New Winsock Gateway Control - CERT-VALIDATION
From CometWiki
(Created page with "== New Winsock Gateway (TCP Device) Control - CERT-VALIDATION == A new CERT-VALIDATION control has been added to the winsock gateway (TCP Device) for managing SSL certificate ve...") |
|||
| Line 1: | Line 1: | ||
== New Winsock Gateway (TCP Device) Control - CERT-VALIDATION == | == New Winsock Gateway (TCP Device) Control - CERT-VALIDATION == | ||
| - | + | As of Comet release 540, a new '''CERT-VALIDATION''' control has been added to the Winsock gateway (TCP Device) for managing SSL certificate verification. This control determines how the gateway handles certificates from the host. | |
=== Usage === | === Usage === | ||
| - | + | '''CERT-VALIDATION''', like '''SSL-ENABLE''', must be set before connecting to the remote server. | |
| - | + | ==== Syntax ==== | |
| - | + | result$ = control(LUN, "CERT-VALIDATION value") | |
| - | + | Options: | |
| - | + | ||
| - | + | ||
| - | + | *'''VERIFY''' | |
| + | *'''VERIFY-AND-ASK''' (default) | ||
| + | *'''DONOT-VERIFY''' | ||
| - | + | If not specified, or the control is not issued, the default behavior is '''VERIFY-AND-ASK'''. | |
| - | ==== | + | ==== Options ==== |
| - | VERIFY | + | VERIFY |
| - | + | Ensures the certificate is valid before connecting. The connection will fail if verification fails, preventing connections with invalid or broken certificates (recommended for security). | |
| - | + | VERIFY-AND-ASK (Default) | |
| - | + | Attempts verification and prompts the user if the certificate is invalid. This was the only behavior before Comet 540 and requires user confirmation before proceeding. | |
| - | + | DONOT-VERIFY | |
| - | + | Skips verification, allowing connections even with invalid certificates. Useful for testing but not recommended for security reasons. | |
| - | === | + | === Example === |
| - | + | For example, this code enables the SSL protocol, specifies that we will only accept valid certificates, then connects to the server: | |
| - | + | open(LUN) "TCP" excp=tcperror | |
| + | |||
| + | result$ = control(LUN, "SSL-ENABLE") | ||
| + | print "<<"; strip(result$) | ||
| + | |||
| + | result$ = control(LUN, "CERT-VALIDATION VERIFY") | ||
| + | print "<<"; strip(result$) | ||
| + | |||
| + | result$ = control(LUN, "CONNECT example.com 443", excp=tcperror) | ||
Revision as of 00:49, 16 March 2025
Contents |
New Winsock Gateway (TCP Device) Control - CERT-VALIDATION
As of Comet release 540, a new CERT-VALIDATION control has been added to the Winsock gateway (TCP Device) for managing SSL certificate verification. This control determines how the gateway handles certificates from the host.
Usage
CERT-VALIDATION, like SSL-ENABLE, must be set before connecting to the remote server.
Syntax
result$ = control(LUN, "CERT-VALIDATION value")
Options:
- VERIFY
- VERIFY-AND-ASK (default)
- DONOT-VERIFY
If not specified, or the control is not issued, the default behavior is VERIFY-AND-ASK.
Options
VERIFY
Ensures the certificate is valid before connecting. The connection will fail if verification fails, preventing connections with invalid or broken certificates (recommended for security).
VERIFY-AND-ASK (Default)
Attempts verification and prompts the user if the certificate is invalid. This was the only behavior before Comet 540 and requires user confirmation before proceeding.
DONOT-VERIFY
Skips verification, allowing connections even with invalid certificates. Useful for testing but not recommended for security reasons.
Example
For example, this code enables the SSL protocol, specifies that we will only accept valid certificates, then connects to the server:
open(LUN) "TCP" excp=tcperror result$ = control(LUN, "SSL-ENABLE") print "<<"; strip(result$) result$ = control(LUN, "CERT-VALIDATION VERIFY") print "<<"; strip(result$) result$ = control(LUN, "CONNECT example.com 443", excp=tcperror)
