There is a new class in EAServer 6.0 called com.sybase.djc.security.SSLGlobalProperties, which can be invoked in two ways:
SSLGlobalProperties.callBackImpl=foo
In this case, foo is the fully qualified name for the class implementing the SSLCallBack interface, or
SSLGlobalProperties.callBackImpl=foo/bar
In this case, foo/bar refers to a component residing in the server.
You must use the Certicom library to use this SSLCallBack.
The EAServer SSL client runtime earlier than version 5.2 offers a mechanism to query the user and obtain the PKCS#11 pin, determine whether to trust the server certificate and set a client-side certificate to use for the SSL connection (if necessary).
The method getCertificateLabel() in the SSLCallback interface queries the user to determine which client-side certificate to use during the SSL handshake. The server asks the client to authenticate itself during mutual authentication, by sending a message as part of the SSL handshake requesting a client certificate. When this request arrives at the client, and the client has not set its client certificate, the SSL client runtime queries the user through the getCertificateLabel() method. For more details on this, see the corresponding IDL documentation.
The post-5.1 EAServer SSL client runtime does not invoke the getCertificateLabel() callback. If your client application relies on the getCertificateLabel() method being invoked/executed during mutual authentication using SSL, do the following after installing EAServer 5.2 or later:
In the shell used to run the client program, set the environment variable JAGSSL to true. This has the effect of using the earlier version of the EAServer SSL client runtime. The earlier version of the SSL runtime does not support TLS.
PowerBuilder client applications that rely on mutual authentication should also set JAGSSL to true before running the application, but for a Java client you must set -DuseJSSE to true.
If you do require TLS support now, you must recode your client application. For example, if this is an EJB client application, set the client certificate label using the com.sybase.ejb.certificateLabel ORB property.
