serverCredentialsSelectionCallback

std::function<SCH_CREDENTIALS(const std::string& adapterName)> Ice::SSL::SchannelServerAuthenticationOptions::serverCredentialsSelectionCallback

A callback for selecting the server's SSL credentials based on the name of the object adapter that accepts the connection.

This callback is invoked by the SSL transport for each new incoming connection before starting the SSL handshake to determine the appropriate server credentials. The callback must return a SCH_CREDENTIALS that represents the server's credentials. The SSL transport takes ownership of the credentials' paCred and hRootStore members and releases them when the connection is closed.

Parameters

adapterName

The name of the object adapter that accepted the connection.

Returns

The server SSL credentials.

Example of setting serverCertificateSelectionCallback:

    PCCERT_CONTEXT serverCertificateChain{};
    // Load the server certificate chain using Schannel APIs.
    // ...
 
    communicator->createObjectAdapterWithEndpoints(
        "Hello",
        "ssl -h 127.0.0.1 -p 10000",
        Ice::SSL::ServerAuthenticationOptions{
            .serverCredentialsSelectionCallback = [serverCertificateChain](const string&)
            {
                CertDuplicateCertificateContext(serverCertificateChain);
                return SCH_CREDENTIALS{
                    .dwVersion = SCH_CREDENTIALS_VERSION,
                    .cCreds = 1,
                    .paCred = const_cast<PCCERT_CONTEXT*>(&serverCertificateChain)};
            }});
    communicator->waitForShutdown();
 
    // Release the server certificate chain when no longer needed
    CertFreeCertificateContext(serverCertificateChain);

See also

SCH_CREDENTIALS

Definition at line 49 of file ServerAuthenticationOptions.h.