Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
virtual P6R::P6ERR P6R::p6ITcpSecureSocket::populateSSLCredentials ( p6IKeystore pKeystore)
pure virtual

Retrieves the root certificate from the current connections peer and places it in the specified keystore's trusted root namespace (p6r.trustedroot).

This namespace is used by the SSL layer to verify peer certificates.

This can be used to provision a client with the proper root certificate if the connection between the client and the server is trusted in some way. For example a closed lan where both client and server are directly connected.

To use this mechanism to provision a client

  1. Create an insecure SSL client connection to the server (by specifying the P6SSF_VRFY_DISABLEALL flag in the call to p6ITcpSecureSocket::initSecureSocket())
  2. Once the connection has been successfully established, call this method to grab the server's certificate chain and place it in the specified keystore
  3. Close the connection

The keystore you provided will now contain the peers root certificate and can be used for future connections to properly authenticate the server. You must pass the same keystore into the call to initSecureSoccket() that you passed into this method for the new connection.

Note
Specifying the P6SSF_LOG_SSLDEBUG flag to the p6ITcpSecureSocket::initSecureSocket() method will cause this method to emit a debug log line for every certificate that is imported that looks like this: 
09/29/2014-22:06:18:303000 [3910] hostname.example.com debug main (csslengine.cpp:1611)
           SSLEng Import Cert [ eOk ] namespace [ p6r.trustedroot ] subject hash [ f081611a ]
           issuer [ C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority ]
           subject [ OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US ]
Parameters
pKeystore[ in ] A pointer to the the p6IKeystore interface to place the credentials in or NULL to use the global keystore if available. The global keystore service is only available when running under p6Platform. Library products such as SKC do not support the global keystore and this method will fail if this argument is NULL when called from those products.
Returns