ClientCertificate (System function)

From m204wiki
Jump to navigation Jump to search

Get client certificate (System class)

[Introduced in Sirius Mods 8.0]

The ClientCertificate function returns to a Janus server a Longstring that contains the binary content of a client SSL certificate.


%string = %(System):ClientCertificate[( [RequestCertificate= boolean])] Throws NotJanusConnection

Syntax terms

%string This Longstring contains a copy of the binary, ASN.1 encoded, content of the SSL certificate presented by this server's client. If no client certificate is provided (possibly because the port is not using SSL, or the certificate was already provided), %string is a null string.
%(System) The class name in parentheses denotes a shared method. ClientCertificate can also be invoked via a System object variable, which may be null.
RequestCertificate This name required argument is a Boolean enumeration. If True, a certificate is requested from the client at the time of the method call. If False, no certificate is requested.

Usage notes

  • This method can be used only on a Janus Web Server, Janus Telnet Server, or Janus Sockets Server thread. If used on any other kind of thread, it throws a NotJanusConnection exception.
  • Specifying RequestCertificate=True only has an effect on a Janus SSL port whose definition does not include SSLCLCERT or SSLCLCERTR. These parameters request a client certificate at connection-establishment time, and a client certificate may only be requested once for an SSL session (whether or not the request successfully gets a certificate in return).


Probably the best way to examine the contents of the client certificate is by using the X509CertificateToXmlDoc String method to convert the Longstring containing the client certificate to an XmlDoc, as in the following:

%doc is object xmlDoc %ls is longstring %doc is object xmlDoc %node is object xmlNode ... %ls = %(system):clientCertificate if %ls:length then %doc = %ls:x509CertificateToXmlDoc %node = %doc:selectSingleNode('/Certificate/tbsCertificate/subject') if %node:value('RelativeDistinguishedName/commonName') ne "" then $web_done(403, "Forbidden") stop end if end if

See also

System methods:

Stringlist methods:

String methods:

Socket methods:

HttpRequest methods:

Background information: