clientCredentialsSelectionCallback

std::function<SCH_CREDENTIALS(const std::string& host)> Ice::SSL::SchannelClientAuthenticationOptions::clientCredentialsSelectionCallback

A callback for selecting the client's SSL credentials based on the target host name.

This callback is invoked by the SSL transport for each new outgoing connection before starting the SSL handshake to determine the appropriate client credentials. The callback must return a SCH_CREDENTIALS that represents the client's credentials. The SSL transport takes ownership of the credentials' paCred and hRootStore members and releases them when the connection is closed.

Parameters

host	The target host name.

Returns

The client SSL credentials.

Example of setting clientCertificateSelectionCallback:

    PCCERT_CONTEXT clientCertificateChain{};
    // Load the server certificate chain using Schannel APIs.
    // ...
 
    auto initData = Ice::InitializationData{
        .clientAuthenticationOptions = Ice::SSL::ClientAuthenticationOptions{
            .clientCredentialsSelectionCallback =
                [clientCertificateChain](const std::string&)
            {
                CertDuplicateCertificateContext(clientCertificateChain);
                return SCH_CREDENTIALS{
                    .dwVersion = SCH_CREDENTIALS_VERSION,
                    .cCreds = 1,
                    .paCred = const_cast<PCCERT_CONTEXT*>(&clientCertificateChain)};
            }}};
    auto communicator = Ice::initialize(initData);
 
    // Release the client certificate chain when no longer needed
    CertFreeCertificateContext(clientCertificateChain);

See also

SCH_CREDENTIALS

Definition at line 48 of file ClientAuthenticationOptions.h.