Ice 3.8
C++ API Reference
Loading...
Searching...
No Matches

◆ clientCredentialsSelectionCallback

std::function<SCH_CREDENTIALS(const std::string& host)> Ice::SSL::SchannelClientAuthenticationOptions::clientCredentialsSelectionCallback

A callback for selecting the client's SSL credentials based on the target host name.

This callback is invoked by the SSL transport for each new outgoing connection before starting the SSL handshake to determine the appropriate client credentials. The callback must return a SCH_CREDENTIALS that represents the client's credentials. The returned credentials are passed to AcquireCredentialsHandle to create the credential handle for the connection; see the Schannel documentation for details on the available fields. The SSL transport takes ownership of the credentials' paCred and hRootStore members and releases them when the connection is closed.

Certificate validation is not performed through the returned credentials. Use trustedRootCertificates or serverCertificateValidationCallback instead.

Parameters
hostThe target host name.
Returns
The client SSL credentials.

Example of setting clientCertificateSelectionCallback:

PCCERT_CONTEXT clientCertificateChain{};
// Load the server certificate chain using Schannel APIs.
// ...
auto initData = Ice::InitializationData{
.clientAuthenticationOptions = Ice::SSL::ClientAuthenticationOptions{
.clientCredentialsSelectionCallback =
[clientCertificateChain](const std::string&)
{
CertDuplicateCertificateContext(clientCertificateChain);
return SCH_CREDENTIALS{
.dwVersion = SCH_CREDENTIALS_VERSION,
.cCreds = 1,
.paCred = const_cast<PCCERT_CONTEXT*>(&clientCertificateChain)};
}}};
auto communicator = Ice::initialize(initData);
// Release the client certificate chain when no longer needed
CertFreeCertificateContext(clientCertificateChain);
See also
SCH_CREDENTIALS
AcquireCredentialsHandle

Definition at line 56 of file ClientAuthenticationOptions.h.