You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



Next | Index

SSL Reference

Newsgroup: mozilla.dev.tech.crypto
Writer: Sean Cotter
Manager: Wan-Teh Chang

Chapter 1  Overview of an SSL Application

SSL and related APIs allow compliant applications to configure sockets for authenticated, tamper-proof, and encrypted communications. This chapter introduces some of the basic SSL functions. Chapter 2, "Getting Started With SSL" illustrates their use in sample client and server applications.
Initialization
Initializing Caches
Configuration
Communication
Functions Used by Callbacks
Cleanup

Chapter 2  Getting Started With SSL

This chapter describes how to set up your environment, including certificate and key databases, to run the NSS sample code. The sample code and makefiles are available via LXR in the SSLSamples directory.
SSL, PKCS #11, and the Default Security Databases
Setting Up the Certificate and Key Databases
Setting Up the CA and Server Certificates
Creating the Databases and Generating the Keys
Creating the CA Certificate and Adding It to the Database
Creating the Server Certificate and Adding It to the Database
Setting Up the Client Certificate
Creating the Databases and Generating the Keys
Creating the Client Certificate and Adding It to the Database
Adding the CA Certificate to the Database
Verifying the Server and Client Certificates
Building NSS Programs

Chapter 3  Selected SSL Types and Structures

This chapter describes some of the most important types and structures used with the functions described in the rest of this document, and how to manage the memory used for them. Additional types are described with the functions that use them or in the header files.
Types and Structures
CERTCertDBHandle
CERTCertificate
PK11SlotInfo
SECItem
SECKEYPrivateKey
SECStatus
Managing SECItem Memory
SECItem_FreeItem
SECItem_ZfreeItem

Chapter 4  SSL Functions

This chapter describes the core SSL functions.
SSL Initialization Functions
NSS_Init
NSS_InitReadWrite
NSS_NoDB_Init
SSL_OptionSetDefault
SSL_OptionGetDefault
SSL_CipherPrefSetDefault
SSL_CipherPrefGetDefault
SSL_ClearSessionCache
SSL_ConfigServerSessionIDCache
Initializing Multi-Processing with a Shared SSL Server Cache
SSL_ConfigMPServerSIDCache
SSL_InheritMPServerSIDCache
SSL Export Policy Functions
NSS_SetDomesticPolicy
NSS_SetExportPolicy
NSS_SetFrancePolicy
SSL_CipherPolicySet
SSL_CipherPolicyGet
SSL Configuration Functions
SSL Configuration
SSL_ImportFD
SSL_OptionSet
SSL_OptionGet
SSL_CipherPrefSet
SSL_CipherPrefGet
SSL_ConfigSecureServer
SSL_SetURL
SSL_SetPKCS11PinArg
Callback Configuration
SSL_AuthCertificateHook
SSL_AuthCertificate
SSL_BadCertHook
SSL_GetClientAuthDataHook
NSS_GetClientAuthData
SSL_HandshakeCallback
SSL Communication Functions
SSL_InvalidateSession
SSL_DataPending
SSL_SecurityStatus
SSL_GetSessionID
SSL_SetSockPeerID
SSL Functions Used by Callbacks
SSL_PeerCertificate
SSL_RevealURL
SSL_RevealPinArg
SSL Handshake Functions
SSL_ForceHandshake
SSL_ReHandshake
SSL_ResetHandshake
NSS Shutdown Function
NSS_Shutdown
Deprecated Functions
SSL_EnableDefault
SSL_Enable
SSL_EnableCipher
SSL_SetPolicy
SSL_RedoHandshake

Chapter 5  Certificate Functions

This chapter describes the functions and related types used to work with a certificate database such as the cert7.db database provided with Communicator.
Validating Certificates
CERT_VerifyCertNow
CERT_VerifyCertName
CERT_CheckCertValidTimes
NSS_CmpCertChainWCANames
Manipulating Certificates
CERT_DupCertificate
CERT_DestroyCertificate
Getting Certificate Information
CERT_FindCertByName
CERT_GetCertNicknames
CERT_FreeNicknames
CERT_GetDefaultCertDB
NSS_FindCertKEAType
Comparing SecItem Objects
SECITEM_CompareItem

Chapter 6  Key Functions

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with Communicator.
SECKEY_GetDefaultKeyDB
SECKEY_DestroyPrivateKey

Chapter 7  PKCS #11 Functions

This chapter describes the core PKCS #11 functions that an application needs for communicating with cryptographic modules. In particular, these functions are used for obtaining certificates, keys, and passwords.
PK11_FindCertFromNickname
PK11_FindKeyByAnyCert
PK11_GetSlotName
PK11_GetTokenName
PK11_IsHW
PK11_IsPresent
PK11_IsReadOnly
PK11_SetPasswordFunc

Chapter 8  NSS and SSL Error Codes

NSS error codes are retrieved using the NSPR function PR_GetError. In addition to the error codes defined by NSPR, PR_GetError retrieves the error codes described in this chapter.
SSL Error Codes
SEC Error Codes

Index


Next | Index

Last Updated: 10/18/00 09:40:23