139 PL_strcpy(dir, d);
140 } else {
141 /* grab the prefix */
142 PL_strcpy(key, k);
143 *k = '\0';
144 PL_strcpy(prefix, ++s);
145 *s = '\0';
146 PL_strcpy(dir, d);
147 }
148 } else {
149 /* neither *key[0-9].db nor *cert[0=9].db found */
150 return (-1);
151 }
152
153 return (0);
154 }
155
156
157 static PRStatus local_SSLPLCY_Install(void)
158 {
159 SECStatus s;
160
161 #ifdef NS_DOMESTIC
162 s = NSS_SetDomesticPolicy();
163 #elif NS_EXPORT
164 s = NSS_SetExportPolicy();
165 #else
166 s = PR_FAILURE;
167 #endif
168 return s?PR_FAILURE:PR_SUCCESS;
169 }
170
171
172
173 static void
174 ldapssl_basic_init( void )
175 {
176 #ifndef _SOLARIS_SDK
177 /*
178 * NSPR is initialized in .init on SOLARIS
179 */
180 /* PR_Init() must to be called before everything else... */
181 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
182 #endif
183
184 PR_SetConcurrency( 4 ); /* work around for NSPR 3.x I/O hangs */
185 }
186
187
188
455 ldapssl_free(&enval);
456 #endif
457 if (rc != 0) {
458 if ((rc = PR_GetError()) >= 0)
459 rc = -1;
460 mutex_unlock(&inited_mutex);
461 return (rc);
462 }
463
464 if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
465 || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
466 if (( rc = PR_GetError()) >= 0 ) {
467 rc = -1;
468 }
469 mutex_unlock(&inited_mutex);
470 return( rc );
471 }
472
473
474
475 #if defined(NS_DOMESTIC)
476 if (local_SSLPLCY_Install() == PR_FAILURE) {
477 mutex_unlock(&inited_mutex);
478 return( -1 );
479 }
480 #elif(NS_EXPORT)
481 if (local_SSLPLCY_Install() == PR_FAILURE) {
482 mutex_unlock(&inited_mutex);
483 return( -1 );
484 }
485 #else
486 mutex_unlock(&inited_mutex);
487 return( -1 );
488 #endif
489
490 inited = 1;
491 mutex_unlock(&inited_mutex);
492
493 return( 0 );
494
495 }
496
497 /*
498 * Initialize ns/security so it can be used for SSL client authentication.
499 * It is safe to call this more than once.
500 *
501 * If needkeydb == 0, no key database is opened and SSL server authentication
502 * is supported but not client authentication.
503 *
504 * If "certdbpath" is NULL or "", the default cert. db is used (typically
505 * ~/.netscape/cert7.db).
506 *
507 * If "certdbpath" ends with ".db" (case-insensitive compare), then
508 * it is assumed to be a full path to the cert. db file; otherwise,
559 }
560 #endif
561
562 rc = NSS_Init(certdbpath);
563 #ifdef _SOLARIS_SDK
564 /* Error from NSS_Init() more important! */
565 if ((rcenv != 1) && (reset_nss_strict_fork_env(enval) != 0) && (rc == 0)) {
566 ldapssl_free(&enval);
567 mutex_unlock(&inited_mutex);
568 return (-1);
569 }
570 ldapssl_free(&enval);
571 #endif
572 if (rc != 0) {
573 if ((rc = PR_GetError()) >= 0)
574 rc = -1;
575 mutex_unlock(&inited_mutex);
576 return (rc);
577 }
578
579 #if defined(NS_DOMESTIC)
580 if (local_SSLPLCY_Install() == PR_FAILURE) {
581 mutex_unlock(&inited_mutex);
582 return( -1 );
583 }
584 #elif(NS_EXPORT)
585 if (local_SSLPLCY_Install() == PR_FAILURE) {
586 mutex_unlock(&inited_mutex);
587 return( -1 );
588 }
589 #else
590 mutex_unlock(&inited_mutex);
591 return( -1 );
592 #endif
593
594 inited = 1;
595 mutex_unlock(&inited_mutex);
596
597 return( ldapssl_set_strength( NULL, sslstrength));
598
599 }
600
601
602 /*
603 * Initialize ns/security so it can be used for SSL client authentication.
604 * It is safe to call this more than once.
605 */
606
607 /*
608 * XXXceb This is a hack until the new IO functions are done.
609 * this function lives in ldapsinit.c
610 */
611 void set_using_pkcs_functions( int val );
612
694 mutex_unlock(&inited_mutex);
695 return (rc);
696 }
697
698
699 #if 0 /* UNNEEDED BY LIBLDAP */
700 /* this is odd */
701 PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );
702 #endif /* UNNEEDED BY LIBLDAP */
703
704 if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
705 || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
706 if (( rc = PR_GetError()) >= 0 ) {
707 rc = -1;
708 }
709
710 mutex_unlock(&inited_mutex);
711 return( rc );
712 }
713
714 #if defined(NS_DOMESTIC)
715 if (local_SSLPLCY_Install() == PR_FAILURE) {
716 mutex_unlock(&inited_mutex);
717 return( -1 );
718 }
719 #elif(NS_EXPORT)
720 if (local_SSLPLCY_Install() == PR_FAILURE) {
721 mutex_unlock(&inited_mutex);
722 return( -1 );
723 }
724 #else
725 mutex_unlock(&inited_mutex);
726 return( -1 );
727 #endif
728
729 inited = 1;
730
731 if ( certdbName != NULL ) {
732 ldapssl_free((void **) &certdbName );
733 }
734
735 return( ldapssl_set_strength( NULL, LDAPSSL_AUTH_CNCHECK));
736 }
737
738
739 /*
740 * ldapssl_client_init() is a server-authentication only version of
741 * ldapssl_clientauth_init().
