ssl.h
来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C头文件 代码 · 共 424 行 · 第 1/2 页
H
424 行
/* * This file contains prototypes for the public SSL functions. * * The contents of this file are subject to the Mozilla Public * License Version 1.1 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or * implied. See the License for the specific language governing * rights and limitations under the License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is Netscape * Communications Corporation. Portions created by Netscape are * Copyright (C) 1994-2000 Netscape Communications Corporation. All * Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the * terms of the GNU General Public License Version 2 or later (the * "GPL"), in which case the provisions of the GPL are applicable * instead of those above. If you wish to allow use of your * version of this file only under the terms of the GPL and not to * allow others to use your version of this file under the MPL, * indicate your decision by deleting the provisions above and * replace them with the notice and other provisions required by * the GPL. If you do not delete the provisions above, a recipient * may use your version of this file under either the MPL or the * GPL. * * $Id: ssl.h,v 1.2 2000/05/24 03:31:44 nelsonb%netscape.com Exp $ */#ifndef __ssl_h_#define __ssl_h_#include "prtypes.h"#include "prerror.h"#include "prio.h"#include "seccomon.h"#include "cert.h"#include "keyt.h"/* constant table enumerating all implemented SSL 2 and 3 cipher suites. */extern const PRUint16 SSL_ImplementedCiphers[];/* number of entries in the above table. */extern const PRUint16 SSL_NumImplementedCiphers;/* Macro to tell which ciphers in table are SSL2 vs SSL3/TLS. */#define SSL_IS_SSL2_CIPHER(which) (((which) & 0xfff0) == 0xff00)SEC_BEGIN_PROTOS/*** Imports fd into SSL, returning a new socket. Copies SSL configuration** from model.*/extern PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);/*** Enable/disable an ssl mode**** SSL_SECURITY:** enable/disable use of SSL security protocol before connect**** SSL_SOCKS:** enable/disable use of socks before connect** (No longer supported).**** SSL_REQUEST_CERTIFICATE:** require a certificate during secure connect*//* options */#define SSL_SECURITY 1#define SSL_SOCKS 2#define SSL_REQUEST_CERTIFICATE 3#define SSL_HANDSHAKE_AS_CLIENT 5 /* force accept to hs as client */#define SSL_HANDSHAKE_AS_SERVER 6 /* force connect to hs as server */#define SSL_ENABLE_SSL2 7 /* enable ssl v2 (on by default) */#define SSL_ENABLE_SSL3 8 /* enable ssl v3 (on by default) */#define SSL_NO_CACHE 9 /* don't use the session cache */#define SSL_REQUIRE_CERTIFICATE 10#define SSL_ENABLE_FDX 11 /* permit simultaneous read/write */#define SSL_V2_COMPATIBLE_HELLO 12 /* send v3 client hello in v2 fmt */#define SSL_ENABLE_TLS 13 /* enable TLS (off by default) */#define SSL_ROLLBACK_DETECTION 14 /* for compatibility, default: on *//* Old deprecated function names */extern SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);extern SECStatus SSL_EnableDefault(int option, PRBool on);/* New function names */extern SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);extern SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);extern SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);extern SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);extern SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);/*** Control ciphers that SSL uses. If on is non-zero then the named cipher** is enabled, otherwise it is disabled. ** The "cipher" values are defined in sslproto.h (the SSL_EN_* values).** EnableCipher records user preferences.** SetPolicy sets the policy according to the policy module.*//* Old deprecated function names */extern SECStatus SSL_EnableCipher(long which, PRBool enabled);extern SECStatus SSL_SetPolicy(long which, int policy);/* New function names */extern SECStatus SSL_CipherPrefSet(PRFileDesc *fd, PRInt32 cipher, PRBool enabled);extern SECStatus SSL_CipherPrefGet(PRFileDesc *fd, PRInt32 cipher, PRBool *enabled);extern SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);extern SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher, PRBool *enabled);extern SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);extern SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);/* Values for "policy" argument to SSL_PolicySet *//* Values returned by SSL_CipherPolicyGet. */#define SSL_NOT_ALLOWED 0 /* or invalid or unimplemented */#define SSL_ALLOWED 1#define SSL_RESTRICTED 2 /* only with "Step-Up" certs. *//*** Reset the handshake state for fd. This will make the complete SSL** handshake protocol execute from the ground up on the next i/o** operation.*/extern SECStatus SSL_ResetHandshake(PRFileDesc *fd, PRBool asServer);/*** Force the handshake for fd to complete immediately. This blocks until** the complete SSL handshake protocol is finished.*/extern int SSL_ForceHandshake(PRFileDesc *fd);/*** Query security status of socket. *on is set to one if security is** enabled. *keySize will contain the stream key size used. *issuer will** contain the RFC1485 verison of the name of the issuer of the** certificate at the other end of the connection. For a client, this is** the issuer of the server's certificate; for a server, this is the** issuer of the client's certificate (if any). Subject is the subject of** the other end's certificate. The pointers can be zero if the desired** data is not needed. All strings returned by this function are owned** by SSL, and will be freed when the socket is closed.*/extern int SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher, int *keySize, int *secretKeySize, char **issuer, char **subject);/* Values for "on" */#define SSL_SECURITY_STATUS_NOOPT -1#define SSL_SECURITY_STATUS_OFF 0#define SSL_SECURITY_STATUS_ON_HIGH 1#define SSL_SECURITY_STATUS_ON_LOW 2#define SSL_SECURITY_STATUS_FORTEZZA 3/*** Return the certificate for our SSL peer. If the client calls this** it will always return the server's certificate. If the server calls** this, it may return NULL if client authentication is not enabled or** if the client had no certificate when asked.** "fd" the socket "file" descriptor*/extern CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);/*** Authenticate certificate hook. Called when a certificate comes in** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the** certificate.*/typedef int (*SSLAuthCertificate)(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer);extern int SSL_AuthCertificateHook(PRFileDesc *fd, SSLAuthCertificate f, void *arg);/* An implementation of the certificate authentication hook */extern int SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer);/* * Prototype for SSL callback to get client auth data from the application. * arg - application passed argument * caNames - pointer to distinguished names of CAs that the server likes * pRetCert - pointer to pointer to cert, for return of cert * pRetKey - pointer to key pointer, for return of key */typedef int (*SSLGetClientAuthData)(void *arg, PRFileDesc *fd, CERTDistNames *caNames, CERTCertificate **pRetCert,/*return */ SECKEYPrivateKey **pRetKey);/* return *//* * Set the client side callback for SSL to retrieve user's private key * and certificate. * fd - the file descriptor for the connection in question * f - the application's callback that delivers the key and cert * a - application specific data */extern int SSL_GetClientAuthDataHook(PRFileDesc *fd, SSLGetClientAuthData f, void *a);/* * Set the client side argument for SSL to retrieve PKCS #11 pin.⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?