mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Stop using deprecated SSL functions. Convert them to the supported ones.

This commit is contained in:
nelsonb%netscape.com 2001-01-06 02:40:02 +00:00
Родитель c20c39e789
Коммит 793dba6814
8 изменённых файлов: 200 добавлений и 281 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

39
security/nss/cmd/SSLsample/client.c
Просмотреть файл

@ -134,15 +134,15 @@ retry:
}
/* Set configuration options. */
secStatus = SSL_Enable(sslSocket, SSL_SECURITY, PR_TRUE);
secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_SECURITY");
errWarn("SSL_OptionSet:SSL_SECURITY");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_HANDSHAKE_AS_CLIENT");
errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
goto loser;
}
@ -417,29 +417,28 @@ main(int argc, char **argv)
/* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
NSS_SetDomesticPolicy();
SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {
int ndx;
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableSSL2Ciphers();
disableSSL3Ciphers();
/* disable all the ciphers, then enable the ones we want. */
disableAllSSLCiphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SSL_EnableCipher(cipher, SSL_ALLOWED);
}
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SSL_CipherPrefSetDefault(cipher, PR_TRUE);
}
}
}
client_main(port, connections, hostName);

67
security/nss/cmd/SSLsample/server.c
Просмотреть файл

@ -223,29 +223,29 @@ setupSSLSocket(PRFileDesc *tcpSocket, int requestCert)
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_SECURITY, PR_TRUE);
secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable SSL_SECURITY");
errWarn("SSL_OptionSet SSL_SECURITY");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_HANDSHAKE_AS_SERVER");
errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_REQUEST_CERTIFICATE,
secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE,
(requestCert >= REQUEST_CERT_ONCE));
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUEST_CERTIFICATE");
errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
goto loser;
}
secStatus = SSL_Enable(sslSocket, SSL_REQUIRE_CERTIFICATE,
secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE,
(requestCert == REQUIRE_CERT_ONCE));
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUIRE_CERTIFICATE");
errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
goto loser;
}
@ -316,24 +316,24 @@ authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert)
}
/* Request client to authenticate itself. */
secStatus = SSL_Enable(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUEST_CERTIFICATE");
errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
return SECFailure;
}
/* If desired, require client to authenticate itself. Note
* SSL_REQUEST_CERTIFICATE must also be on, as above. */
secStatus = SSL_Enable(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
if (secStatus != SECSuccess) {
errWarn("SSL_Enable:SSL_REQUIRE_CERTIFICATE");
errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
return SECFailure;
}
/* Having changed socket configuration parameters, redo handshake. */
secStatus = SSL_RedoHandshake(sslSocket);
secStatus = SSL_ReHandshake(sslSocket, PR_TRUE);
if (secStatus != SECSuccess) {
errWarn("SSL_RedoHandshake");
errWarn("SSL_ReHandshake");
return SECFailure;
}
@ -671,9 +671,9 @@ server_main(
/* This cipher is not on by default. The Acceptance test
* would like it to be. Turn this cipher on.
*/
secStatus = SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
if (secStatus != SECSuccess) {
exitErr("SSL_EnableCipher:SSL_RSA_WITH_NULL_MD5");
exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
}
/* Configure the network connection. */
@ -772,28 +772,27 @@ main(int argc, char **argv)
/* XXX keep this? */
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {
int ndx;
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableSSL2Ciphers();
disableSSL3Ciphers();
/* disable all the ciphers, then enable the ones we want. */
disableAllSSLCiphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
while (0 != (ndx = *cipherString++)) {
int *cptr;
int cipher;
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SECStatus status;
status = SSL_CipherPrefSetDefault(cipher, SSL_ALLOWED);
if (status != SECSuccess)
errWarn("SSL_CipherPrefSetDefault()");
}
if (! isalpha(ndx))
Usage(progName);
cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
/* do nothing */;
if (cipher) {
SECStatus status;
status = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
if (status != SECSuccess)
errWarn("SSL_CipherPrefSetDefault()");
}
}
}
/* Get own certificate and private key. */

