Sample code for 30+ languages & platforms
SQL Server

Examine Client Certificates for an Accepted TLS Connection

See more Socket/SSL/TLS Examples

Demonstrates how to access the client certificates for a TLS connection accepted by your application acting as the server.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @listenSslSocket int
    EXEC @hr = sp_OACreate 'Chilkat.Socket', @listenSslSocket OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- An SSL/TLS server needs a digital certificate.  This example loads it from a PFX file.
    -- This is the server's certificate.

    DECLARE @cert int
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/serverCert/myServerCert.pfx', 'pfx_password'
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @listenSslSocket
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- To accept client client certificates in the TLS handshake,
    -- we must indicate a list of acceptable client certificate root CA DN's
    -- that are allowed.  (DN is an acronym for Distinguished Name.)
    -- Call AddSslAcceptableClientCaDn once for each acceptable CA DN.
    -- Here are a few examples so you can see the general format of a DN.
    EXEC sp_OAMethod @listenSslSocket, 'AddSslAcceptableClientCaDn', @success OUT, 'C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root'
    EXEC sp_OAMethod @listenSslSocket, 'AddSslAcceptableClientCaDn', @success OUT, 'O=Digital Signature Trust Co., CN=DST Root CA X3'

    -- Initialize with our server's TLS certificate.
    EXEC sp_OAMethod @listenSslSocket, 'InitSslServer', @success OUT, @cert
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @listenSslSocket, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @listenSslSocket
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Bind and listen on a port:
    DECLARE @myPort int
    SELECT @myPort = 8123
    -- Allow for a max of 5 queued connect requests.
    DECLARE @backLog int
    SELECT @backLog = 5
    EXEC sp_OAMethod @listenSslSocket, 'BindAndListen', @success OUT, @myPort, @backLog
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @listenSslSocket, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @listenSslSocket
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Accept the next incoming connection.
    DECLARE @maxWaitMillisec int
    SELECT @maxWaitMillisec = 20000

    DECLARE @clientSock int
    EXEC @hr = sp_OACreate 'Chilkat.Socket', @clientSock OUT

    EXEC sp_OAMethod @listenSslSocket, 'AcceptNext', @success OUT, @maxWaitMillisec, @clientSock
    IF @success = 0
      BEGIN
        EXEC sp_OAGetProperty @listenSslSocket, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @listenSslSocket
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @clientSock
        RETURN
      END

    -- Examine the client certs chain.  The 1st cert will be the client certificate, and
    -- the subsequent certs will be the certs in the chain of authentication.
    DECLARE @numClientCerts int
    EXEC sp_OAGetProperty @clientSock, 'NumReceivedClientCerts', @numClientCerts OUT

    PRINT 'numClientCerts = ' + @numClientCerts

    DECLARE @clientCert int
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @clientCert OUT

    DECLARE @i int
    SELECT @i = 0
    WHILE @i < @numClientCerts
      BEGIN
        EXEC sp_OAMethod @clientSock, 'GetRcvdClientCert', @success OUT, @i, @clientCert
        EXEC sp_OAGetProperty @clientCert, 'SubjectDN', @sTmp0 OUT
        PRINT @sTmp0
        SELECT @i = @i + 1
      END

    -- Close the connection with the client
    EXEC sp_OAMethod @clientSock, 'Close', @success OUT, 1000

    EXEC @hr = sp_OADestroy @listenSslSocket
    EXEC @hr = sp_OADestroy @cert
    EXEC @hr = sp_OADestroy @clientSock
    EXEC @hr = sp_OADestroy @clientCert


END
GO