TrustedRoots Unicode C++ Reference Documentation
CkTrustedRootsW
Current Version: 11.5.0
Chilkat.TrustedRoots
Add root or CA certificates that should be trusted by Chilkat validation
operations.
Load one or more trusted CA certificates from PEM bundle files used by
many TLS and certificate-validation workflows.
Import trusted certificates from a
Choose whether Chilkat should also trust the operating system's CA root
certificates.
Control whether self-signed server certificates are rejected or accepted
during certificate validation.
Activate the configured trusted-root set so it is used by Chilkat classes
that perform TLS or signature certificate validation.
For an extended overview, see
TrustedRoots Class Overview.
Configure the trusted root certificates used by Chilkat certificate validation.
Chilkat.TrustedRoots manages a collection of trusted CA and
self-signed root certificates used Chilkat-wide for PKCS7/CMS signature
validation and SSL/TLS server certificate validation. It can add individual
certificates, import trusted certificates from a Java keystore, load PEM CA
bundles, activate or deactivate the trusted-root set, and control whether
system CA roots and self-signed server certificates are trusted.
Custom trusted roots
PEM CA bundles
Java keystore import
JavaKeyStore when trust
anchors are maintained in JKS-style storage.
System CA root control
Self-signed certificate policy
Activate Chilkat-wide trust
TrustedRoots object, add trusted certificates or load a
PEM CA bundle, configure whether system roots and self-signed certificates
should be trusted, then call Activate. Treat trusted roots as
Chilkat-wide validation configuration, not as private state for a single
object.
Object Creation
// Local variable on the stack CkTrustedRootsW obj; // Dynamically allocate/delete CkTrustedRootsW *pObj = new CkTrustedRootsW(); // ... delete pObj;
Properties
DebugLogFilePath
const wchar_t *debugLogFilePath(void);
void put_DebugLogFilePath(const wchar_t *str);
If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.
Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.
Possible causes of hangs include:
- A timeout property set to 0, indicating an infinite timeout.
- A hang occurring within an event callback in the application code.
- An internal bug in the Chilkat code causing the hang.
LastErrorHtml
Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastErrorText
Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
LastErrorXml
Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastMethodSuccess
void put_LastMethodSuccess(bool newVal);
Indicates the success or failure of the most recent method call: true means success, false means failure. This property remains unchanged by property setters or getters. This method is present to address challenges in checking for null or Nothing returns in certain programming languages. Note: This property does not apply to methods that return integer values or to boolean-returning methods where the boolean does not indicate success or failure.
NumCerts
The number of certificates contained within this object.
This is the number of certificates explicitly added by the methods AddCert, AddJavaKeyStore, and LoadCaCertsPem.
topRejectSelfSignedCerts
void put_RejectSelfSignedCerts(bool newVal);
Indicates whether all self-signed certificates are to be rejected in SSL/TLS connections. The default value of this property is false.
Note: This is for the case where the server certificate chain of authentication is 1 certificate long (i.e. the TLS server certificate itself is self-signed).
topTrustSystemCaRoots
void put_TrustSystemCaRoots(bool newVal);
Indicates whether the operating system's CA root certificates are automatically trusted.
On a Windows operating system, this would be the registry-based CA certificate stores. On a Linux system, this could be /etc/ssl/certs/ca-certificates.crt, if it exists. The default value is true. Set this property equal to false to prevent Chilkat from automatically trusting system-provided root CA certificates.
VerboseLogging
void put_VerboseLogging(bool newVal);
If set to true, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is false. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.
Version
Methods
Activate
Activates this collection of trusted roots as the set of CA and self-signed root certificates that are to be trusted Chilkat-wide for PKCS7 signature validation and SSL/TLS server certificate validation.
AddCert
AddJavaKeyStore
Adds the trusted certificates from a Java key store to the collection of trusted roots.
Returns true for success, false for failure.
AddJavaKeyStoreAsync (1)
Creates an asynchronous task to call the AddJavaKeyStore method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Note: The application is responsible for deleting (via the C++ delete operator) the object returned by this method.
Returns NULL on failure
CertAt
Returns in cert the Nth cert contained within this object. The 1st certificate is at index 0.
Returns true for success, false for failure.
topDeactivate
Deactivates a previous set of activated trusted roots so that all roots / self-signed certificates are implicitly trusted.
Returns true for success, false for failure.
topLoadCaCertsPem
Loads a CA bundle in PEM format. This is a file containing CA root certificates that are to be trusted. An example of one such file is the CA certs from mozilla.org exported to a cacert.pem file by the mk-ca-bundle tool located here: http://curl.haxx.se/docs/caextract.html.
Note: This can also be called to load the /etc/ssl/certs/ca-certificates.crt file on Linux systems.
LoadCaCertsPemAsync (1)
Creates an asynchronous task to call the LoadCaCertsPem method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Note: The application is responsible for deleting (via the C++ delete operator) the object returned by this method.
Returns NULL on failure
LoadTaskCaller
Events
To implement an event callback, your application would define and implement a class that inherits from CkBaseProgressW. Your application can implement methods to override some or all of the default/empty method implementations of the CkBaseProgressW base class.
For example:
CkTrustedRootsW trustedroots; MyTrustedRootsProgressW callbackObj; trustedroots.put_EventCallbackObject(&callbackObj);
MyTrustedRootsProgressW example:
#include "CkBaseProgressW.h"
class MyTrustedRootsProgressW : public CkBaseProgressW {
public:
MyTrustedRootsProgressW();
virtual ~MyTrustedRootsProgressW();
void AbortCheck(bool *abort);
void PercentDone(int pctDone, bool *abort);
void ProgressInfo(const wchar_t *name, const wchar_t *value);
void TaskCompleted(CkTaskW &task);
};AbortCheck
Enables a method call to be aborted by triggering the AbortCheck event at intervals defined by the HeartbeatMs property. If HeartbeatMs is set to its default value of 0, no events will occur. For instance, set HeartbeatMs to 200 to trigger 5 AbortCheck events per second.
PercentDone
This provides the percentage completion for any method involving network communications or time-consuming processing, assuming the progress can be measured as a percentage. This event is triggered only when it's possible and logical to express the operation's progress as a percentage. The pctDone argument will range from 1 to 100. For methods that finish quickly, the number of PercentDone callbacks may vary, but the final callback will have pctDone equal to 100. For longer operations, callbacks will not exceed one per percentage point (e.g., 1, 2, 3, ..., 98, 99, 100).
The PercentDone callback also acts as an AbortCheck event. For fast methods where PercentDone fires, an AbortCheck event may not trigger since the PercentDone callback already provides an opportunity to abort. For longer operations, where time between PercentDone callbacks is extended, AbortCheck callbacks enable more responsive operation termination.
To abort the operation, set the abort output argument to true. This will cause the method to terminate and return a failure status or corresponding failure value.
ProgressInfo
This event callback provides tag name/value pairs that detail what occurs during a method call. To discover existing tag names, create code to handle the event, emit the pairs, and review them. Most tag names are self-explanatory.
Note: Some Chilkat methods don't fire any ProgressInfo events.
TaskCompleted
Called from the background thread when an asynchronous task completes.
Deprecated
GetCert
This method is deprecated. Applications should instead call CertAt.
Returns the Nth cert contained within this object. The 1st certificate is at index 0.
Note: The application is responsible for deleting (via the C++ delete operator) the object returned by this method.
Returns NULL on failure