SQL Server
SQL Server
Examine Client Certificates for an Accepted TLS Connection
See more Socket/SSL/TLS Examples
Demonstrates how to access the client certificates for a TLS connection accepted by your application acting as the server.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This example requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @listenSslSocket int
EXEC @hr = sp_OACreate 'Chilkat.Socket', @listenSslSocket OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
-- An SSL/TLS server needs a digital certificate. This example loads it from a PFX file.
-- This is the server's certificate.
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/serverCert/myServerCert.pfx', 'pfx_password'
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @listenSslSocket
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- To accept client client certificates in the TLS handshake,
-- we must indicate a list of acceptable client certificate root CA DN's
-- that are allowed. (DN is an acronym for Distinguished Name.)
-- Call AddSslAcceptableClientCaDn once for each acceptable CA DN.
-- Here are a few examples so you can see the general format of a DN.
EXEC sp_OAMethod @listenSslSocket, 'AddSslAcceptableClientCaDn', @success OUT, 'C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root'
EXEC sp_OAMethod @listenSslSocket, 'AddSslAcceptableClientCaDn', @success OUT, 'O=Digital Signature Trust Co., CN=DST Root CA X3'
-- Initialize with our server's TLS certificate.
EXEC sp_OAMethod @listenSslSocket, 'InitSslServer', @success OUT, @cert
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @listenSslSocket, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @listenSslSocket
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- Bind and listen on a port:
DECLARE @myPort int
SELECT @myPort = 8123
-- Allow for a max of 5 queued connect requests.
DECLARE @backLog int
SELECT @backLog = 5
EXEC sp_OAMethod @listenSslSocket, 'BindAndListen', @success OUT, @myPort, @backLog
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @listenSslSocket, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @listenSslSocket
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- Accept the next incoming connection.
DECLARE @maxWaitMillisec int
SELECT @maxWaitMillisec = 20000
DECLARE @clientSock int
EXEC @hr = sp_OACreate 'Chilkat.Socket', @clientSock OUT
EXEC sp_OAMethod @listenSslSocket, 'AcceptNext', @success OUT, @maxWaitMillisec, @clientSock
IF @success = 0
BEGIN
EXEC sp_OAGetProperty @listenSslSocket, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @listenSslSocket
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @clientSock
RETURN
END
-- Examine the client certs chain. The 1st cert will be the client certificate, and
-- the subsequent certs will be the certs in the chain of authentication.
DECLARE @numClientCerts int
EXEC sp_OAGetProperty @clientSock, 'NumReceivedClientCerts', @numClientCerts OUT
PRINT 'numClientCerts = ' + @numClientCerts
DECLARE @clientCert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @clientCert OUT
DECLARE @i int
SELECT @i = 0
WHILE @i < @numClientCerts
BEGIN
EXEC sp_OAMethod @clientSock, 'GetRcvdClientCert', @success OUT, @i, @clientCert
EXEC sp_OAGetProperty @clientCert, 'SubjectDN', @sTmp0 OUT
PRINT @sTmp0
SELECT @i = @i + 1
END
-- Close the connection with the client
EXEC sp_OAMethod @clientSock, 'Close', @success OUT, 1000
EXEC @hr = sp_OADestroy @listenSslSocket
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @clientSock
EXEC @hr = sp_OADestroy @clientCert
END
GO