742 */
743 int
744 LDAP_CALL
745 ldapssl_client_init(const char* certdbpath, void *certdbhandle )
746 {
747 return( ldapssl_clientauth_init( certdbpath, certdbhandle,
|
139 PL_strcpy(dir, d);
140 } else {
141 /* grab the prefix */
142 PL_strcpy(key, k);
143 *k = '\0';
144 PL_strcpy(prefix, ++s);
145 *s = '\0';
146 PL_strcpy(dir, d);
147 }
148 } else {
149 /* neither *key[0-9].db nor *cert[0=9].db found */
150 return (-1);
151 }
152
153 return (0);
154 }
155
156
157 static PRStatus local_SSLPLCY_Install(void)
158 {
159 return NSS_SetDomesticPolicy() ? PR_FAILURE : PR_SUCCESS;
160 }
161
162
163
164 static void
165 ldapssl_basic_init( void )
166 {
167 #ifndef _SOLARIS_SDK
168 /*
169 * NSPR is initialized in .init on SOLARIS
170 */
171 /* PR_Init() must to be called before everything else... */
172 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
173 #endif
174
175 PR_SetConcurrency( 4 ); /* work around for NSPR 3.x I/O hangs */
176 }
177
178
179
446 ldapssl_free(&enval);
447 #endif
448 if (rc != 0) {
449 if ((rc = PR_GetError()) >= 0)
450 rc = -1;
451 mutex_unlock(&inited_mutex);
452 return (rc);
453 }
454
455 if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
456 || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
457 if (( rc = PR_GetError()) >= 0 ) {
458 rc = -1;
459 }
460 mutex_unlock(&inited_mutex);
461 return( rc );
462 }
463
464
465
466 if (local_SSLPLCY_Install() == PR_FAILURE) {
467 mutex_unlock(&inited_mutex);
468 return( -1 );
469 }
470
471 inited = 1;
472 mutex_unlock(&inited_mutex);
473
474 return( 0 );
475
476 }
477
478 /*
479 * Initialize ns/security so it can be used for SSL client authentication.
480 * It is safe to call this more than once.
481 *
482 * If needkeydb == 0, no key database is opened and SSL server authentication
483 * is supported but not client authentication.
484 *
485 * If "certdbpath" is NULL or "", the default cert. db is used (typically
486 * ~/.netscape/cert7.db).
487 *
488 * If "certdbpath" ends with ".db" (case-insensitive compare), then
489 * it is assumed to be a full path to the cert. db file; otherwise,
540 }
541 #endif
542
543 rc = NSS_Init(certdbpath);
544 #ifdef _SOLARIS_SDK
545 /* Error from NSS_Init() more important! */
546 if ((rcenv != 1) && (reset_nss_strict_fork_env(enval) != 0) && (rc == 0)) {
547 ldapssl_free(&enval);
548 mutex_unlock(&inited_mutex);
549 return (-1);
550 }
551 ldapssl_free(&enval);
552 #endif
553 if (rc != 0) {
554 if ((rc = PR_GetError()) >= 0)
555 rc = -1;
556 mutex_unlock(&inited_mutex);
557 return (rc);
558 }
559
560 if (local_SSLPLCY_Install() == PR_FAILURE) {
561 mutex_unlock(&inited_mutex);
562 return( -1 );
563 }
564
565 inited = 1;
566 mutex_unlock(&inited_mutex);
567
568 return( ldapssl_set_strength( NULL, sslstrength));
569
570 }
571
572
573 /*
574 * Initialize ns/security so it can be used for SSL client authentication.
575 * It is safe to call this more than once.
576 */
577
578 /*
579 * XXXceb This is a hack until the new IO functions are done.
580 * this function lives in ldapsinit.c
581 */
582 void set_using_pkcs_functions( int val );
583
665 mutex_unlock(&inited_mutex);
666 return (rc);
667 }
668
669
670 #if 0 /* UNNEEDED BY LIBLDAP */
671 /* this is odd */
672 PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );
673 #endif /* UNNEEDED BY LIBLDAP */
674
675 if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
676 || SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
677 if (( rc = PR_GetError()) >= 0 ) {
678 rc = -1;
679 }
680
681 mutex_unlock(&inited_mutex);
682 return( rc );
683 }
684
685 if (local_SSLPLCY_Install() == PR_FAILURE) {
686 mutex_unlock(&inited_mutex);
687 return( -1 );
688 }
689
690 inited = 1;
691
692 if ( certdbName != NULL ) {
693 ldapssl_free((void **) &certdbName );
694 }
695
696 return( ldapssl_set_strength( NULL, LDAPSSL_AUTH_CNCHECK));
697 }
698
699
700 /*
701 * ldapssl_client_init() is a server-authentication only version of
702 * ldapssl_clientauth_init().
703 */
704 int
705 LDAP_CALL
706 ldapssl_client_init(const char* certdbpath, void *certdbhandle )
707 {
708 return( ldapssl_clientauth_init( certdbpath, certdbhandle,
|