New Winsock Gateway Control - CERT-VALIDATION
From CometWiki
Contents |
New Winsock Gateway (TCP Device) Control - CERT-VALIDATION
As of Comet release 540, a new CERT-VALIDATION control has been added to the Winsock gateway (TCP Device) for managing SSL certificate verification. This control determines how the gateway handles certificates from the host.
Usage
CERT-VALIDATION, like SSL-ENABLE, must be set before connecting to the remote server.
Syntax
result$ = control(LUN, "CERT-VALIDATION value")
Options:
- VERIFY
- VERIFY-AND-ASK (default)
- DONOT-VERIFY
If not specified, or the control is not issued, the default behavior is VERIFY-AND-ASK.
Options
VERIFY
Ensures the certificate is valid before connecting. The connection will fail if verification fails, preventing connections with invalid or broken certificates (recommended for security).
VERIFY-AND-ASK (Default)
Attempts verification and prompts the user if the certificate is invalid. This was the only behavior before Comet 540 and requires user confirmation before proceeding.
DONOT-VERIFY
Skips verification, allowing connections even with invalid certificates. Useful for testing but not recommended for security reasons.
Example
For example, this code enables the SSL protocol, specifies that we will only accept valid certificates, then connects to the server:
open(LUN) "TCP" excp=tcperror result$ = control(LUN, "SSL-ENABLE") print "<<"; strip(result$) result$ = control(LUN, "CERT-VALIDATION VERIFY") print "<<"; strip(result$) result$ = control(LUN, "CONNECT example.com 443", excp=tcperror)
