gsk_attribute_set_numeric_value()

Sets a numeric value.

Format

   #include <gskssl.h>

   gsk_status gsk_attribute_set_numeric_value (
                                                gsk_handle     ssl_handle,
                                                GSK_NUM_ID     num_id,
                                                int            num_value)

Parameters

ssl_handle: Specifies an SSL environment handle returned by gsk_environment_open() or an SSL connection handle returned by gsk_secure_socket_open().
num_id: Specifies the numeric identifier.
num_value: Specifies the numeric value.

Results

The function return value will be 0 (GSK_OK) if no error is detected. Otherwise, it will be one of the return codes listed in the gskssl.h include file. These are some possible errors:

[GSK_ATTRIBUTE_INVALID_ID]: The numeric identifier is not valid or cannot be used with the specified handle.
[GSK_ATTRIBUTE_INVALID_NUMERIC_VALUE]: The numeric value is not within the valid range.
[GSK_INVALID_HANDLE]: The handle is not valid.
[GSK_INVALID_STATE]: The environment or connection is not in the open state.

Usage

The gsk_attribute_set_numeric_value() routine sets a numeric value for an SSL environment or an SSL connection. The environment or connection must be in the open state and not in the initialized state (that is, gsk_environment_init() or gsk_secure_socket_init() has not been called).

These numeric identifiers are supported:

GSK_CRL_CACHE_ENTRY_MAXSIZE

Sets the maximum size in bytes of a CRL that is allowed to be stored in the LDAP CRL cache. Any CRLs larger than this size are not cached. The valid cache entry sizes are 0 through 2147483647. The default is 0, which means there is no limit on the size of the CRL stored in the LDAP CRL cache.

GSK_CRL_CACHE_ENTRY_MAXSIZE can be specified only for an SSL environment.

GSK_CRL_CACHE_SIZE

Sets the maximum number of CRLs that are allowed to be stored in the LDAP CRL cache. The valid cache sizes are -1 through 32000. If LDAP extended CRL cache support is enabled, the default is 32 and CRLs are only cached if they contain an expiration time that is later than the current time. If LDAP basic CRL cache support is enabled, the default is -1 (which is unlimited) and caching only occurs if GSK_CRL_CACHE_TIMEOUT is set to a value greater than 0. A value of 0 for GSK_CRL_CACHE_SIZE means that LDAP CRL caching is not enabled.

GSK_CRL_CACHE_SIZE can be specified only for an SSL environment.

GSK_CRL_CACHE_TEMP_CRL_TIMEOUT

Sets the time in hours that a temporary CRL cache entry resides in the LDAP CRL cache. A temporary LDAP CRL cache entry is added to the LDAP CRL cache when the CRL does not reside on the LDAP server. The range is 1-720 hours and defaults to 24 hours.

Note: This support is only available when LDAP extended CRL cache support is activated and caching of temporary CRLs is enabled.

GSK_CRL_CACHE_TEMP_CRL_TIMEOUT can be specified only for an SSL environment.

GSK_CRL_CACHE_TIMEOUT

Sets the LDAP basic CRL cache timeout. This is the number of hours that a cached CRL remains valid in the LDAP basic CRL cache. The range is 0-720 and defaults to 24. A value of 0 disables LDAP CRL caching.

GSK_CRL_CACHE_TIMEOUT can be specified only for an SSL environment.

GSK_FD

Sets the socket descriptor for network operations. GSK_FD can be specified only for an SSL connection. The socket must not be closed until the gsk_secure_socket_close() routine has been called to terminate the secure connection.

GSK_HTTP_CDP_CACHE_ENTRY_MAXSIZE

Sets the maximum size in bytes of a CRL that is allowed to be stored in the HTTP CDP CRL cache. Any CRLs larger than this size are not cached. The valid sizes are 0 through 2147483647. The default is 0, which means there is no limit on the size of the CRL stored in the HTTP CDP CRL cache.

GSK_HTTP_CDP_CACHE_ENTRY_MAXSIZE can be specified only for an SSL environment.

GSK_HTTP_CDP_CACHE_SIZE

Sets the maximum number of CRLs that are allowed to be stored in the HTTP CDP CRL cache. The valid sizes are 0 through 32000. The default is 32 and a value of 0 means that HTTP CDP CRL caching is disabled.

GSK_HTTP_CDP_CACHE_SIZE can be specified only for an SSL environment.

