z/TPF

z/TPF

z/TPF

The z/TPF group is dedicated to sharing news, knowledge, and insights about the z/TPF product family. Consisting of IBMers and users, this community collaborates to advance the potential of high-volume, high-throughput transaction technology.

 View Only

Shared SSL API to access fields in a peer SSL certificate (APAR PJ46229)

By Mark Cooper posted Thu September 03, 2020 05:41 PM

  
The shared SSL API to access fields in a peer SSL certificate provides a z/TPF-unique shared SSL API that you can use to get critical values from the peer SSL certificate to help satisfy security audits.

Previously, z/TPF applications that used shared SSL could access only a subset of the fields from the peer SSL certificate. With the SSL_get_peer_certificate_FQDN function, applications can access the domain names in the subject alternative name extension area of the peer certificate. With the SSL_get_peer_certificate_subject_info function, applications can access the subject information of the peer certificate. However, there are other fields in the subject alternative name extension area that are required to satisfy company security audits, such as email or URI, that could not be accessed. Similarly, the serial number of the certificate, which might be used to validate whether a certificate is valid, could not be accessed.

APAR PJ46229 provides support for a z/TPF-unique shared SSL function that you can use to access additional fields in the peer certificate for a shared SSL session. You can use the SSL_get_peer_certificate_FIELD function to access any subject alternative name extension field, as well as the serial number of the certificate. With this function, you can better protect your systems and meet company security audits when SSL connections are established to the z/TPF system.

For more information about APAR PJ46229, see the APEDIT.
0 comments
18 views

Permalink

https://community.ibm.com/community/user/blogs/mark-cooper1/2020/09/03/shared-ssl-api-pj46229