118
security/nss/cmd/SSLsample/sslsample.c
Просмотреть файл

@ -252,40 +252,40 @@ myGetClientAuthData(void *arg,
}
}
} else { /* no nickname given, automatically find the right cert */
CERTCertNicknames *names;
int i;
CERTCertNicknames *names;
int i;
names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
SEC_CERT_NICKNAMES_USER, proto_win);
names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
SEC_CERT_NICKNAMES_USER, proto_win);
if (names != NULL) {
for(i = 0; i < names->numnicknames; i++ ) {
if (names != NULL) {
for(i = 0; i < names->numnicknames; i++ ) {
cert = PK11_FindCertFromNickname(names->nicknames[i],
proto_win);
if (!cert) {
continue;
}
/* Only check unexpired certs */
if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
!= secCertTimeValid ) {
CERT_DestroyCertificate(cert);
continue;
}
secStatus = NSS_CmpCertChainWCANames(cert, caNames);
if (secStatus == SECSuccess) {
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privKey) {
break;
}
secStatus = SECFailure;
break;
}
CERT_FreeNicknames(names);
} /* for loop */
cert = PK11_FindCertFromNickname(names->nicknames[i],
proto_win);
if (!cert) {
continue;
}
/* Only check unexpired certs */
if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
!= secCertTimeValid ) {
CERT_DestroyCertificate(cert);
continue;
}
secStatus = NSS_CmpCertChainWCANames(cert, caNames);
if (secStatus == SECSuccess) {
privKey = PK11_FindKeyByAnyCert(cert, proto_win);
if (privKey) {
break;
}
secStatus = SECFailure;
break;
}
CERT_FreeNicknames(names);
} /* for loop */
}
}
if (secStatus == SECSuccess) {
@ -301,7 +301,7 @@ myGetClientAuthData(void *arg,
* Purpose: Called by SSL to inform application that the handshake is
* complete. This function is mostly used on the server side of an SSL
* connection, although it is provided for a client as well.
* Useful when a non-blocking SSL_RedoHandshake or SSL_ResetHandshake
* Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
* is used to initiate a handshake.
*
* A typical scenario would be:
@ -334,25 +334,23 @@ myHandshakeCallback(PRFileDesc *socket, void *arg)
**************************************************************************/
void
disableSSL2Ciphers(void)
disableAllSSLCiphers(void)
{
int i;
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
int i = SSL_NumImplementedCiphers;
SECStatus rv;
/* disable all the SSL2 cipher suites */
for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
}
}
void
disableSSL3Ciphers(void)
{
int i;
/* disable all the SSL3 cipher suites */
for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
if (rv != SECSuccess) {
printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
suite, i);
errWarn("SSL_CipherPrefSetDefault");
exit(2);
}
}
}
/**************************************************************************
@ -506,22 +504,22 @@ reap_threads(GlobalThreadMgr *threadMGR)
return 0;
PR_Lock(threadMGR->threadLock);
while (threadMGR->numRunning > 0) {
PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running == rs_zombie) {
/* Handle cleanup of thread here. */
printf("Thread in slot %d returned %d\n", i, slot->rv);
PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
for (i = 0; i < threadMGR->numUsed; ++i) {
slot = &threadMGR->threads[i];
if (slot->running == rs_zombie) {
/* Handle cleanup of thread here. */
printf("Thread in slot %d returned %d\n", i, slot->rv);
/* Now make sure the thread has ended OK. */
PR_JoinThread(slot->prThread);
slot->running = rs_idle;
--threadMGR->numRunning;
/* Now make sure the thread has ended OK. */
PR_JoinThread(slot->prThread);
slot->running = rs_idle;
--threadMGR->numRunning;
/* notify the thread launcher. */
PR_NotifyCondVar(threadMGR->threadStartQ);
}
/* notify the thread launcher. */
PR_NotifyCondVar(threadMGR->threadStartQ);
}
}
}
/* Safety Sam sez: make sure count is right. */

3
security/nss/cmd/SSLsample/sslsample.h
Просмотреть файл

@ -98,9 +98,8 @@ SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
/* Disable all v2/v3 SSL ciphers. */
void disableSSL2Ciphers(void);
void disableAllSSLCiphers(void);
void disableSSL3Ciphers(void);
/* Error and information utilities. */

