Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions | Variables
sslc.c File Reference
#include "ssl.h"
#include "sslproto.h"
#include "sslt.h"
#include "sslc.h"
#include "ssls.h"
#include "pk11func.h"

Go to the source code of this file.

Defines

#define MAX_CIPHERS   100

Functions

void InitCiphers ()
void ClearCiphers (struct ThreadData *td)
void EnableCiphers (struct ThreadData *td)
void SetPolicy ()
char * MyPWFunc (PK11SlotInfo *slot, PRBool retry, void *arg)
int Version2Enable (PRFileDesc *s, int v)
int Version3Enable (PRFileDesc *s)
int Version23Clear (PRFileDesc *s)
void SetupNickNames ()
int SetServerSecParms (struct ThreadData *td)

Variables

int cipher_array_size = 0
char * password = ""
char * nickname = "SSLServer"
char * client_nick = "SSLClient"
char * nicknames [MAX_NICKNAME]

Define Documentation

#define MAX_CIPHERS   100

Definition at line 49 of file sslc.c.


Function Documentation

void ClearCiphers ( struct ThreadData td)

Definition at line 123 of file sslc.c.

                                         {
int i;

for (i=0;i<cipher_array_size;i++) {
SSL_EnableCipher(cipher_array[i].enableid,0);
}
}

Here is the call graph for this function:

Here is the caller graph for this function:

void EnableCiphers ( struct ThreadData td)

Definition at line 135 of file sslc.c.

                                          {
  int i;

  for (i=0;i<cipher_array_size;i++) {
    if (cipher_array[i].on) {
      SSL_EnableCipher(cipher_array[i].enableid,1);
    }
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 57 of file sslc.c.

                   {
  int i=0;

/* These ciphers are listed in priority order. */
  DIPHER(2,SSL_ALLOWED,128,40,     "RC2-CBC-Export", EN_RC2_128_CBC_EXPORT40_WITH_MD5)
    CIPHER(2,SSL_NOT_ALLOWED,128,128,"RC4",            EN_RC4_128_WITH_MD5)
    CIPHER(2,SSL_ALLOWED,128,40,     "RC4-Export",     EN_RC4_128_EXPORT40_WITH_MD5)
    DIPHER(2,SSL_NOT_ALLOWED,128,128,"RC2-CBC",        EN_RC2_128_CBC_WITH_MD5)
    DIPHER(2,SSL_ALLOWED,128,40,     "RC2-CBC-40", EN_RC2_128_CBC_EXPORT40_WITH_MD5)
    DIPHER(2,SSL_NOT_ALLOWED,128,128,"IDEA-CBC",       EN_IDEA_128_CBC_WITH_MD5)
    DIPHER(2,SSL_NOT_ALLOWED,56,56,  "DES-CBC",        EN_DES_64_CBC_WITH_MD5)
    CIPHER(2,SSL_NOT_ALLOWED,168,168,"DES-EDE3-CBC",   EN_DES_192_EDE3_CBC_WITH_MD5)
  /* SSL 3 suites */

    CIPHER(3,SSL_RESTRICTED,128,128, "RC4",            RSA_WITH_RC4_128_MD5)
    DIPHER(3,SSL_RESTRICTED,128,128, "RC4",            RSA_WITH_RC4_128_SHA)
    CIPHER(3,SSL_RESTRICTED,168,168, "3DES-EDE-CBC",   RSA_WITH_3DES_EDE_CBC_SHA)
    CIPHER(3,SSL_NOT_ALLOWED,56,56,"DES-CBC",        RSA_WITH_DES_CBC_SHA)
    CIPHER(3,SSL_ALLOWED,128,40,     "RC4-40",         RSA_EXPORT_WITH_RC4_40_MD5)
    CIPHER(3,SSL_ALLOWED,128,40,     "RC2-CBC-40",     RSA_EXPORT_WITH_RC2_CBC_40_MD5)

    DIPHER(3,SSL_ALLOWED,0,0,        "NULL",           NULL_WITH_NULL_NULL)
    DIPHER(3,SSL_ALLOWED,0,0,        "NULL",           RSA_WITH_NULL_MD5)
    DIPHER(3,SSL_ALLOWED,0,0,        "NULL",           RSA_WITH_NULL_SHA)

