| blob | ebe714981b3f963cbd5b97284ce784ba2e978792 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
40 /* Declare SSL cipher suites. */
49 0
50 };
66 0
67 };
69 /**************************************************************************
70 **
71 ** SSL callback routines.
72 **
73 **************************************************************************/
75 /* Function: char * myPasswd()
76 *
77 * Purpose: This function is our custom password handler that is called by
78 * SSL when retreiving private certs and keys from the database. Returns a
79 * pointer to a string that with a password for the database. Password pointer
80 * should point to dynamically allocated memory that will be freed later.
81 */
84 {
89 }
92 }
94 /* Function: SECStatus myAuthCertificate()
95 *
96 * Purpose: This function is our custom certificate authentication handler.
97 *
98 * Note: This implementation is essentially the same as the default
99 * SSL_AuthCertificate().
100 */
101 SECStatus
104 {
106 SECCertUsage certUsage;
110 SECStatus secStatus;
115 }
117 /* Define how the cert is being used based upon the isServer flag. */
126 cert,
127 checksig,
128 certUsage,
129 pinArg);
131 /* If this is a server, we're finished. */
135 }
137 /* Certificate is OK. Since this is the client side of an SSL
138 * connection, we need to verify that the name field in the cert
139 * matches the desired hostname. This is our defense against
140 * man-in-the-middle attacks.
141 */
143 /* SSL_RevealURL returns a hostName, not an URL. */
151 }
158 }
160 /* Function: SECStatus myBadCertHandler()
161 *
162 * Purpose: This callback is called when the incoming certificate is not
163 * valid. We define a certain set of parameters that still cause the
164 * certificate to be "valid" for this session, and return SECSuccess to cause
165 * the server to continue processing the request when any of these conditions
166 * are met. Otherwise, SECFailure is return and the server rejects the
167 * request.
168 */
169 SECStatus
171 {
174 PRErrorCode err;
176 /* log invalid cert here */
180 }
184 /* If any of the cases in the switch are met, then we will proceed */
185 /* with the processing of the request anyway. Otherwise, the default */
186 /* case will be reached and we will reject the request. */
208 }
213 }
215 /* Function: SECStatus ownGetClientAuthData()
216 *
217 * Purpose: This callback is used by SSL to pull client certificate
218 * information upon server request.
219 */
220 SECStatus
226 {
244 }
245 }
257 proto_win);
260 }
262 /* Only check unexpired certs */
267 }
274 }
277 }
280 }
281 }
286 }
289 }
291 /* Function: SECStatus myHandshakeCallback()
292 *
293 * Purpose: Called by SSL to inform application that the handshake is
294 * complete. This function is mostly used on the server side of an SSL
295 * connection, although it is provided for a client as well.
296 * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
297 * is used to initiate a handshake.
298 *
299 * A typical scenario would be:
300 *
301 * 1. Server accepts an SSL connection from the client without client auth.
302 * 2. Client sends a request.
303 * 3. Server determines that to service request it needs to authenticate the
304 * client and initiates another handshake requesting client auth.
305 * 4. While handshake is in progress, server can do other work or spin waiting
306 * for the handshake to complete.
307 * 5. Server is notified that handshake has been successfully completed by
308 * the custom handshake callback function and it can service the client's
309 * request.
310 *
311 * Note: This function is not implemented in this sample, as we are using
312 * blocking sockets.
313 */
314 void
316 {
318 }
321 /**************************************************************************
322 **
323 ** Routines for disabling SSL ciphers.
324 **
325 **************************************************************************/
327 void
329 {
332 SECStatus rv;
334 /* disable all the SSL3 cipher suites */
343 }
344 }
345 }
347 /**************************************************************************
348 **
349 ** Error and information routines.
350 **
351 **************************************************************************/
353 void
355 {
361 }
363 void
365 {
367 /* Exit gracefully. */
368 /* ignoring return value of NSS_Shutdown as code exits with 1*/
372 }
374 void
376 {
400 }
403 /**************************************************************************
404 ** Begin thread management routines and data.
405 **************************************************************************/
407 void
409 {
413 /* wait for parent to finish launching us before proceeding. */
422 /* notify the thread exit handler. */
426 }
428 SECStatus
433 {
441 }
445 }
450 }
453 /* something's really wrong here. */
457 }
461 }
478 }
487 }
489 SECStatus
491 {
503 /* Handle cleanup of thread here. */
506 /* Now make sure the thread has ended OK. */
511 /* notify the thread launcher. */
513 }
514 }
515 }
517 /* Safety Sam sez: make sure count is right. */
523 }
524 }
527 }
529 void
531 {
537 }
541 }
545 }
546 }
548 /**************************************************************************
549 ** End thread management routines.
550 **************************************************************************/
552 void
554 {
559 }
561 void
563 {
569 }
571 void
573 {
577 }
579 }
583 {
590 }
593 }