Manualshelf

HP-UX C SIP Stack Programmer's Guide (Novembery 2007)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
331332333334335336337338339340
Working with the Transport Layer 315
SIP Stack and TLS
RvSipTransportTlsEngineAddTrustedCA()
A TLS engine can trust zero, one or more root certificates. Once an engine trusts
a root certificate, it will approve all valid certificates issued by that root
certificate. Trusted certificates are (usually) root certificates. You add trusted
certificates to an engine by using RvSipTransportTlsEngineAddTrustedCA()
after the engine has been constructed.
RvSipTransportTlsEngineAddCertificateToChain()
An engine may hold a certificate that is not issued directly by a root certificate,
but by a certificate authority delegated by that root certificate. To add this
intermediate certificate to the chain of certificates that the engine will present
during a handshake, use RvSipTransportTlsEngineAddCertificateToChain()
after the engine has been constructed.
Sample Code
The following sample shows how to initialize a “server” TLS engine that will
display certificates upon request.
Note In all code examples in this chapter, openSSL is used to load and
manipulate certificates and key files. Other means of key and certificate loading
can also be used.
Sample Code
/*=========================================================================================*/
#include <openssl/ssl.h>
#define SERVER_KEY_N_CERT_FILE "server.keyAndCert.pem"
static RvSipTransportMgrHandle g_hTransportMgr;
static void InitTlsSecurity()
{
RvStatus rv = RV_OK;
BIO *inKey = NULL;
BIO *inCert = NULL;
EVP_PKEY *pkey = NULL;
X509 *x509 = NULL;
RvSipTransportTlsEngineCfg TlsEngineCfg;
RvChar privKey[STRING_SIZE]= {'\0'};