#if 0
    DIPHER(3,SSL_NOT_ALLOWED,0,0,    "IDEA-CBC",       RSA_WITH_IDEA_CBC_SHA)
    DIPHER(3,SSL_ALLOWED,128,40,     "DES-CBC-40",     RSA_EXPORT_WITH_DES40_CBC_SHA)
#endif

  /*
    
  CIPHER(DH_DSS_EXPORT_WITH_DES40_CBC_SHA),
  CIPHER(DH_DSS_WITH_DES_CBC_SHA),
  CIPHER(DH_DSS_WITH_3DES_EDE_CBC_SHA),
  CIPHER(DH_RSA_EXPORT_WITH_DES40_CBC_SHA),
  CIPHER(DH_RSA_WITH_DES_CBC_SHA),
  CIPHER(DH_RSA_WITH_3DES_EDE_CBC_SHA),
  CIPHER(DHE_DSS_EXPORT_WITH_DES40_CBC_SHA),
  CIPHER(DHE_DSS_WITH_DES_CBC_SHA),
  CIPHER(DHE_DSS_WITH_3DES_EDE_CBC_SHA),
  CIPHER(DHE_RSA_EXPORT_WITH_DES40_CBC_SHA),
  CIPHER(DHE_RSA_WITH_DES_CBC_SHA),
  CIPHER(DHE_RSA_WITH_3DES_EDE_CBC_SHA),

  CIPHER(DH_ANON_EXPORT_WITH_RC4_40_MD5),
  CIPHER(DH_ANON_WITH_RC4_128_MD5),
  CIPHER(DH_ANON_WITH_DES_CBC_SHA),
  CIPHER(DH_ANON_WITH_3DES_EDE_CBC_SHA),

  CIPHER(3,SSL_NOT_ALLOWED,0,0,"Fortezza",        FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA),
  CIPHER(3,SSL_NOT_ALLOWED,0,0,"Fortezza",        FORTEZZA_DMS_WITH_RC4_128_SHA),

  */

    DIPHER(3,SSL_NOT_ALLOWED,192,192,"3DES-EDE-CBC",RSA_FIPS_WITH_3DES_EDE_CBC_SHA)
    DIPHER(3,SSL_NOT_ALLOWED,64,64,  "DES-CBC",       RSA_FIPS_WITH_DES_CBC_SHA)
    
    cipher_array_size =i;
}

Here is the caller graph for this function:

char* MyPWFunc ( PK11SlotInfo *  slot,
PRBool  retry,
void arg 
)

Definition at line 160 of file sslc.c.

{
    static PRBool called=PR_FALSE;
    if(called) {
       return NULL;
    } else {
       called = PR_TRUE;
       return PL_strdup(password);
    }
}

Here is the caller graph for this function:

Definition at line 147 of file sslc.c.

                 {
  int i;

  for (i=0;i<cipher_array_size;i++) {
    if (REP_Policy == POLICY_DOMESTIC) {
      SSL_SetPolicy(cipher_array[i].enableid,SSL_ALLOWED);
    }
    else {
      SSL_SetPolicy(cipher_array[i].enableid,cipher_array[i].exportable);
    }
  }
}

Here is the caller graph for this function:

int SetServerSecParms ( struct ThreadData td)

Definition at line 219 of file sslc.c.

                                             {
  int rv;
  SECKEYPrivateKey *privKey;
  PRFileDesc *s;

  s = td->r;

  rv = SSL_Enable(s, SSL_SECURITY, 1);     /* Enable security on this socket */
  if (rv < 0)  return Error(10);

  if (SSLT_CLIENTAUTH_INITIAL == REP_ServerDoClientAuth) {
    rv = SSL_Enable(s, SSL_REQUEST_CERTIFICATE, 1);
    if (rv < 0)  return Error(11);
    }

  ClearCiphers(td);
  EnableCiphers(td);

  PK11_SetPasswordFunc(MyPWFunc);
  SSL_SetPKCS11PinArg(s,(void*) MyPWFunc);