72
security/nss/cmd/selfserv/selfserv.c
Просмотреть файл

@ -210,25 +210,30 @@ errExit(char * funcString)
exit(3);
}
void
disableSSL2Ciphers(void)
{
int i;
/* disable all the SSL2 cipher suites */
for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
}
}
/**************************************************************************
**
** Routines for disabling SSL ciphers.
**
**************************************************************************/
void
disableSSL3Ciphers(void)
disableAllSSLCiphers(void)
{
int i;
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
int i = SSL_NumImplementedCiphers;
SECStatus rv;
/* disable all the SSL3 cipher suites */
for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
while (--i >= 0) {
PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
if (rv != SECSuccess) {
printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
suite, i);
errWarn("SSL_CipherPrefSetDefault");
exit(2);
}
}
}
@ -743,20 +748,20 @@ send_answer:
if (cert) {
CERT_DestroyCertificate(cert);
} else {
rv = SSL_Enable(ssl_sock, SSL_REQUEST_CERTIFICATE, 1);
rv = SSL_OptionSet(ssl_sock, SSL_REQUEST_CERTIFICATE, 1);
if (rv < 0) {
errWarn("second SSL_Enable SSL_REQUEST_CERTIFICATE");
errWarn("second SSL_OptionSet SSL_REQUEST_CERTIFICATE");
break;
}
rv = SSL_Enable(ssl_sock, SSL_REQUIRE_CERTIFICATE,
rv = SSL_OptionSet(ssl_sock, SSL_REQUIRE_CERTIFICATE,
(requestCert == 4));
if (rv < 0) {
errWarn("second SSL_Enable SSL_REQUIRE_CERTIFICATE");
errWarn("second SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
break;
}
rv = SSL_RedoHandshake(ssl_sock);
rv = SSL_ReHandshake(ssl_sock, PR_TRUE);
if (rv != 0) {
errWarn("SSL_RedoHandshake");
errWarn("SSL_ReHandshake");
break;
}
rv = SSL_ForceHandshake(ssl_sock);
@ -923,23 +928,23 @@ server_main(
** Setting it explicitly should not be necessary.
** Let's test and make sure that's true.
*/
rv = SSL_Enable(model_sock, SSL_SECURITY, 1);
rv = SSL_OptionSet(model_sock, SSL_SECURITY, 1);
if (rv < 0) {
errExit("SSL_Enable SSL_SECURITY");
errExit("SSL_OptionSet SSL_SECURITY");
}
#endif
rv = SSL_Enable(model_sock, SSL_ENABLE_SSL3, !disableSSL3);
rv = SSL_OptionSet(model_sock, SSL_ENABLE_SSL3, !disableSSL3);
if (rv != SECSuccess) {
errExit("error enabling SSLv3 ");
}
rv = SSL_Enable(model_sock, SSL_ENABLE_TLS, !disableTLS);
rv = SSL_OptionSet(model_sock, SSL_ENABLE_TLS, !disableTLS);
if (rv != SECSuccess) {
errExit("error enabling TLS ");
}
rv = SSL_Enable(model_sock, SSL_ROLLBACK_DETECTION, !disableRollBack);
rv = SSL_OptionSet(model_sock, SSL_ROLLBACK_DETECTION, !disableRollBack);
if (rv != SECSuccess) {
errExit("error enabling RollBack detection ");
}
@ -954,9 +959,9 @@ server_main(
}
if (bigBuf.data) { /* doing FDX */
rv = SSL_Enable(model_sock, SSL_ENABLE_FDX, 1);
rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
if (rv < 0) {
errExit("SSL_Enable SSL_ENABLE_FDX");
errExit("SSL_OptionSet SSL_ENABLE_FDX");
}
}
@ -964,9 +969,9 @@ server_main(
* would like it to be. Turn this cipher on.
*/
secStatus = SSL_EnableCipher( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
secStatus = SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE);
if ( secStatus != SECSuccess ) {
errExit("SSL_EnableCipher:SSL_RSA_WITH_NULL_MD5");
errExit("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
}
@ -974,14 +979,14 @@ server_main(
SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
(void *)CERT_GetDefaultCertDB());
if (requestCert <= 2) {
rv = SSL_Enable(model_sock, SSL_REQUEST_CERTIFICATE, 1);
rv = SSL_OptionSet(model_sock, SSL_REQUEST_CERTIFICATE, 1);
if (rv < 0) {
errExit("first SSL_Enable SSL_REQUEST_CERTIFICATE");
errExit("first SSL_OptionSet SSL_REQUEST_CERTIFICATE");
}
rv = SSL_Enable(model_sock, SSL_REQUIRE_CERTIFICATE,
rv = SSL_OptionSet(model_sock, SSL_REQUIRE_CERTIFICATE,
(requestCert == 2));
if (rv < 0) {
errExit("first SSL_Enable SSL_REQUIRE_CERTIFICATE");
errExit("first SSL_OptionSet SSL_REQUIRE_CERTIFICATE");
}
}
}
@ -1208,8 +1213,7 @@ main(int argc, char **argv)
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableSSL2Ciphers();
disableSSL3Ciphers();
disableAllSSLCiphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;

