gsk_secure_soc_startInit()--Start asynchronous operation to negotiate a secure session

Syntax

 #include <gskssl.h>
 #include <qsoasync.h>

 int gsk_secure_soc_startInit(gsk_handle my_session_handle,
                              int IOCompletionPort,
                              Qso_OverlappedIO_t * communicationsArea)

  Service Program Name: QSYS/QSOSSLSR

  Default Public Authority: *USE

  Threadsafe: Yes

The gsk_secure_soc_startInit() function is used to initiate an asynchronous negotiation of a secure session, using the attributes set for the SSL environment and the secure session. This API starts the SSL handshake to the remote peer and upon successful completion of QsoWaitForIOCompletion() a secure session is established.

Parameters

my_session_handle (Input)

The handle returned from gsk_secure_soc_open() that will be used to negotiate the secure session.

int IOCompletionPort (Input)

The I/O completion port that should be posted when the operation completes.

Qso_OverlappedIO_t * communicationsArea (Input/Output)

A pointer to a structure that contains the following information:

descriptorHandle

(Input) - The descriptor handle is application specific and is never used by the system. This field is intended to make it easier for the application to keep track of information regarding a given socket connection.

buffer

Not used.

bufferLength

Not used.

postFlag

Not used.

postFlagResult

Not used.

fillBuffer

Not used.

returnValue

(Output) - When the negotiate operation completes asynchronously, this field contains indication of success or failure.

errnoValue

(Output) - When the negotiate operation completes asynchronously and returnValue is GSK_ERROR_IO, this field will contain an errno further defining the failure.

operationCompleted

(Output) - If the operation is posted to the I/O completion port, this field is updated to indicate that the operation was a GSKSECURESOCSTARTINIT.

secureDataTransferSize

Not used.

bytesAvailable

Not used.

operationWaitTime

Not used.

postedDescriptor

Not used - Must be set to zero.

operationId

(Input) - An identifier to uniquely identify this operation or a group of operations. It can be set with the return value from QsoGenerateOperationId() or with an application-defined value.
This value is preserved but ignored by all APIs except QsoCancelOperation() and QsoIsOperationPending().

reserved1

(Output) - Must be set to hexadecimal zeroes.

reserved2

(Input) - Must be set to hexadecimal zeroes.

Authorities

Authorization of *R (allow access to the object) to the certificate store file and its associated files is required. Authorization of *X (allow use of the object) to each directory of the path name of the certificate store file and its associated files is required.

Return Values

gsk_secure_soc_startInit() returns an integer. Possible values are:

GSK_IBMI_ASYNCHRONOUS_SOC_INIT - The function has been started. When the function completes, the Qso_OverlappedIO_t communications structure will be updated with the results and the I/O completion port will be posted.
If the function fails, possible values are:

[GSK_INVALID_HANDLE]

The handle specified was not valid.

[GSK_IBMI_ERROR_NO_INITIALIZE]

A successful gsk_environment_init() was not previously called with this handle.

[GSK_IBMI_ERROR_NOT_TCP]

The socket descriptor type is not SOCK_STREAM or the address family is not AF_INET or AF_INET6.

[GSK_IBMI_ERROR_ALREADY_SECURE]

The socket descriptor is already in use by another secure session.

[GSK_IBMI_ERROR_INVALID_POINTER]

The my_session_handle pointer is not valid.

[GSK_INTERNAL_ERROR]

An unexpected error occurred during SSL processing.

[GSK_IBMI_ERROR_INVALID_OVERLAPPEDIO_T]

The Qso_OverLappedIO_t specified was not valid.

[GSK_IBMI_ERROR_INVALID_IOCOMPLETIONPORT]

The I/O completion port specified was not valid.

[GSK_IBMI_ERROR_BAD_SOCKET_DESCRIPTOR]

The socket descriptor specified within the gsk_handle was not valid.

[GSK_ERROR_NO_RI_INDICATION]

GSK_EXTENDED_RENEGOTIATION_CRITICAL_SERVER or GSK_EXTENDED_RENEGOTIATION_CRITICAL_CLIENT was set to GSK_TRUE and the peer did not provide indication that it supports RFC 5746.

[GSK_ERROR_IO]

An error occured in SSL processing; check the errno value.

Error Conditions

When gsk_secure_soc_startInit() API fails with return code [GSK_ERROR_IO], errno can be set to:

[EIO]: Input/output error.
[EUNATCH]: The protocol required to support the specified address family is not available at this time.

If an errno is returned that is not in this list, see Errno Values for UNIX^®-Type Functions for a description of the errno.

Error Messages

Message ID

Error Message Text

CPE3418 E

Possible APAR condition or hardware failure.

CPF9872 E

Program or service program &1 in library &2 ended. Reason code &3.

CPFA081 E

Unable to set return value or error code.

Usage Notes

The gsk_secure_soc_startInit() function is valid only on sockets that have an address family of AF_INET or AF_INET6 and a socket type of SOCK_STREAM.
The current implemention of the SSL Protocol does not allow gsk_secure_soc_startInit() to complete synchronously. Use gsk_secure_soc_init() if the synchronous behaviour is needed.
When doing the SSL handshake with a GSK_SESSION_TYPE value of GSK_SERVER_SESSION, GSK_SERVER_SESSION_WITH_CL_AUTH, or GSK_SERVER_SESSION_WITH_CL_AUTH_CRITICAL, the GSK_CONNECT_CIPHER_SPEC_EX value will be the first cipher found in GSK_TLSV12_CIPHER_SPECS_EX, GSK_TLSV11_CIPHER_SPECS_EX, GSK_TLSV10_CIPHER_SPECS_EX, GSK_V3_CIPHER_SPECS_EX, and/or GSK_V2_CIPHER_SPECS based upon the protocol level agreed to that was also found in the cipher list provided by the client during the SSL handshake.
When doing the SSL handshake with a GSK_SESSION_TYPE value of GSK_CLIENT_SESSION, the cipher specification list will be sent to the server in the client hello in the order found in the GSK_TLSV12_CIPHER_SPECS_EX, GSK_TLSV11_CIPHER_SPECS_EX, GSK_TLSV10_CIPHER_SPECS_EX, GSK_V3_CIPHER_SPECS_EX and/or GSK_V2_CIPHER_SPECS list, however the value from that list that is negotiated for GSK_CONNECT_CIPHER_SPEC_EX is determined by the server policy.
If gsk_secure_soc_startInit() fails, GSK_LAST_VALIDATION_ERROR may be set to provide additional information on the cause of the failure.
gsk_secure_soc_startInit() may result in one or more secondary external TCP connections being made if OCSP has been enabled or configured.

Related Information

gsk_secure_soc_close()--Close a secure session
gsk_secure_soc_init()--Negotiate a secure session
gsk_secure_soc_misc()--Perform miscellaneous functions for a secure session
gsk_secure_soc_open()--Get a handle for a secure session
gsk_secure_soc_read()--Receive data on a secure session
gsk_secure_soc_write()--Send data on a secure session
gsk_secure_soc_startRecv--Start Asynchronous Recv Operation on a secure session
gsk_secure_soc_startSend--Start Asynchronous Send Operation on a secure session
QsoCancelOperation()--Cancel an I/O Operation
QsoCreateIOCompletionPort()--Create I/O Completion Port
QsoDestroyIOCompletionPort()--Destroy I/O Completion Port
QsoPostIOCompletionPort()--Post Request on I/O Completion Port
QsoWaitForIOCompletion()--Wait for I/O Completion Operation

API introduced: V5R2

Top | UNIX-Type APIs | APIs by category