static void nss_select_method(const char *uhp) { char *cp; enum { SSL2 = 01, SSL3 = 02, TLS1 = 03 } methods; methods = SSL2|SSL3|TLS1; cp = ssl_method_string(uhp); if (cp != NULL) { if (equal(cp, "ssl2")) methods = SSL2; else if (equal(cp, "ssl3")) methods = SSL3; else if (equal(cp, "tls1")) methods = TLS1; else { fprintf(stderr, catgets(catd, CATSET, 244, "Invalid SSL method \"%s\"\n"), cp); } } if (value("ssl-v2-allow") == NULL) methods &= ~SSL2; SSL_OptionSetDefault(SSL_ENABLE_SSL2, methods&SSL2 ? PR_TRUE:PR_FALSE); SSL_OptionSetDefault(SSL_ENABLE_SSL3, methods&SSL3 ? PR_TRUE:PR_FALSE); SSL_OptionSetDefault(SSL_ENABLE_TLS, methods&TLS1 ? PR_TRUE:PR_FALSE); }
void * tls_init(const struct tls_config *conf) { char *dir; tls_nss_ref_count++; if (tls_nss_ref_count > 1) return (void *) 1; PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); nss_layer_id = PR_GetUniqueIdentity("wpa_supplicant"); PK11_SetPasswordFunc(nss_password_cb); dir = getenv("SSL_DIR"); if (dir) { if (NSS_Init(dir) != SECSuccess) { wpa_printf(MSG_ERROR, "NSS: NSS_Init(cert_dir=%s) " "failed", dir); return NULL; } } else { if (NSS_NoDB_Init(NULL) != SECSuccess) { wpa_printf(MSG_ERROR, "NSS: NSS_NoDB_Init(NULL) " "failed"); return NULL; } } if (SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, PR_FALSE) != SECSuccess || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_FALSE) != SECSuccess || SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE) != SECSuccess || SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE) != SECSuccess) { wpa_printf(MSG_ERROR, "NSS: SSL_OptionSetDefault failed"); return NULL; } if (NSS_SetDomesticPolicy() != SECSuccess) { wpa_printf(MSG_ERROR, "NSS: NSS_SetDomesticPolicy() failed"); return NULL; } return (void *) 1; }
void MozillaRenderer::initialize(void) { // Initialize NSPR and NSS PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10); if (NSS_InitReadWrite(NULL) == SECFailure) { if (NSS_NoDB_Init(NULL) == SECFailure) { #ifdef DEBUG cout << "MozillaRenderer::ctor: couldn't initialize NSS" << endl; #endif } } NSS_SetDomesticPolicy(); SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE); SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE); SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE); SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, PR_TRUE); }
JNIEXPORT void JNICALL Java_org_mozilla_jss_ssl_SSLSocket_setSSLDefaultOption(JNIEnv *env, jclass clazz, jint joption, jint on) { SECStatus status; /* set the option */ status = SSL_OptionSetDefault(JSSL_enums[joption], on); if( status != SECSuccess ) { JSSL_throwSSLSocketException(env, "SSL_OptionSet failed"); goto finish; } finish: return; }
