$Sock Cert Levels: Difference between revisions

Revision as of 19:07, 25 May 2016

Number of levels in partner's certificate

Note: Most Sirius $functions have been deprecated in favor of Object Oriented methods. The OO equivalent for $Sock_Cert_Levels is the CertLevels method.

$Sock_Cert_Levels retrieves the number of levels of the certificate provided on a socket by the remote partner.

Syntax

%num = $Sock_Cert_Levels(socket)

Syntax terms

%num	The number of levels in the certificate provided by the remote partner.
socket	A string that is the socket identifier.

Usage notes

For an SSL connection where the client sent a certificate, $Sock_Cert_Levels will return a number greater than 0:
- Level 0 of a certificate always contains the client information.
- Level 1 contains the information for the "signer" of the client certificate.
- Level 2 would contain information for the "signer" of the level 1 signer's certificate, and so on.
Since all certificates accepted by Janus Network Security must be signed, $Sock_Cert_Levels is always greater than or equal to 2, if non-zero. Level 3 indicates a certificate that includes an intermediate certificate.
For information on the data that can be retrieved for each certificate level see $Sock_Cert_Info. To learn more about client certificates, see the Janus Network Security Reference Manual.
$Sock_Cert_Levels returns the value -1 if the socket is not open and ONRESET CONTINUE is in effect for the socket.
A $Sock_Cert_Levels call may cause an SSL renegotiation in order to request a digital certificate from the client. See this $Sock_Cert_Info usage note.

Example

The following statement returns the number of levels of the certificate received from the partner using the server socket (SRVSOCK):

%count = $Sock_Cert_Levels(1)

@@ Line 22: / Line 22: @@
 <li>For an SSL connection where the client sent a certificate, <var>$Sock_Cert_Levels</var> will return a number greater than 0:
 <ul>
-<li>Level 0 of a certificate always contains the client information.
+<li>Level 0 of a certificate always contains the client information. </li>
-<li>Level 1 contains the information for the "signer" of the client certificate.
-<li>Level 2 would contain information for the "signer" of the level 1 signer's certificate, and so on.
+<li>Level 1 contains the information for the "signer" of the client certificate. </li>
+<li>Level 2 would contain information for the "signer" of the level 1 signer's certificate, and so on. </li>
 </ul>
 Since all certificates accepted by <var class="product">Janus Network Security</var> must be signed, <var>$Sock_Cert_Levels</var> is always greater than or equal to 2, if non-zero. Level 3 indicates a certificate that includes an intermediate certificate.
-For information on the data that can be retrieved for each certificate level see <var>[[$Sock_Cert_Info]]</var>. To learn more about client certificates, see the <i>[http://www.sirius-software.com/maint/download/jansslr.pdf Janus Network Security Reference Manual]</i>.
+For information on the data that can be retrieved for each certificate level see <var>[[$Sock_Cert_Info]]</var>. To learn more about client certificates, see the <var class="book">[[Media:JansslrNew.pdf|Janus Network Security Reference Manual]]</var>. </li>
-<li><var>$Sock_Cert_Levels</var> returns the value -1 if the socket is not open and <code>ONRESET CONTINUE</code> is in effect for the socket.
-<li>A <var>$Sock_Cert_Levels</var> call may cause an SSL renegotiation in order to request a digital certificate from the client. See [[$Sock_Cert_Info#renegotiate|this]] <var>$Sock_Cert_Info</var> usage note.
+<li><var>$Sock_Cert_Levels</var> returns the value -1 if the socket is not open and <code>ONRESET CONTINUE</code> is in effect for the socket. </li>
+<li>A <var>$Sock_Cert_Levels</var> call may cause an SSL renegotiation in order to request a digital certificate from the client. See [[$Sock_Cert_Info#renegotiate|this]] <var>$Sock_Cert_Info</var> usage note. </li>
 </ul>