16
security/nss/cmd/sslstrength/sslstrength.c
Просмотреть файл

@ -67,9 +67,9 @@ PRInt32 debug;
/* Set SSL Policy to Domestic (strong=1) or Export (strong=0) */
#define ALLOW(x) SSL_SetPolicy(x,SSL_ALLOWED); SSL_EnableCipher(x,1);
#define DISALLOW(x) SSL_SetPolicy(x,SSL_NOT_ALLOWED); SSL_EnableCipher(x,0);
#define MAYBEALLOW(x) SSL_SetPolicy(x,SSL_RESTRICTED); SSL_EnableCipher(x,1);
#define ALLOW(x) SSL_CipherPolicySet(x,SSL_ALLOWED); SSL_CipherPrefSetDefault(x,1);
#define DISALLOW(x) SSL_CipherPolicySet(x,SSL_NOT_ALLOWED); SSL_CipherPrefSetDefault(x,0);
#define MAYBEALLOW(x) SSL_CipherPolicySet(x,SSL_RESTRICTED); SSL_CipherPrefSetDefault(x,1);
struct CipherPolicy {
char number;
@ -167,8 +167,8 @@ void SetPolicy(char *c,int policy) { /* policy==1 : domestic, policy==0, expo
int i,j,cpolicy;
/* first, enable all relevant ciphers according to policy */
for (j=0;j<(sizeof(ciphers)/sizeof(struct CipherPolicy));j++) {
SSL_SetPolicy(ciphers[j].id,policy?ciphers[j].domestic:ciphers[j].export);
SSL_EnableCipher(ciphers[j].id,0);
SSL_CipherPolicySet(ciphers[j].id,policy?ciphers[j].domestic:ciphers[j].export);
SSL_CipherPrefSetDefault(ciphers[j].id, PR_FALSE);
ciphers[j].pref =0;
}
@ -183,7 +183,7 @@ void SetPolicy(char *c,int policy) { /* policy==1 : domestic, policy==0, expo
}
else {
ciphers[j].pref=1;
SSL_EnableCipher(ciphers[j].id,1);
SSL_CipherPrefSetDefault(ciphers[j].id, PR_TRUE);
}
}
}
@ -388,7 +388,7 @@ PRInt32 main(PRInt32 argc,char **argv, char **envp)
dbmsg("10: About to enable security\n");
rv = SSL_Enable(s, SSL_SECURITY, 1);
rv = SSL_OptionSet(s, SSL_SECURITY, PR_TRUE);
if (rv < 0) {
PrintErrString(progname, "error enabling socket");
return -1;
@ -409,7 +409,7 @@ PRInt32 main(PRInt32 argc,char **argv, char **envp)
PrintCiphers(1);
rv = SSL_Enable(s, SSL_HANDSHAKE_AS_CLIENT, 1);
rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
if (rv < 0) {
PrintErrString(progname, "error enabling client handshake");
return -1;

