| blob | 101152d6b4597b5f35e2c6467e8edb1132ca8b6f |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
47 /* Declare SSL cipher suites. */
56 0
57 };
86 0
87 };
89 /**************************************************************************
90 **
91 ** SSL callback routines.
92 **
93 **************************************************************************/
95 /* Function: char * myPasswd()
96 *
97 * Purpose: This function is our custom password handler that is called by
98 * SSL when retreiving private certs and keys from the database. Returns a
99 * pointer to a string that with a password for the database. Password pointer
100 * should point to dynamically allocated memory that will be freed later.
101 */
104 {
109 }
111 }
113 /* Function: SECStatus myAuthCertificate()
114 *
115 * Purpose: This function is our custom certificate authentication handler.
116 *
117 * Note: This implementation is essentially the same as the default
118 * SSL_AuthCertificate().
119 */
120 SECStatus
123 {
125 SECCertificateUsage certUsage;
129 SECStatus secStatus;
134 }
136 /* Define how the cert is being used based upon the isServer flag. */
146 }
149 cert,
150 checksig,
151 certUsage,
152 pinArg,
153 NULL);
155 /* If this is a server, we're finished. */
161 }
163 /* Certificate is OK. Since this is the client side of an SSL
164 * connection, we need to verify that the name field in the cert
165 * matches the desired hostname. This is our defense against
166 * man-in-the-middle attacks.
167 */
169 /* SSL_RevealURL returns a hostName, not an URL. */
177 }
184 }
186 /* Function: SECStatus myBadCertHandler()
187 *
188 * Purpose: This callback is called when the incoming certificate is not
189 * valid. We define a certain set of parameters that still cause the
190 * certificate to be "valid" for this session, and return SECSuccess to cause
191 * the server to continue processing the request when any of these conditions
192 * are met. Otherwise, SECFailure is return and the server rejects the
193 * request.
194 */
195 SECStatus
197 {
200 PRErrorCode err;
202 /* log invalid cert here */
206 }
210 /* If any of the cases in the switch are met, then we will proceed */
211 /* with the processing of the request anyway. Otherwise, the default */
212 /* case will be reached and we will reject the request. */
234 }
239 }
241 /* Function: SECStatus ownGetClientAuthData()
242 *
243 * Purpose: This callback is used by SSL to pull client certificate
244 * information upon server request.
245 */
246 SECStatus
252 {
270 }
271 }
283 proto_win);
286 }
288 /* Only check unexpired certs */
293 }
300 }
302 }
306 }
307 }
312 }
315 }
317 /* Function: void myHandshakeCallback()
318 *
319 * Purpose: Called by SSL to inform application that the handshake is
320 * complete. This function is mostly used on the server side of an SSL
321 * connection, although it is provided for a client as well.
322 * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
323 * is used to initiate a handshake.
324 *
325 * A typical scenario would be:
326 *
327 * 1. Server accepts an SSL connection from the client without client auth.
328 * 2. Client sends a request.
329 * 3. Server determines that to service request it needs to authenticate the
330 * client and initiates another handshake requesting client auth.
331 * 4. While handshake is in progress, server can do other work or spin waiting
332 * for the handshake to complete.
333 * 5. Server is notified that handshake has been successfully completed by
334 * the custom handshake callback function and it can service the client's
335 * request.
336 *
337 * Note: This function is not implemented in this sample, as we are using
338 * blocking sockets.
339 */
340 void
342 {
344 }
347 /**************************************************************************
348 **
349 ** Routines for disabling SSL ciphers.
350 **
351 **************************************************************************/
353 void
355 {
358 SECStatus rv;
360 /* disable all the SSL3 cipher suites */
370 }
371 }
372 }
374 /**************************************************************************
375 **
376 ** Error and information routines.
377 **
378 **************************************************************************/
380 void
382 {
388 }
390 void
392 {
394 /* Exit gracefully. */
395 /* ignoring return value of NSS_Shutdown as code exits with 1 anyway*/
399 }
401 void
403 {
415 }
433 }
436 /**************************************************************************
437 ** Begin thread management routines and data.
438 **************************************************************************/
440 void
442 {
446 /* wait for parent to finish launching us before proceeding. */
455 /* notify the thread exit handler. */
459 }
461 SECStatus
466 {
474 }
478 }
483 }
486 /* something's really wrong here. */
490 }
494 }
511 }
519 }
521 SECStatus
523 {
535 /* Handle cleanup of thread here. */
537 /* Now make sure the thread has ended OK. */
542 /* notify the thread launcher. */
544 }
545 }
546 }
548 /* Safety Sam sez: make sure count is right. */
554 }
555 }
558 }
560 void
562 {
568 }
572 }
576 }
577 }
579 /**************************************************************************
580 ** End thread management routines.
581 **************************************************************************/
583 void
585 {
590 }
592 void
594 {
600 }
602 void
604 {
608 }
610 }
614 {
621 }
624 }
627 /*
628 * Dump cert chain in to cert.* files. This function is will
629 * create collisions while dumping cert chains if called from
630 * multiple treads. But it should not be a problem since we
631 * consider vfyserv to be single threaded(see bug 353477).
632 */
634 void
636 {
644 }
651 count);
657 certFileName);
662 }
663 }
665 }