gint camel_init (const gchar *configdir, gboolean nss_init) { CamelCertDB *certdb; gchar *path; if (initialised) return 0; bindtextdomain (GETTEXT_PACKAGE, LOCALEDIR); bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); camel_debug_init (); if (nss_init) { static gchar v2_enabled = -1, weak_ciphers = -1; gchar *nss_configdir = NULL; gchar *nss_sql_configdir = NULL; SECStatus status = SECFailure; #if NSS_VMAJOR < 3 || (NSS_VMAJOR == 3 && NSS_VMINOR < 14) /* NSS pre-3.14 has most of the ciphers disabled, thus enable * weak ciphers, if it's compiled against such */ weak_ciphers = 1; #endif /* check camel-tcp-stream-ssl.c for the same "CAMEL_SSL_V2_ENABLE" */ if (v2_enabled == -1) v2_enabled = g_strcmp0 (g_getenv ("CAMEL_SSL_V2_ENABLE"), "1") == 0 ? 1 : 0; if (weak_ciphers == -1) weak_ciphers = g_strcmp0 (g_getenv ("CAMEL_SSL_WEAK_CIPHERS"), "1") == 0 ? 1 : 0; if (nss_initlock == NULL) { PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 10); nss_initlock = PR_NewLock (); } PR_Lock (nss_initlock); if (NSS_IsInitialized ()) goto skip_nss_init; #ifndef G_OS_WIN32 nss_configdir = g_strdup (configdir); #else nss_configdir = g_win32_locale_filename_from_utf8 (configdir); #endif if (nss_has_system_db ()) { nss_sql_configdir = g_strdup ("sql:" NSS_SYSTEM_DB ); } else { /* On Windows, we use the Evolution configdir. On other * operating systems we use ~/.pki/nssdb/, which is where * the user-specific part of the "shared system db" is * stored and is what Chrome uses too. * * We have to create the configdir if it does not exist, * to prevent camel from bailing out on first run. */ #ifdef G_OS_WIN32 g_mkdir_with_parents (configdir, 0700); nss_sql_configdir = g_strconcat ( "sql:", nss_configdir, NULL); #else gchar *user_nss_dir = g_build_filename ( g_get_home_dir (), ".pki/nssdb", NULL ); if (g_mkdir_with_parents (user_nss_dir, 0700)) g_warning ( "Failed to create SQL " "database directory %s: %s\n", user_nss_dir, strerror (errno)); nss_sql_configdir = g_strconcat ( "sql:", user_nss_dir, NULL); g_free (user_nss_dir); #endif } #if NSS_VMAJOR > 3 || (NSS_VMAJOR == 3 && NSS_VMINOR >= 12) /* See: https://wiki.mozilla.org/NSS_Shared_DB, * particularly "Mode 3A". Note that the target * directory MUST EXIST. */ status = NSS_InitWithMerge ( nss_sql_configdir, /* dest dir */ "", "", /* new DB name prefixes */ SECMOD_DB, /* secmod name */ nss_configdir, /* old DB dir */ "", "", /* old DB name prefixes */ nss_configdir, /* unique ID for old DB */ "Evolution S/MIME", /* UI name for old DB */ 0); /* flags */ if (status == SECFailure) { g_warning ( "Failed to initialize NSS SQL database in %s: NSS error %d", nss_sql_configdir, PORT_GetError ()); /* Fall back to opening the old DBM database */ } #endif /* Support old versions of libnss, pre-sqlite support. */ if (status == SECFailure) status = NSS_InitReadWrite (nss_configdir); if (status == SECFailure) { /* Fall back to using volatile dbs? */ status = NSS_NoDB_Init (nss_configdir); if (status == SECFailure) { g_free (nss_configdir); g_free (nss_sql_configdir); g_warning ("Failed to initialize NSS"); PR_Unlock (nss_initlock); return -1; } } nss_initialized = TRUE; skip_nss_init: NSS_SetDomesticPolicy (); if (weak_ciphers) { PRUint16 indx; /* enable SSL3/TLS cipher-suites */ for (indx = 0; indx < SSL_NumImplementedCiphers; indx++) { if (!SSL_IS_SSL2_CIPHER (SSL_ImplementedCiphers[indx]) && SSL_ImplementedCiphers[indx] != SSL_RSA_WITH_NULL_SHA && SSL_ImplementedCiphers[indx] != SSL_RSA_WITH_NULL_MD5) SSL_CipherPrefSetDefault (SSL_ImplementedCiphers[indx], PR_TRUE); } } SSL_OptionSetDefault (SSL_ENABLE_SSL2, v2_enabled ? PR_TRUE : PR_FALSE); SSL_OptionSetDefault (SSL_V2_COMPATIBLE_HELLO, PR_FALSE); SSL_OptionSetDefault (SSL_ENABLE_SSL3, PR_TRUE); SSL_OptionSetDefault (SSL_ENABLE_TLS, PR_TRUE); PR_Unlock (nss_initlock); g_free (nss_configdir); g_free (nss_sql_configdir); } path = g_strdup_printf ("%s/camel-cert.db", configdir); certdb = camel_certdb_new (); camel_certdb_set_filename (certdb, path); g_free (path); /* if we fail to load, who cares? it'll just be a volatile certdb */ camel_certdb_load (certdb); /* set this certdb as the default db */ camel_certdb_set_default (certdb); g_object_unref (certdb); initialised = TRUE; return 0; }
int FileSSLDoublePoint_main(char * strUserPin, char * strNickName) { #if 1 int isServer = 0; SECStatus rv = SECSuccess; char * buffer = malloc(1024 * 1024); PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc(GetModulePassword); rv = NSS_Initialize(GetSystemDBDir(), "", "", "secmod.db", 0); rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); rv = SSL_OptionSetDefault(SSL_SOCKS, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_FDX, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE); rv = NSS_SetDomesticPolicy(); rv = NSS_SetExportPolicy(); rv = NSS_SetFrancePolicy(); // rv = SSL_CipherPolicySet(); SSL_ClearSessionCache(); rv = SSL_ConfigServerSessionIDCache(10, 30 , 30, "."); PRFileDesc * tcp_socket = PR_NewTCPSocket(); PRFileDesc * ssl_socket = SSL_ImportFD(NULL,tcp_socket); if (isServer) { CERTCertDBHandle *certHandle; certHandle = CERT_GetDefaultCertDB(); char * nickname = "4914afeedee988071490b98f1120ddac_e73f20c7-176d-4342-ac89-ea7c00bb570a";/*nickname*/ CERTCertificate* cert = NULL; cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, nickname); SECKEYPrivateKey *prvKey = NULL; prvKey = PK11_FindKeyByAnyCert(cert, NULL); rv = SSL_ConfigSecureServer(ssl_socket, cert,prvKey,ssl_kea_rsa); PRNetAddr netAddr; PRNetAddr netAddrLocal; rv = PR_InitializeNetAddr(0, 8888, &netAddr); rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal); rv = PR_Bind(tcp_socket,&netAddr); rv = PR_Listen(tcp_socket, 100); while (1) { PRFileDesc * client = PR_Accept(tcp_socket, &netAddr, 6000000); PRNetAddr addr; rv = PR_GetSockName(client, &addr); rv = SSL_ForceHandshake(client); rv = PR_Write(client,"123", 4); sleep(1); } } else { rv = SSL_AuthCertificateHook(ssl_socket, OwnAuthCertHandler, NULL); char * nickname = "nickname";/*nickname*/ rv = SSL_SetURL(ssl_socket, "192.168.18.22"); char * str = malloc(1024) ; memset(str, 0, 1024); strcpy(str ,"GET /test/test2.html HTTP/1.1\r\n");//注意\r\n为回车换行 // str = [str stringByAppendingString:@"Accept-Language: zh-cn\r\n"]; // str = [str stringByAppendingString:@"Connection: Keep-Alive\r\n"]; //str = [str stringByAppendingString:@"Host: 192.168.0.106\r\n"]; strcat(str ,"Host: 192.168.18.22:8443\r\n"); // str = [str stringByAppendingString:@"Content-Length: 0\r\n"]; strcat(str ,"\r\n"); // str = [str stringByAppendingString:@"userName=liqiangqiang&password=new_andy\r\n"]; // str = [str stringByAppendingString:@"\r\n"]; PRNetAddr netAddr; rv = PR_StringToNetAddr("192.168.18.22", &netAddr); rv = PR_InitializeNetAddr(0, 8443, &netAddr); // rv = PR_GetHostByName(); // PR_EnumerateHostEnt rv = PR_Connect(tcp_socket,&netAddr, 300000); FILE_LOG_NUMBER("/sdcard/ssl.log", rv); rv = SSL_GetClientAuthDataHook(ssl_socket,NSS_GetClientAuthData,strNickName); FILE_LOG_NUMBER("/sdcard/ssl.log", rv); rv = SSL_ForceHandshake(ssl_socket); FILE_LOG_NUMBER("/sdcard/ssl.log", rv); rv = PR_Write(tcp_socket, str, strlen(str)); FILE_LOG_NUMBER("/sdcard/ssl.log", rv); rv = PR_Read(tcp_socket,buffer, 1024 * 1024); FILE_LOG_NUMBER("/sdcard/ssl.log", rv); FILE * file = fopen("/sdcard/ssl_read.txt", "wb"); //fwrite(buffer, 1, rv, file); //rv = PR_Read(tcp_socket,buffer, 1024 * 1024); fwrite(buffer, 1, rv, file); fclose(file); sleep(1); rv = SSL_InvalidateSession(ssl_socket); rv = PR_Shutdown(tcp_socket, PR_SHUTDOWN_BOTH); rv = PR_Close(tcp_socket); rv = ssl_FreeSessionCacheLocks(); rv = NSS_Shutdown(); } #endif return 0; }
int FileSSL_main(int argc, char * argv[]) { bool isServer = true; SECStatus rv = SECSuccess; char buffer[32] = {0}; PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc(GetModulePassword); rv = NSS_Initialize(GetSystemDBDir(), "", "", "secmod.db", 0); rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE); rv = SSL_OptionSetDefault(SSL_SOCKS, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_FDX, PR_TRUE); rv = SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE); rv = NSS_SetDomesticPolicy(); rv = NSS_SetExportPolicy(); rv = NSS_SetFrancePolicy(); // rv = SSL_CipherPolicySet(); SSL_ClearSessionCache(); rv = SSL_ConfigServerSessionIDCache(10, 30 , 30, "."); PRFileDesc * socket = PR_NewTCPSocket(); socket = SSL_ImportFD(NULL,socket); if (isServer) { CERTCertDBHandle *certHandle; certHandle = CERT_GetDefaultCertDB(); char * nickname = "itrus Certificate DB:2013-11-15 12:44:10";/*nickname*/ CERTCertificate* cert = NULL; cert = CERT_FindCertByNicknameOrEmailAddr(certHandle, nickname); SECKEYPrivateKey *prvKey = NULL; prvKey = PK11_FindKeyByAnyCert(cert, NULL); rv = SSL_ConfigSecureServer(socket, cert,prvKey,ssl_kea_rsa); PRNetAddr netAddr; PRNetAddr netAddrLocal; rv = PR_InitializeNetAddr(0, 8888, &netAddr); rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal); rv = PR_Bind(socket,&netAddr); rv = PR_Listen(socket, 100); while (1) { PRFileDesc * client = PR_Accept(socket, &netAddr, 6000000); PRNetAddr addr; rv = PR_GetSockName(client, &addr); rv = SSL_ForceHandshake(client); rv = PR_Write(client,"123", 4); sleep(1); } } else { rv = SSL_SetURL(socket, "127.0.0.1"); PRNetAddr netAddr; PRNetAddr netAddrLocal; rv = PR_InitializeNetAddr(0, 8888, &netAddr); rv = PR_StringToNetAddr("127.0.0.1", &netAddrLocal); // rv = PR_GetHostByName(); // PR_EnumerateHostEnt rv = PR_Connect(socket,&netAddr, 300000); rv = SSL_AuthCertificateHook(socket, OwnAuthCertHandler, NULL); rv = SSL_ForceHandshake(socket); while (1) { rv = PR_Read(socket,buffer, 32); sleep(1); } } return 0; }