GSK_HTTP_CDP_MAX_RESPONSE_SIZE

Sets the maximum size in bytes accepted as a response from an HTTP server when retrieving a CRL. The valid sizes are 0 through 2147483647. A value of 0 will disable checking the size and allow a CRL of any size. Setting the maximum response size too small could implicitly disable HTTP CRL support. The default is 204800 (200K).

GSK_HTTP_CDP_MAX_RESPONSE_SIZE can be specified only for an SSL environment.

GSK_HTTP_CDP_PROXY_SERVER_PORT

Sets the HTTP proxy server port for HTTP CDP CRL retrieval. The port must be between 1 and 65535. Port 80 is used if no HTTP proxy server port is set.

GSK_HTTP_CDP_PROXY_SERVER_PORT can be specified only for an SSL environment.

GSK_HTTP_CDP_RESPONSE_TIMEOUT

Sets the time in seconds to wait for a complete response from the HTTP server. The valid time limits are 0 through 43200 seconds (12 hours). The default is 15 seconds and a value of 0 means there is no time limit for HTTP CRL retrievals.

GSK_HTTP_CDP_RESPONSE_TIMEOUT can be specified only for an SSL environment.

GSK_LDAP_RESPONSE_TIMEOUT

Sets the time in seconds to wait for a response from the LDAP server. The valid time limits are 0 through 43200 seconds (12 hours). The default is 15 seconds and a value of 0 means that there is no time limit for LDAP CRL retrievals.

GSK_LDAP_RESPONSE_TIMEOUT can be specified only for an SSL environment.

GSK_LDAP_SERVER_PORT

Sets the LDAP server port. The port must be between 1 and 65535. Port 389 will be used if no LDAP server port is set.

GSK_LDAP_SERVER_PORT can be specified only for an SSL environment.

GSK_MAX_SOURCE_REV_EXT_LOC_VALUES

Sets the maximum number of locations values that will be contacted per HTTP CDP or AIA extension when attempting validation of a certificate. The locations for revocation information are specified by the accessLocation in the AIA certificate extension for OCSP and the distributionPoint in the CDP extension for HTTP CRLs. When an HTTP URI is present in an AIA or CDP extension, validation will attempt to contact the remote HTTP server to obtain revocation information. Both of these extensions can contain multiple location values and therefore have the potential to impact performance when there are a very large number of locations present. The valid values are 0 through 256. The default value is 10 and a value of 0 indicates there is no limit on the number of locations contacted.

GSK_MAX_SOURCE_REV_EXT_LOC_VALUES can be specified only for an SSL environment.

GSK_MAX_VALIDATION_REV_EXT_LOC_VALUES

Sets the maximum number of location values that will be contacted when performing validation of a certificate. The locations for revocation information are specified by the accessLocation in the AIA certificate extension for OCSP and the distributionPoint in the CDP extension for HTTP CRLs. When an HTTP URI is present in an AIA or CDP extension, validation will attempt to contact the remote HTTP server to obtain revocation information. Both of these extensions can contain multiple location values and therefore has the potential to negatively impact performance when there are a very large number of locations present. The valid values are 0 through 1024. The default value for this option is 100 and a value of 0 indicates there is no limit on the number of locations contacted.

GSK_MAX_VALIDATION_REV_EXT_LOC_VALUES can be specified only for an SSL environment.

GSK_OCSP_CLIENT_CACHE_ENTRY_MAXSIZE

Sets the maximum number of OCSP responses or cached certificate statuses that are allowed to be kept in the OCSP response cache for an issuing CA certificate. The valid sizes are 0 through 32000 and must be less than or equal to the size specified for GSK_OCSP_CLIENT_CACHE_SIZE. By default, the size is set to 0 which means there is no limit on the number of cached certificate statuses allowed for a specific issuing CA certificate other than the limit imposed by GSK_OCSP_CLIENT_CACHE_SIZE.

Note: GSK_OCSP_CLIENT_CACHE_SIZE specifies the total number of cached certificate statuses allowed in the entire OCSP cache.

If this count is exceeded, any expired certificate statuses are first removed. If there are no expired certificate statuses that have the same issuing CA certificate, the certificate status that is closest to the expiration time is removed first. This cache size is rounded up to the nearest multiple of 16 with a minimum size of 16.

GSK_OCSP_CLIENT_CACHE_ENTRY_MAXSIZE can be specified only for an SSL environment.

GSK_OCSP_CLIENT_CACHE_SIZE

Sets the maximum number of OCSP responses or cached certificate statuses to be kept in the OCSP response cache. The valid cache sizes are 0 through 32000 and defaults to 256. The OCSP response cache will be disabled if 0 is specified. The OCSP response cache will be allocated using the requested size rounded up to the nearest multiple of 16 with a minimum size of 16.

