serverCertificateSelectionCallback

std::function<CFArrayRef(const std::string& adapterName)> Ice::SSL::SecureTransportServerAuthenticationOptions::serverCertificateSelectionCallback

A callback for selecting the server's SSL certificate chain based on the name of the object adapter that accepts the connection.

This callback is invoked by the SSL transport for each new incoming connection before starting the SSL handshake to determine the appropriate server certificate chain. The callback must return a CFArrayRef that represents the server's certificate chain, or nullptr if no certificate chain should be used for the connection. The SSL transport takes ownership of the returned CFArrayRef and releases it when the connection is closed.

Parameters

adapterName

The name of the object adapter that accepted the connection.

Returns

A CFArrayRef containing the server's certificate chain, or nullptr to indicate that no certificate is used.

Example of setting serverCertificateSelectionCallback:

    CFArrayRef serverCertificateChain = {};
    // Load the server certificate chain from the keychain using SecureTransport
    // APIs.
    communicator->createObjectAdapterWithEndpoints(
        "Hello",
        "ssl -h 127.0.0.1 -p 10000",
        Ice::SSL::ServerAuthenticationOptions{
            .serverCertificateSelectionCallback =
                [serverCertificateChain](const std::string&)
            {
                // Retain the server certificate chain to ensure it remains
                // valid for the duration of the connection. The SSL transport
                // will release it after closing the connection.
                CFRetain(serverCertificateChain);
                return serverCertificateChain;
            }});
    communicator->waitForShutdown();
    // Release the CFArrayRef when no longer needed
    CFRelease(serverCertificateChain);

See the SSLSetCertificate documentation for requirements on the certificate chain format.

Definition at line 127 of file ServerAuthenticationOptions.h.