152
security/nss/cmd/strsclnt/strsclnt.c
Просмотреть файл

@ -113,41 +113,6 @@ int NoReuse;
SSL3Statistics * ssl3stats;
void
disableSSL2Ciphers(void)
{
int i;
/* disable all the SSL2 cipher suites */
for (i = 0; ssl2CipherSuites[i] != 0; ++i) {
SECStatus rv;
rv = SSL_EnableCipher(ssl2CipherSuites[i], SSL_NOT_ALLOWED);
if (rv != SECSuccess) {
fprintf(stderr,
"strsclnt: SSL_EnableCipher failed with value 0x%04x\n",
ssl2CipherSuites[i]);
exit(1);
}
}
}
void
disableSSL3Ciphers(void)
{
int i;
/* disable all the SSL3 cipher suites */
for (i = 0; ssl3CipherSuites[i] != 0; ++i) {
SECStatus rv;
rv = SSL_EnableCipher(ssl3CipherSuites[i], SSL_NOT_ALLOWED);
if (rv != SECSuccess) {
fprintf(stderr,
"strsclnt: SSL_EnableCipher failed with value 0x%04x\n",
ssl3CipherSuites[i]);
exit(1);
}
}
}
char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg)
{
@ -180,49 +145,6 @@ Usage(const char *progName)
exit(1);
}
static void
networkStart(void)
{
#if defined(XP_WIN) && !defined(NSPR20)
WORD wVersionRequested;
WSADATA wsaData;
int err;
wVersionRequested = MAKEWORD(1, 1);
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0) {
/* Tell the user that we couldn't find a useable winsock.dll. */
fputs("WSAStartup failed!\n", stderr);
exit(1);
}
/* Confirm that the Windows Sockets DLL supports 1.1.*/
/* Note that if the DLL supports versions greater */
/* than 1.1 in addition to 1.1, it will still return */
/* 1.1 in wVersion since that is the version we */
/* requested. */
if ( LOBYTE( wsaData.wVersion ) != 1 ||
HIBYTE( wsaData.wVersion ) != 1 ) {
/* Tell the user that we couldn't find a useable winsock.dll. */
fputs("wrong winsock version\n", stderr);
WSACleanup();
exit(1);
}
/* The Windows Sockets DLL is acceptable. Proceed. */
#endif
}
static void
networkEnd(void)
{
#if defined(XP_WIN) && !defined(NSPR20)
WSACleanup();
#endif
}
static void
errWarn(char * funcString)
@ -237,34 +159,36 @@ errWarn(char * funcString)
static void
errExit(char * funcString)
{
#if defined (XP_WIN) && !defined(NSPR20)
int err;
LPVOID lpMsgBuf;
err = WSAGetLastError();
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
err,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(LPTSTR) &lpMsgBuf,
0,
NULL
);
/* Display the string. */
/*MessageBox( NULL, lpMsgBuf, "GetLastError", MB_OK|MB_ICONINFORMATION ); */
fprintf(stderr, "%s\n", lpMsgBuf);
/* Free the buffer. */
LocalFree( lpMsgBuf );
#endif
errWarn(funcString);
exit(1);
}
/**************************************************************************
**
** Routines for disabling SSL ciphers.
**
**************************************************************************/
void
disableAllSSLCiphers(void)
{
const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
int i = SSL_NumImplementedCiphers;
SECStatus rv;
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
if (rv != SECSuccess) {
printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
suite, i);
errWarn("SSL_CipherPrefSetDefault");
exit(2);
}
}
}
/* This invokes the "default" AuthCert handler in libssl.
** The only reason to use this one is that it prints out info as it goes.
*/
@ -833,8 +757,6 @@ client_main(
PRUint32 ipAddress; /* in host byte order */
PRNetAddr addr;
networkStart();
/* Assemble NetAddr struct for connections. */
ipAddress = getIPAddress(hostName);
@ -845,13 +767,12 @@ client_main(
/* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
NSS_SetDomesticPolicy();
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
if (cipherString) {
int ndx;
/* disable all the ciphers, then enable the ones we want. */
disableSSL2Ciphers();
disableSSL3Ciphers();
disableAllSSLCiphers();
while (0 != (ndx = *cipherString++)) {
int *cptr;
@ -864,10 +785,10 @@ client_main(
/* do nothing */;
if (cipher) {
SECStatus rv;
rv = SSL_EnableCipher(cipher, SSL_ALLOWED);
rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
if (rv != SECSuccess) {
fprintf(stderr,
"strsclnt: SSL_EnableCipher failed with value 0x%04x\n",
"strsclnt: SSL_CipherPrefSetDefault failed with value 0x%04x\n",
cipher);
exit(1);
}
@ -889,22 +810,22 @@ client_main(
/* do SSL configuration. */
rv = SSL_Enable(model_sock, SSL_SECURITY, 1);
rv = SSL_OptionSet(model_sock, SSL_SECURITY, 1);
if (rv < 0) {
errExit("SSL_Enable SSL_SECURITY");
errExit("SSL_OptionSet SSL_SECURITY");
}
if (bigBuf.data) { /* doing FDX */
rv = SSL_Enable(model_sock, SSL_ENABLE_FDX, 1);
rv = SSL_OptionSet(model_sock, SSL_ENABLE_FDX, 1);
if (rv < 0) {
errExit("SSL_Enable SSL_ENABLE_FDX");
errExit("SSL_OptionSet SSL_ENABLE_FDX");
}
}
if (NoReuse) {
rv = SSL_Enable(model_sock, SSL_NO_CACHE, 1);
rv = SSL_OptionSet(model_sock, SSL_NO_CACHE, 1);
if (rv < 0) {
errExit("SSL_Enable SSL_NO_CACHE");
errExit("SSL_OptionSet SSL_NO_CACHE");
}
}
@ -941,7 +862,6 @@ client_main(
PR_Close(model_sock);
networkEnd();
}
SECStatus

