c SSL_protocol(wwSSLh: *OMIT))
* Get Cipher
C Eval wwBufferPtr = *NULL
c Eval rc = gsk_attribute_get_buffer(wkSSLh:
c GSK_CONNECT_SEC_TYPE:
c wwBufferPtr:
c wwBufSize)
The problem is how can I define the "const char ** buffer" written in C, correctly in RPG, as you mentioned before
Regards
Showing "servent" as reference for, how I learn to define a pointer of pointer, after reading "servent"
"const char ** aliases" in C can be defined as "D s aliases *" in RPG
As in https://www.ibm.com/docs/en/i/7.2?topic ... buffer.htm, I need to define "const char ** buffer" written in C.
Then I follow the same way in defining "servent", and use "D s buffer *" in RPG
i.e. defining it as below "D wwBufferPtr S * "
In my RPG, I copy from "CommSSL_Upgrade..." in LIBHTTP145/QRPGLESRC/COMMSSLR4, to make my own "UpgradeSock"
P *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
P UpgradeSock B export
D UpgradeSock PI like(gsk_handle)
D peSSLEnv like(gsk_handle) value
D peSD 10I 0 value
D peEndHost * value options(*string)
D peTimeout 10P 3 value
*
D wksslh S like(gsk_handle)
D rc s 10I 0
D wwValCode s 10I 0
D wwSniHost s 256a inz(*blanks)
D wwBufferPtr S *
D wwBufSize s 10I 0
....
c callp http_dmsg('Protocol Used: ' +
c SSL_protocol(wwSSLh: *OMIT))
* Get Cipher
C Eval wwBufferPtr = *NULL
c Eval rc = gsk_attribute_get_buffer(wkSSLh:
c GSK_CONNECT_SEC_TYPE:
c wwBufferPtr:
c wwBufSize)
The problem is how can I define the "const char ** buffer" written in C, correctly in RPG, as you mentioned before
Regards
-
Scott Klement
- Site Admin
- Posts: 872
- Joined: Sun Jul 04, 2021 5:12 am
Re: Get Cipher used in a SSL Connection
You appear to be passing wwSlh, which as far as I can tell is set to *null -- so that won't work.
Also, with the way that prototype is written, you'll need to pass %addr(wwBufferPtr) rather than passing wwBufferPtr directly.
Also -- why are you still using fixed format for new code?
Also, with the way that prototype is written, you'll need to pass %addr(wwBufferPtr) rather than passing wwBufferPtr directly.
Also -- why are you still using fixed format for new code?
Re: Get Cipher used in a SSL Connection
Hi
Thanks for your quick respond
You appear to be passing wwSlh, which as far as I can tell is set to *null -- so that won't work.
-> it is fine, you may refer to your "CommSSL_upgrade..." in COMMSSLR4.
-> I just add the "code for cipher" right after call SSL_protocol() in your coding
Also, with the way that prototype is written, you'll need to pass %addr(wwBufferPtr) rather than passing wwBufferPtr directly.
-> Let me try and report the result,
-> I just follow the source in D-spec about "PR" in "gsk_attribute_get_buffer..." in source
LIBHTTP145/QRPGLESRC/GSKSSL_H
=================================
D gsk_attribute_get_buffer...
D PR 10I 0 extproc('gsk_attribute_get_buffer')
D my_gsk_handle like(gsk_handle) value
D bufID like(GSK_BUF_ID) value
D buffer * value
D bufSize 10I 0
=================================
Also -- why are you still using fixed format for new code?
-> That is not up to me
Regards
Thanks for your quick respond
You appear to be passing wwSlh, which as far as I can tell is set to *null -- so that won't work.
-> it is fine, you may refer to your "CommSSL_upgrade..." in COMMSSLR4.
-> I just add the "code for cipher" right after call SSL_protocol() in your coding
Also, with the way that prototype is written, you'll need to pass %addr(wwBufferPtr) rather than passing wwBufferPtr directly.
-> Let me try and report the result,
-> I just follow the source in D-spec about "PR" in "gsk_attribute_get_buffer..." in source
LIBHTTP145/QRPGLESRC/GSKSSL_H
=================================
D gsk_attribute_get_buffer...
D PR 10I 0 extproc('gsk_attribute_get_buffer')
D my_gsk_handle like(gsk_handle) value
D bufID like(GSK_BUF_ID) value
D buffer * value
D bufSize 10I 0
=================================
Also -- why are you still using fixed format for new code?
-> That is not up to me
Regards
Re: Get Cipher used in a SSL Connection
Hi
I just have a trial, but fail.
After changed the parameter wwBufferPtr to %Addr(wwBufferPtr), rc is 0 instead of 6010 ([GSK_IBMI_ERROR_INVALID_POINTER].