  /* Find the certificates we are going to use from the database */


  /* Test for dummy certificate, which shouldn't exist */
  td->cert = PK11_FindCertFromNickname("XXXXXX_CERT_HARDCOREII_1024",NULL);
  if (td->cert != NULL) return Error(16);


  td->cert = NULL;
  if (NO_CERT != REP_ServerCert) {
    td->cert = PK11_FindCertFromNickname(nicknames[REP_ServerCert],NULL);
  }


  /* Note: if we're set to use NO_CERT as the server cert, then we'll
   * just essentially skip the rest of this (except for session ID cache setup)
   */

  
  if ( (NULL == td->cert)  && ( NO_CERT != REP_ServerCert )) {
    PR_fprintf(PR_STDERR, "Can't find certificate %s\n", nicknames[REP_ServerCert]);
    PR_fprintf(PR_STDERR, "Server: Seclib error: %s\n",
              SECU_ErrorString ((int16) PR_GetError()));
    return Error(12);
  }
  

  if ((NO_CERT != REP_ServerCert)) {
    privKey = PK11_FindKeyByAnyCert(td->cert, NULL);
    if (privKey == NULL) {
      dbmsg((PR_STDERR, "Can't find key for this certificate\n"));
      return Error(13);
    }
    
    rv = SSL_ConfigSecureServer(s,td->cert,privKey, kt_rsa);
    if (rv != PR_SUCCESS) {
      dbmsg((PR_STDERR, "Can't config server error(%d) \n",rv));
      return Error(14);
    }
  }
  
  rv = SSL_ConfigServerSessionIDCache(10, 0, 0, ".");
  if (rv != 0) {    
    dbmsg((PR_STDERR, "Can't config server session ID cache (%d) \n",rv));
    return Error(15);
  }

  return 0;
}

Here is the caller graph for this function:

Definition at line 196 of file sslc.c.

                      {
  nicknames[CLIENT_CERT_VERISIGN]        = "CLIENT_CERT_VERISIGN";
  nicknames[CLIENT_CERT_HARDCOREII_1024] = "CLIENT_CERT_HARDCOREII_1024";
  nicknames[CLIENT_CERT_HARDCOREII_512]  = "CLIENT_CERT_HARDCOREII_512";
  nicknames[CLIENT_CERT_SPARK]           = "CLIENT_CERT_SPARK";
  nicknames[SERVER_CERT_HARDCOREII_512]  = nickname;
  /* nicknames[SERVER_CERT_HARDCOREII_512]  = "SERVER_CERT_HARDCOREII_512"; */
  nicknames[SERVER_CERT_VERISIGN_REGULAR]= "SERVER_CERT_VERISIGN_REGULAR";
  nicknames[SERVER_CERT_VERISIGN_STEPUP] = "SERVER_CERT_VERISIGN_STEPUP";
  nicknames[SERVER_CERT_SPARK]           = "SERVER_CERT_SPARK";
}

Here is the caller graph for this function:

Definition at line 186 of file sslc.c.

                                  {
  if (SSL_Enable(s,SSL_ENABLE_SSL2,0) <0) return Error(40);
  if (SSL_Enable(s,SSL_ENABLE_SSL3,0) <0) return Error(41);
  return 0;
}

Here is the caller graph for this function:

int Version2Enable ( PRFileDesc s,
int  v 
)

Definition at line 176 of file sslc.c.

                                         {
  if (SSL_Enable(s, SSL_ENABLE_SSL2, 1) <0) return Error(43);
  else return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 181 of file sslc.c.

                                  {
    if (SSL_Enable(s, SSL_ENABLE_SSL3, 1) <0) return Error(42);
    else return 0;
}

Here is the caller graph for this function:


Variable Documentation

Definition at line 52 of file sslc.c.

char* client_nick = "SSLClient"

Definition at line 55 of file sslc.c.

char* nickname = "SSLServer"

Definition at line 54 of file sslc.c.

Definition at line 194 of file sslc.c.

char* password = ""

Definition at line 53 of file sslc.c.