Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Functions | Variables
sslc.h File Reference
#include "ssls.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  cipherspec

Defines

#define CIPHER(p_sslversion, p_policy, p_ks, p_sks, p_name, p_x)
#define DIPHER(sslversion, policy, ks, sks, name, x)   ;
#define NO_CERT   -1
#define CLIENT_CERT_VERISIGN   1
#define CLIENT_CERT_HARDCOREII_1024   2
#define CLIENT_CERT_HARDCOREII_512   3
#define CLIENT_CERT_SPARK   4
#define SERVER_CERT_HARDCOREII_512   5
#define SERVER_CERT_VERISIGN_REGULAR   6
#define SERVER_CERT_VERISIGN_STEPUP   7
#define SERVER_CERT_SPARK   8
#define MAX_NICKNAME   10

Functions

void ClearCiphers ()
void EnableCiphers ()
void SetPolicy ()
int Version2Enable ()
int Version3Enable ()
int Version23Clear ()
void SetupNickNames ()
int SetServerSecParms (struct ThreadData *td)

Variables

int cipher_array_size
char * nicknames []

Class Documentation

struct cipherspec

Definition at line 41 of file sslc.h.

Collaboration diagram for cipherspec:
Class Members
int enableid
int exportable
int ks
char * name
int on
int sks
int sslversion

Define Documentation

#define CIPHER (   p_sslversion,
  p_policy,
  p_ks,
  p_sks,
  p_name,
  p_x 
)
Value:
{\
 cipher_array[i].sslversion = p_sslversion; \
 cipher_array[i].exportable = p_policy;     \
 cipher_array[i].ks         = p_ks;         \
 cipher_array[i].sks        = p_sks;        \
 cipher_array[i].name       = p_name;       \
 cipher_array[i].enableid   = SSL_ ## p_x;  \
 cipher_array[i].on         = REP_Cipher_ ## p_x; \
 i++; }

Definition at line 55 of file sslc.h.

Definition at line 73 of file sslc.h.

Definition at line 74 of file sslc.h.

Definition at line 75 of file sslc.h.

Definition at line 72 of file sslc.h.

#define DIPHER (   sslversion,
  policy,
  ks,
  sks,
  name,
  x 
)    ;

Definition at line 66 of file sslc.h.

#define MAX_NICKNAME   10

Definition at line 80 of file sslc.h.

#define NO_CERT   -1

Definition at line 71 of file sslc.h.

Definition at line 76 of file sslc.h.

Definition at line 79 of file sslc.h.

Definition at line 77 of file sslc.h.

Definition at line 78 of file sslc.h.


Function Documentation

Definition at line 147 of file sslc.c.

                 {
  int i;

  for (i=0;i<cipher_array_size;i++) {
    if (REP_Policy == POLICY_DOMESTIC) {
      SSL_SetPolicy(cipher_array[i].enableid,SSL_ALLOWED);
    }
    else {
      SSL_SetPolicy(cipher_array[i].enableid,cipher_array[i].exportable);
    }
  }
}
int SetServerSecParms ( struct ThreadData td)

Definition at line 219 of file sslc.c.

                                             {
  int rv;
  SECKEYPrivateKey *privKey;
  PRFileDesc *s;

  s = td->r;

  rv = SSL_Enable(s, SSL_SECURITY, 1);     /* Enable security on this socket */
  if (rv < 0)  return Error(10);

  if (SSLT_CLIENTAUTH_INITIAL == REP_ServerDoClientAuth) {
    rv = SSL_Enable(s, SSL_REQUEST_CERTIFICATE, 1);
    if (rv < 0)  return Error(11);
    }

  ClearCiphers(td);
  EnableCiphers(td);

  PK11_SetPasswordFunc(MyPWFunc);
  SSL_SetPKCS11PinArg(s,(void*) MyPWFunc);


  /* Find the certificates we are going to use from the database */


  /* Test for dummy certificate, which shouldn't exist */
  td->cert = PK11_FindCertFromNickname("XXXXXX_CERT_HARDCOREII_1024",NULL);
  if (td->cert != NULL) return Error(16);


  td->cert = NULL;
  if (NO_CERT != REP_ServerCert) {
    td->cert = PK11_FindCertFromNickname(nicknames[REP_ServerCert],NULL);
  }


  /* Note: if we're set to use NO_CERT as the server cert, then we'll
   * just essentially skip the rest of this (except for session ID cache setup)
   */

  
  if ( (NULL == td->cert)  && ( NO_CERT != REP_ServerCert )) {
    PR_fprintf(PR_STDERR, "Can't find certificate %s\n", nicknames[REP_ServerCert]);
    PR_fprintf(PR_STDERR, "Server: Seclib error: %s\n",
              SECU_ErrorString ((int16) PR_GetError()));
    return Error(12);
  }
  

  if ((NO_CERT != REP_ServerCert)) {
    privKey = PK11_FindKeyByAnyCert(td->cert, NULL);
    if (privKey == NULL) {
      dbmsg((PR_STDERR, "Can't find key for this certificate\n"));
      return Error(13);
    }
    
    rv = SSL_ConfigSecureServer(s,td->cert,privKey, kt_rsa);
    if (rv != PR_SUCCESS) {
      dbmsg((PR_STDERR, "Can't config server error(%d) \n",rv));
      return Error(14);
    }
  }
  
  rv = SSL_ConfigServerSessionIDCache(10, 0, 0, ".");
  if (rv != 0) {    
    dbmsg((PR_STDERR, "Can't config server session ID cache (%d) \n",rv));
    return Error(15);
  }

  return 0;
}

Definition at line 196 of file sslc.c.

                      {
  nicknames[CLIENT_CERT_VERISIGN]        = "CLIENT_CERT_VERISIGN";
  nicknames[CLIENT_CERT_HARDCOREII_1024] = "CLIENT_CERT_HARDCOREII_1024";
  nicknames[CLIENT_CERT_HARDCOREII_512]  = "CLIENT_CERT_HARDCOREII_512";
  nicknames[CLIENT_CERT_SPARK]           = "CLIENT_CERT_SPARK";
  nicknames[SERVER_CERT_HARDCOREII_512]  = nickname;
  /* nicknames[SERVER_CERT_HARDCOREII_512]  = "SERVER_CERT_HARDCOREII_512"; */
  nicknames[SERVER_CERT_VERISIGN_REGULAR]= "SERVER_CERT_VERISIGN_REGULAR";
  nicknames[SERVER_CERT_VERISIGN_STEPUP] = "SERVER_CERT_VERISIGN_STEPUP";
  nicknames[SERVER_CERT_SPARK]           = "SERVER_CERT_SPARK";
}

Variable Documentation

Definition at line 52 of file sslc.c.

char* nicknames[]

Definition at line 194 of file sslc.c.