But wwBuffer is *NULL and wwBufSize = 0, that is, cannot get the cipher.
<-- Detail refer to "CommSSL_upgrade..." in COMMSSLR4.-->
* adding 2 parameters, wwBufferPtr and wwBufSize, in "CommSSL_upgrade..."
...
D wwBufferPtr S *
D wwBufSize s 10I 0
...
c callp http_dmsg('Protocol Used: ' +
c SSL_protocol(wwSSLh: *OMIT))
* When debug is turned on, the protocol (and also server cert) is written to a IFS file
* But just cannot get the Cipher from "wwSSLh"
*
* Get Cipher
C Eval wwBufferPtr = *NULL
c Eval rc = gsk_attribute_get_buffer(wkSSLh:
c GSK_CONNECT_SEC_TYPE:
c %addr(wwBufferPtr):
c wwBufSize)
..
Please help
Regards
I just have a trial, but fail.
After changed the parameter wwBufferPtr to %Addr(wwBufferPtr), rc is 0 instead of 6010 ([GSK_IBMI_ERROR_INVALID_POINTER].
But wwBuffer is *NULL and wwBufSize = 0, that is, cannot get the cipher.
<-- Detail refer to "CommSSL_upgrade..." in COMMSSLR4.-->
* adding 2 parameters, wwBufferPtr and wwBufSize, in "CommSSL_upgrade..."
...
D wwBufferPtr S *
D wwBufSize s 10I 0
...
c callp http_dmsg('Protocol Used: ' +
c SSL_protocol(wwSSLh: *OMIT))
* When debug is turned on, the protocol (and also server cert) is written to a IFS file
* But just cannot get the Cipher from "wwSSLh"
*
* Get Cipher
C Eval wwBufferPtr = *NULL
c Eval rc = gsk_attribute_get_buffer(wkSSLh:
c GSK_CONNECT_SEC_TYPE:
c %addr(wwBufferPtr):
c wwBufSize)
..
Please help
Regards
-
Scott Klement
- Site Admin
- Posts: 872
- Joined: Sun Jul 04, 2021 5:12 am
Re: Get Cipher used in a SSL Connection
Here is the documentation for the API:
https://www.ibm.com/docs/en/i/7.4?topic ... buffer.htm
When you get an rc = 0, your wwBufferPtr should be pointing to the area of memory that contains that string, and wwBufSize should contain the number of bytes to read from that location.
If it is not working for you, you need to troubleshoot/debug and fix your code to make it work properly.
Since this is a part of your custom code -- not a part of my software, I'm limited in how much I can help you.
https://www.ibm.com/docs/en/i/7.4?topic ... buffer.htm
Note that GSK_CONNECT_SEC_TYPE does not even attempt to retrieve cipher information, it only retrieves the strings above.GSK_CONNECT_SEC_TYPE (208) - buffer points to a string containing "SSLV3", "TLSV1", "TLSV11", "TLSV12", or "TLSV13" depending on what was actually negotiated for use by the secure session. For compatibility with previous releases, "TLSV1" is returned for TLS Version 1.0 instead of "TLSV10".
When you get an rc = 0, your wwBufferPtr should be pointing to the area of memory that contains that string, and wwBufSize should contain the number of bytes to read from that location.
If it is not working for you, you need to troubleshoot/debug and fix your code to make it work properly.
Since this is a part of your custom code -- not a part of my software, I'm limited in how much I can help you.
-
Scott Klement
- Site Admin
- Posts: 872
- Joined: Sun Jul 04, 2021 5:12 am
Re: Get Cipher used in a SSL Connection
As a quick test, I added this code into commsslr4:
This worked perfectly for me -- I did not get any errors, and it displayed the security type and cipher spec on my display.
Code: Select all
D wwBufferPtr s *
D wwBufferLen s 10i 0
D wwBufferData s 1000a based(wwBufferPtr)
D wwSecType s 52a varying
D wwCipher s 52a varying
:
:
c eval rc = gsk_attribute_get_buffer(wwSslh
c : GSK_CONNECT_SEC_TYPE
c : %addr(wwBufferPtr)
c : wwBufferLen)
c if rc = 0 and wwBufferLen > 0
c eval wwSecType = %subst( wwBufferData
c : 1
c : wwBufferLen)
c dsply wwSecType
c endif
c eval rc = gsk_attribute_get_buffer(wwSslh
c : GSK_CONNECT_CIPHER_SPEC_EX
c : %addr(wwBufferPtr)
c : wwBufferLen)
c if rc = 0 and wwBufferLen > 0
c eval wwCipher = %subst( wwBufferData
c : 1
c : wwBufferLen)
c dsply wwCipher
c endif