summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/listsuites
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/cmd/listsuites')
-rw-r--r--security/nss/cmd/listsuites/Makefile47
-rw-r--r--security/nss/cmd/listsuites/listsuites.c108
-rw-r--r--security/nss/cmd/listsuites/listsuites.gyp24
-rw-r--r--security/nss/cmd/listsuites/manifest.mn15
4 files changed, 194 insertions, 0 deletions
diff --git a/security/nss/cmd/listsuites/Makefile b/security/nss/cmd/listsuites/Makefile
new file mode 100644
index 0000000000..6e1d4ecdfc
--- /dev/null
+++ b/security/nss/cmd/listsuites/Makefile
@@ -0,0 +1,47 @@
+#! gmake
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY). #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL) #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL). #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL) #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL) #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL). #
+#######################################################################
+
+
+include ../platrules.mk
+
diff --git a/security/nss/cmd/listsuites/listsuites.c b/security/nss/cmd/listsuites/listsuites.c
new file mode 100644
index 0000000000..b49f2d8cf4
--- /dev/null
+++ b/security/nss/cmd/listsuites/listsuites.c
@@ -0,0 +1,108 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This program demonstrates the use of SSL_GetCipherSuiteInfo to avoid
+ * all compiled-in knowledge of SSL cipher suites.
+ *
+ * Try: ./listsuites | grep -v : | sort -b +4rn -5 +1 -2 +2 -3 +3 -4 +5r -6
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include "nss.h"
+#include "secport.h"
+#include "secutil.h"
+#include "ssl.h"
+
+int
+main(int argc, char **argv)
+{
+ const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+ int i;
+ int errCount = 0;
+ SECStatus rv;
+ PRErrorCode err;
+ char *certDir = NULL;
+
+ /* load policy from $SSL_DIR/pkcs11.txt, for testing */
+ certDir = SECU_DefaultSSLDir();
+ if (certDir) {
+ rv = NSS_Init(certDir);
+ } else {
+ rv = NSS_NoDB_Init(NULL);
+ }
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr, "NSS_Init failed: %s\n", PORT_ErrorToString(err));
+ goto out;
+ }
+
+ /* apply policy */
+ rv = NSS_SetAlgorithmPolicy(SEC_OID_APPLY_SSL_POLICY, NSS_USE_POLICY_IN_SSL, 0);
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr, "NSS_SetAlgorithmPolicy failed: %s\n",
+ PORT_ErrorToString(err));
+ goto out;
+ }
+
+ /* update the default cipher suites according to the policy */
+ rv = SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr, "SSL_OptionSetDefault failed: %s\n",
+ PORT_ErrorToString(err));
+ goto out;
+ }
+
+ fputs("This version of libSSL supports these cipher suites:\n\n", stdout);
+
+ /* disable all the SSL3 cipher suites */
+ for (i = 0; i < SSL_NumImplementedCiphers; i++) {
+ PRUint16 suite = cipherSuites[i];
+ PRBool enabled;
+ SSLCipherSuiteInfo info;
+
+ rv = SSL_CipherPrefGetDefault(suite, &enabled);
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr,
+ "SSL_CipherPrefGetDefault didn't like value 0x%04x (i = %d): %s\n",
+ suite, i, PORT_ErrorToString(err));
+ continue;
+ }
+ rv = SSL_GetCipherSuiteInfo(suite, &info, (int)(sizeof info));
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr,
+ "SSL_GetCipherSuiteInfo didn't like value 0x%04x (i = %d): %s\n",
+ suite, i, PORT_ErrorToString(err));
+ continue;
+ }
+ fprintf(stdout,
+ "%s:\n" /* up to 37 spaces */
+ " 0x%04hx %-5s %-5s %-8s %3hd %-6s %-8s %-4s Domestic %-11s\n",
+ info.cipherSuiteName, info.cipherSuite,
+ info.keaTypeName, info.authAlgorithmName, info.symCipherName,
+ info.effectiveKeyBits, info.macAlgorithmName,
+ enabled ? "Enabled" : "Disabled",
+ info.isFIPS ? "FIPS" : "",
+ info.nonStandard ? "nonStandard" : "");
+ }
+
+out:
+ rv = NSS_Shutdown();
+ if (rv != SECSuccess) {
+ err = PR_GetError();
+ ++errCount;
+ fprintf(stderr, "NSS_Shutdown failed: %s\n", PORT_ErrorToString(err));
+ }
+
+ return errCount;
+}
diff --git a/security/nss/cmd/listsuites/listsuites.gyp b/security/nss/cmd/listsuites/listsuites.gyp
new file mode 100644
index 0000000000..51f8d8f6e9
--- /dev/null
+++ b/security/nss/cmd/listsuites/listsuites.gyp
@@ -0,0 +1,24 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+{
+ 'includes': [
+ '../../coreconf/config.gypi',
+ '../../cmd/platlibs.gypi'
+ ],
+ 'targets': [
+ {
+ 'target_name': 'listsuites',
+ 'type': 'executable',
+ 'sources': [
+ 'listsuites.c'
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports'
+ ]
+ }
+ ],
+ 'variables': {
+ 'module': 'nss'
+ }
+} \ No newline at end of file
diff --git a/security/nss/cmd/listsuites/manifest.mn b/security/nss/cmd/listsuites/manifest.mn
new file mode 100644
index 0000000000..3e78daceea
--- /dev/null
+++ b/security/nss/cmd/listsuites/manifest.mn
@@ -0,0 +1,15 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+CORE_DEPTH = ../..
+
+MODULE = nss
+
+CSRCS = listsuites.c
+
+REQUIRES = seccmd
+
+PROGRAM = listsuites
+