GSK_OCSP_CLIENT_CACHE_SIZE can be specified only for an SSL environment.

GSK_OCSP_MAX_RESPONSE_SIZE

Sets the maximum size in bytes allowed in a response from an OCSP responder. The valid response sizes are 0 through 2147483647 and defaults to 20480. A value of 0 will disable checking the size and allows an OCSP response of any size. Setting the maximum response size too small could implicitly disable OCSP support.

GSK_OCSP_MAX_RESPONSE_SIZE can be specified only for an SSL environment.

GSK_OCSP_NONCE_SIZE

Sets the size in bytes for the value of the nonce to be sent in OCSP requests.

The valid nonce sizes are 8 through 256 and defaults to 8.

GSK_OCSP_NONCE_SIZE can be specified only for an SSL environment.

GSK_OCSP_PROXY_SERVER_PORT

Sets the OCSP responder port for the proxy. The port must be between 1 and 65535. Port 80 is used if no OCSP proxy server port is set.

GSK_OCSP_PROXY_SERVER_PORT can be specified only for an SSL environment.

GSK_OCSP_RESPONSE_TIMEOUT

Sets the time in seconds to wait for a complete response from the OCSP responder. The valid time limits are 0 through 43200 seconds (12 hours) and defaults to 15 seconds. A value of 0 indicates there is no time limit for the retrieval of the OCSP response.

GSK_OCSP_RESPONSE_TIMEOUT can be specified only for an SSL environment.

GSK_PEER_DH_MIN_KEY_SIZE

Sets the minimum allowed X.509 certificate Diffie-Hellman key size for the peer end-entity certificate. GSK_PEER_DH_MIN_KEY_SIZE can be specified only for an SSL environment.

GSK_PEER_DSA_MIN_KEY_SIZE

Sets the minimum allowed X.509 certificate DSA key size for the peer end-entity certificate. GSK_PEER_DSA_MIN_KEY_SIZE can be specified only for an SSL environment.

GSK_PEER_ECC_MIN_KEY_SIZE

Sets the minimum allowed X.509 certificate ECC key size for the peer end-entity certificate. GSK_PEER_ECC_MIN_KEY_SIZE can be specified only for an SSL environment.

GSK_PEER_RSA_MIN_KEY_SIZE

Sets the minimum allowed X.509 certificate RSA key size for the peer end-entity certificate. GSK_PEER_RSA_MIN_KEY_SIZE can be specified only for an SSL environment.

GSK_V2_SESSION_TIMEOUT

Sets the SSL Version 2 session timeout. This is the number of seconds until an SSL V2 session identifier expires. The range is 0-100 and defaults to 100. System SSL remembers SSL V2 session identifiers for this amount of time. This reduces the amount of data exchanged during the SSL handshake when a complete initial handshake is performed. Session identifiers are not remembered if a value of 0 is specified.

GSK_V2_SESSION_TIMEOUT can be specified only for an SSL environment.

GSK_V2_SIDCACHE_SIZE

Sets the size of the SSL Version 2 session identifier cache. The oldest entry is removed when the cache is full to add a new entry. The range is 0-32000 and defaults to 256. Session identifiers are not remembered if a value of 0 is specified. The session identifier cache is allocated using the requested size rounded up to a power of 2 with a minimum size of 16.

GSK_V2_SIDCACHE_SIZE can be specified only for an SSL environment.

GSK_V3_SESSION_TIMEOUT

Sets the session timeout for the SSL V3, TLS V1.0, or higher protocols. This is the number of seconds until an SSL V3 session identifier expires. The range is 0-86400 and defaults to 86400. System SSL remembers session identifiers for this amount of time. This reduces the amount of data exchanged during the SSL handshake when a complete initial handshake has already been performed. Session identifiers are not remembered if a value of 0 is specified.

GSK_V3_SESSION_TIMEOUT can be specified only for an SSL environment.

GSK_V3_SIDCACHE_SIZE

Sets the size of the SSL Version 3 session identifier cache. The oldest entry will be removed when the cache is full to add a new entry. The range is 0-64000 and defaults to 512. Session identifiers are not remembered if a value of 0 is specified. The SSL V3 session cache is used for the SSL V3, TLS V1.0, or higher protocols. The session identifier cache is allocated by using the requested size rounded up to a power of 2 with a minimum size of 16.

GSK_V3_SIDCACHE_SIZE can be specified only for an SSL environment.