◆ clientCertificateValidationCallback

std::function<bool(SecTrustRef trust, ConnectionInfoPtr info)> Ice::SSL::SecureTransportServerAuthenticationOptions::clientCertificateValidationCallback

A callback for validating the client certificate chain.

If the verification callback returns false, the connection will be aborted with an Ice::SecurityException.

The client certificate chain is validated using the trust object passed to the callback. When this callback is set, it replaces the default validation callback and must perform all necessary validation steps. If trustedRootCertificates is set, the passed trust object will use them as the anchor certificates for evaluating trust. This setting can be modified by the application using SecTrustSetAnchorCertificates.

Example of setting clientCertificateValidationCallback:

    communicator->createObjectAdapterWithEndpoints(
        "Hello",
        "ssl -h 127.0.0.1 -p 10000",
        Ice::SSL::ServerAuthenticationOptions{
            .clientCertificateRequired = kAlwaysAuthenticate,
            .clientCertificateValidationCallback =
                [](SecTrustRef trust, const Ice::SSL::ConnectionInfoPtr&)
            { return SecTrustEvaluateWithError(trust, nullptr); }});

Parameters

trust	The trust object that contains the client's certificate chain.
info	The connection info object that provides additional connection-related data. The ConnectionInfo type is an alias for the platform-specific connection info class.

Returns: true if the certificate chain is valid and the connection should proceed; false if the certificate chain is invalid and the connection should be aborted.

Exceptions

Ice::SecurityException if the certificate chain is invalid and the connection should be aborted.

See also: SecTrustEvaluateWithError; SSL::OpenSSLConnectionInfo; SSL::SecureTransportConnectionInfo; SSL::SchannelConnectionInfo

Definition at line 190 of file ServerAuthenticationOptions.h.

	Ice 3.8 C++ API Reference