14
security/nss/cmd/tstclnt/tstclnt.c
Просмотреть файл

@ -209,7 +209,7 @@ disableAllSSLCiphers(void)
/* disable all the SSL3 cipher suites */
while (--i >= 0) {
PRUint16 suite = cipherSuites[i];
rv = SSL_CipherPrefSetDefault(suite, SSL_NOT_ALLOWED);
rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
if (rv != SECSuccess) {
PRErrorCode err = PR_GetError();
printf("SSL_CipherPrefSet didn't like value 0x%04x (i = %d): %s\n",
@ -437,13 +437,13 @@ int main(int argc, char **argv)
return -1;
}
rv = SSL_Enable(s, SSL_SECURITY, 1);
rv = SSL_OptionSet(s, SSL_SECURITY, 1);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling socket");
return -1;
}
rv = SSL_Enable(s, SSL_HANDSHAKE_AS_CLIENT, 1);
rv = SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, 1);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling client handshake");
return -1;
@ -471,26 +471,26 @@ int main(int argc, char **argv)
}
}
rv = SSL_Enable(s, SSL_ENABLE_SSL2, !disableSSL2);
rv = SSL_OptionSet(s, SSL_ENABLE_SSL2, !disableSSL2);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling SSLv2 ");
return -1;
}
rv = SSL_Enable(s, SSL_ENABLE_SSL3, !disableSSL3);
rv = SSL_OptionSet(s, SSL_ENABLE_SSL3, !disableSSL3);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling SSLv3 ");
return -1;
}
rv = SSL_Enable(s, SSL_ENABLE_TLS, !disableTLS);
rv = SSL_OptionSet(s, SSL_ENABLE_TLS, !disableTLS);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error enabling TLS ");
return -1;
}
/* disable ssl2 and ssl2-compatible client hellos. */
rv = SSL_Enable(s, SSL_V2_COMPATIBLE_HELLO, !disableSSL2);
rv = SSL_OptionSet(s, SSL_V2_COMPATIBLE_HELLO, !disableSSL2);
if (rv != SECSuccess) {
SECU_PrintError(progName, "error disabling v2 compatibility");
return -1;