clientCertificateSelectionCallback

std::function<CFArrayRef(const std::string& host)> Ice::SSL::SecureTransportClientAuthenticationOptions::clientCertificateSelectionCallback

A callback for selecting the client's SSL certificate chain based on the target host name.

This callback is invoked by the SSL transport for each new outgoing connection before starting the SSL handshake to determine the appropriate client certificate chain. The callback must return a CFArrayRef that represents the client's certificate chain, or nullptr if no certificate chain should be used for the connection. The SSL transport takes ownership of the returned CFArrayRef and releases it when the connection is closed.

Parameters

host	The target host name.

Returns

A CFArrayRef containing the client's certificate chain, or nullptr to indicate that no certificate is used.

Example of setting clientCertificateSelectionCallback:

    CFArrayRef clientCertificateChain = {};
    // Load the client certificate chain from the keychain using SecureTransport
    // APIs.
    auto initData = Ice::InitializationData{
        .clientAuthenticationOptions = Ice::SSL::ClientAuthenticationOptions{
            .clientCertificateSelectionCallback =
                [clientCertificateChain](const std::string&)
            {
                // Retain the client certificate chain to ensure it remains
                // valid for the duration of the connection. The SSL transport
                // will release it after closing the connection.
                CFRetain(clientCertificateChain);
                return clientCertificateChain;
            }}};
    auto communicator = Ice::initialize(initData);
    // ...
    CFRelease(clientCertificateChain); // Release the CFArrayRef when no longer needed

See the SSLSetCertificate documentation for requirements on the certificate chain format.

Definition at line 122 of file ClientAuthenticationOptions.h.