39
39
order to force libcurl enums of being type int (the pragma disposition in use
40
40
before inclusion is restored before resuming the including unit compilation).
42
Three SSL implementations were present in libcurl. Nevertheless, none of them
43
is available on OS/400. To support SSL on OS/400, a fourth implementation has
44
been added (qssl.[ch]). There is no way to have different certificate stores
45
for CAs and for personal/application certificates/key. More, the SSL context
46
may be defined as an application identifier in the main certificate store,
47
or as a keyring file. As a consequence, the meaning of some fields have been
49
_ The "certificate identifier" is taken from CURLOPT_SSLCERT if defined, else
51
_ The certificate identifier is then used as an application identifier in the
52
main certificate store. If successful, this context is used.
53
_ If the previous step failed, the certificate identifier is used as the file
54
name of a keyring. CURLOPT_KEYPASSWD is used here as the keyring password.
55
_ The default ca-bundle (CURLOPT_CAINFO) is set to the main certificate store's
56
keyring file name: this allows to use the system global CAs by default. (In that
57
case, the keyring password is safely recovered from the system... IBM dixit!)
42
Two SSL implementations are available to libcurl on OS/400: QsoSSL which is
43
obsolescent, does not support asynchronous I/O and only allows a single SSL
44
context within a job, and GSKit that does not suffer from these limitations
45
and is able to provide some information about the server certificate.
46
Both implementations of SSL are working on "certificate stores" or keyrings,
47
rather than individual certificate/key files. Certificate stores, as weel as
48
"certificate labels" are managed by external IBM-defined applications.
49
There are two ways to specify an SSL context:
50
- By an application identifier.
51
- By a keyring file pathname and (optionally) certificate label.
52
To identify an SSL context by application identifier, use option
53
SETOPT_SSLCERT to specify the application identifier.
54
To address an SSL context by keyring and certificate label, use CURLOPT_CAINFO
55
to set-up the keyring pathname, CURLOPT_SSLCERT to define the certificate label
56
(omitting it will cause the default certificate in keyring to be used) and
57
CURLOPT_KEYPASSWD to give the keyring password. If SSL is used without
58
defining any of these options, the default (i.e.: system) keyring is used for
59
server certificate validation.
59
61
Non-standard EBCDIC wrapper prototypes are defined in an additional header
60
62
file: ccsidcurl.h. These should be self-explanatory to an OS/400-aware
154
156
CURLINFO_PRIMARY_IP
155
157
CURLINFO_RTSP_SESSION_ID
156
158
CURLINFO_LOCAL_IP
159
Likewise, the following options are followed by a struct curl_slist * * and a
163
Lists returned should be released with curl_slist_free_all() after use.
164
Option CURLINFO_CERTINFO is followed by a struct curl_certinfo * * and a
165
CCSID. Returned structures sould be free'ed using curl_certinfo_free_all() after
157
167
Other options are processed like in curl_easy_getinfo().
159
169
Standard compilation environment does support neither autotools nor make;
200
210
_ Install the curl source directory in IFS.
201
211
_ Enter shell (QSH)
202
212
_ Change current directory to the curl installation directory
213
- If the SSL backend has to be changed, edit file lib/config-os400.h
203
215
_ Change current directory to ./packages/OS400
204
216
_ Edit file iniscript.sh. You may want to change tunable configuration
205
217
parameters, like debug info generation, optimisation level, listing option,