MDN’s new design is in Beta! A sneak peek: https://blog.mozilla.org/opendesign/mdns-new-design-beta/

OLD SSL Reference

OLD SSL Reference

  • We are migrating this SSL Reference into the format described in the MDN Style Guide. If you are inclined to help with this migration, your help would be very much appreciated.

SSL Reference

Newsgroup: mozilla.dev.tech.crypto
Writer: Sean Cotter
Manager: Wan-Teh Chang

Chapter 1  Overview of an SSL Application

SSL and related APIs allow compliant applications to configure sockets for authenticated, tamper-proof, and encrypted communications. This chapter introduces some of the basic SSL functions. Chapter 2, "Getting Started With SSL" illustrates their use in sample client and server applications.
Initialization
Initializing Caches
Configuration
Communication
Functions Used by Callbacks
Cleanup

Chapter 2  Getting Started With SSL

This chapter describes how to set up your environment, including certificate and key databases, to run the NSS sample code. The sample code and makefiles are available via LXR in the SSLSamples directory.
 
SSL, PKCS #11, and the Default Security Databases
Setting Up the Certificate and Key Databases
Setting Up the CA DB and Certificate
Setting Up the Server DB and Certificate
Setting Up the Client DB and Certificate
Verifying the Server and Client Certificates
Building NSS Programs

Chapter 3  Selected SSL Types and Structures

This chapter describes some of the most important types and structures used with the functions described in the rest of this document, and how to manage the memory used for them. Additional types are described with the functions that use them or in the header files.
 
Types and Structures
CERTCertDBHandle
CERTCertificate
PK11SlotInfo
SECItem
SECKEYPrivateKey
SECStatus
Managing SECItem Memory
SECItem_FreeItem
SECItem_ZfreeItem

Chapter 4  SSL Functions

This chapter describes the core SSL functions.
 
SSL Initialization Functions
NSS_Init
NSS_InitReadWrite
NSS_NoDB_Init
SSL_OptionSetDefault
SSL_OptionGetDefault
SSL_CipherPrefSetDefault
SSL_CipherPrefGetDefault
SSL_ClearSessionCache
SSL_ConfigServerSessionIDCache
 
Initializing Multi-Processing with a Shared SSL Server Cache
SSL_ConfigMPServerSIDCache
SSL_InheritMPServerSIDCache
 
SSL Export Policy Functions
NSS_SetDomesticPolicy
NSS_SetExportPolicy
NSS_SetFrancePolicy
SSL_CipherPolicySet
SSL_CipherPolicyGet
 
SSL Configuration Functions
SSL Configuration
SSL_ImportFD
SSL_OptionSet
SSL_OptionGet
SSL_CipherPrefSet
SSL_CipherPrefGet
SSL_ConfigSecureServer
SSL_SetURL
SSL_SetPKCS11PinArg
 
Callback Configuration
SSL_AuthCertificateHook
SSL_AuthCertificate
SSL_BadCertHook
SSL_GetClientAuthDataHook
NSS_GetClientAuthData
SSL_HandshakeCallback
 
SSL Communication Functions
SSL_InvalidateSession
SSL_DataPending
SSL_SecurityStatus
SSL_GetSessionID
SSL_SetSockPeerID
 
SSL Functions Used by Callbacks
SSL_PeerCertificate
SSL_RevealURL
SSL_RevealPinArg
 
SSL Handshake Functions
SSL_ForceHandshake
SSL_ReHandshake
SSL_ResetHandshake
 
NSS Shutdown Function
NSS_Shutdown
 
Deprecated Functions
SSL_EnableDefault
SSL_Enable
SSL_EnableCipher
SSL_SetPolicy
SSL_RedoHandshake

Chapter 5  Certificate Functions

This chapter describes the functions and related types used to work with a certificate database such as the cert7.db database provided with Communicator.
 
Validating Certificates
CERT_VerifyCertNow
CERT_VerifyCertName
CERT_CheckCertValidTimes
NSS_CmpCertChainWCANames
 
Manipulating Certificates
CERT_DupCertificate
CERT_DestroyCertificate
 
Getting Certificate Information
CERT_FindCertByName
CERT_GetCertNicknames
CERT_FreeNicknames
CERT_GetDefaultCertDB
NSS_FindCertKEAType
 
Comparing SecItem Objects
SECITEM_CompareItem

Chapter 6  Key Functions

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with Communicator.
 
SECKEY_GetDefaultKeyDB
SECKEY_DestroyPrivateKey

Chapter 7  PKCS #11 Functions

This chapter describes the core PKCS #11 functions that an application needs for communicating with cryptographic modules. In particular, these functions are used for obtaining certificates, keys, and passwords.
 
PK11_FindCertFromNickname
PK11_FindKeyByAnyCert
PK11_GetSlotName
PK11_GetTokenName
PK11_IsHW
PK11_IsPresent
PK11_IsReadOnly
PK11_SetPasswordFunc

Chapter 8  NSS and SSL Error Codes

NSS error codes are retrieved using the NSPR function PR_GetError. In addition to the error codes defined by NSPR, PR_GetError retrieves the error codes described in this chapter.
 
SSL Error Codes
SEC Error Codes

Document Tags and Contributors

Tags: 
 Contributors to this page: Sheppy, kwilson
 Last updated by: Sheppy,