SSL Reference

You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.

Skip to main content

Roadmap
Projects
Coding
Testing
Tools
- Bugzilla
- Tinderbox
- Bonsai
- LXR
FAQs

Next | Index

SSL Reference

Newsgroup: mozilla.dev.tech.crypto
Writer: Sean Cotter
Manager: Wan-Teh Chang

Chapter 1 Overview of an SSL Application

SSL and related APIs allow compliant applications to configure sockets for authenticated, tamper-proof, and encrypted communications. This chapter introduces some of the basic SSL functions. Chapter 2, "Getting Started With SSL" illustrates their use in sample client and server applications.

: Initializing Caches

Functions Used by Callbacks

Chapter 2 Getting Started With SSL

This chapter describes how to set up your environment, including certificate and key databases, to run the NSS sample code. The sample code and makefiles are available via LXR in the SSLSamples directory.

SSL, PKCS #11, and the Default Security Databases

Setting Up the Certificate and Key Databases

Setting Up the CA and Server Certificates

: Creating the Databases and Generating the Keys
: Creating the CA Certificate and Adding It to the Database
: Creating the Server Certificate and Adding It to the Database

Setting Up the Client Certificate

: Creating the Databases and Generating the Keys
: Creating the Client Certificate and Adding It to the Database
: Adding the CA Certificate to the Database

Verifying the Server and Client Certificates

Building NSS Programs

Chapter 3 Selected SSL Types and Structures

This chapter describes some of the most important types and structures used with the functions described in the rest of this document, and how to manage the memory used for them. Additional types are described with the functions that use them or in the header files.

Types and Structures

: CERTCertDBHandle
: CERTCertificate
: PK11SlotInfo
: SECItem
: SECKEYPrivateKey
: SECStatus

Managing SECItem Memory

: SECItem_FreeItem
: SECItem_ZfreeItem

Chapter 4 SSL Functions

This chapter describes the core SSL functions.

SSL Initialization Functions

: NSS_Init
: NSS_InitReadWrite
: NSS_NoDB_Init
: SSL_OptionSetDefault
: SSL_OptionGetDefault
: SSL_CipherPrefSetDefault
: SSL_CipherPrefGetDefault
: SSL_ClearSessionCache
: SSL_ConfigServerSessionIDCache

Initializing Multi-Processing with a Shared SSL Server Cache

: SSL_ConfigMPServerSIDCache
: SSL_InheritMPServerSIDCache

SSL Export Policy Functions

: NSS_SetDomesticPolicy
: NSS_SetExportPolicy
: NSS_SetFrancePolicy
: SSL_CipherPolicySet
: SSL_CipherPolicyGet

SSL Configuration Functions

SSL Configuration

: SSL_ImportFD
: SSL_OptionSet
: SSL_OptionGet
: SSL_CipherPrefSet
: SSL_CipherPrefGet
: SSL_ConfigSecureServer
: SSL_SetURL
: SSL_SetPKCS11PinArg

Callback Configuration

: SSL_AuthCertificateHook
: SSL_AuthCertificate
: SSL_BadCertHook
: SSL_GetClientAuthDataHook
: NSS_GetClientAuthData
: SSL_HandshakeCallback

SSL Communication Functions

: SSL_InvalidateSession
: SSL_DataPending
: SSL_SecurityStatus
: SSL_GetSessionID
: SSL_SetSockPeerID

SSL Functions Used by Callbacks

: SSL_PeerCertificate
: SSL_RevealURL
: SSL_RevealPinArg

SSL Handshake Functions

: SSL_ForceHandshake
: SSL_ReHandshake
: SSL_ResetHandshake

NSS Shutdown Function

: NSS_Shutdown

Deprecated Functions

: SSL_EnableDefault
: SSL_Enable
: SSL_EnableCipher
: SSL_SetPolicy
: SSL_RedoHandshake

Chapter 5 Certificate Functions

This chapter describes the functions and related types used to work with a certificate database such as the cert7.db database provided with Communicator.

Validating Certificates

: CERT_VerifyCertNow
: CERT_VerifyCertName
: CERT_CheckCertValidTimes
: NSS_CmpCertChainWCANames

Manipulating Certificates

: CERT_DupCertificate
: CERT_DestroyCertificate

Getting Certificate Information

: CERT_FindCertByName
: CERT_GetCertNicknames
: CERT_FreeNicknames
: CERT_GetDefaultCertDB
: NSS_FindCertKEAType

Comparing SecItem Objects

: SECITEM_CompareItem

Chapter 6 Key Functions

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with Communicator.

: SECKEY_GetDefaultKeyDB
: SECKEY_DestroyPrivateKey

Chapter 7 PKCS #11 Functions

This chapter describes the core PKCS #11 functions that an application needs for communicating with cryptographic modules. In particular, these functions are used for obtaining certificates, keys, and passwords.

: PK11_FindCertFromNickname
: PK11_FindKeyByAnyCert
: PK11_GetSlotName
: PK11_GetTokenName
: PK11_IsHW
: PK11_IsPresent
: PK11_IsReadOnly
: PK11_SetPasswordFunc

Chapter 8 NSS and SSL Error Codes

NSS error codes are retrieved using the NSPR function PR_GetError. In addition to the error codes defined by NSPR, PR_GetError retrieves the error codes described in this chapter.

: SSL Error Codes
: SEC Error Codes

Index

Last Updated: 10/18/00 09:40:23