Discuss this help topic in SecureBlackbox Forum


TElSSLClient     See also     

Filter: C#/Java  VB.NET  Pascal  C++  PHP  

This event is fired when the protocol requires a client certificate. This event obsoletes the OnCertificateNeeded event. Please avoid using the OnCertificateNeeded event in your applications, as OnCertificateNeededEx event gives much more flexibility.


    event TSBCertificateNeededExEvent OnCertificateNeededEx;
    delegate void TSBCertificateNeededExEvent(Object Sender, ref TElX509Certificate Certificate);

    Event OnCertificateNeededEx As TSBCertificateNeededExEvent
    Delegate Sub TSBCertificateNeededExEvent(ByVal Sender As Object, ByRef Certificate As TElX509Certificate)

    property OnCertificateNeededEx : TSBCertificateNeededExEvent;
    TSBCertificateNeededExEvent = procedure (Sender: TObject; var Certificate: TElX509Certificate) of object;

    void get_OnCertificateNeededEx(TSBCertificateNeededExEvent &pMethodOutResult, void * &pDataOutResult);
    void set_OnCertificateNeededEx(TSBCertificateNeededExEvent pMethodValue, void * pDataValue);
    typedef void (SB_CALLBACK *TSBCertificateNeededExEvent)(void * _ObjectData, TObjectHandle Sender, TElX509CertificateHandle &Certificate);

    TSBCertificateNeededExEvent|callable|NULL get_OnCertificateNeededEx()
    void set_OnCertificateNeededEx(TSBCertificateNeededExEvent|callable|NULL $Value)
    callable TSBCertificateNeededExEvent(TObject $Sender, TElX509Certificate &$Certificate)



    This event is fired by TElSSLClient when the negotiated protocol requires a client-side X509 certificate to be used during the session. TElSSLClient fires OnCertificateNeededEx event consequently, until the nil/NULL value is passed as Certificate parameter. This gives the ability to pass a certificate chain to the server, not only a single certificate. This event should be handled in the following way:

  • Pass the whole certificate chain, beginning at end-entity certificate with a corresponding private key.
  • When the chain is over, pass nil/NULL as Certificate parameter.

OnCertificateNeededEx can accept the certificate which belongs to the certain chain. In this case the whole chain is sent and OnCertificateNeededEx is not fired further.

An alternative to this event is to use ClientCertStorage property.

See also:     TElSSLClass.OnCertificateValidate     ClientCertStorage    

Discuss this help topic in SecureBlackbox Forum