]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_ssl/sslViewer/sslAppUtils.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.40.6.tar.gz
[apple/security.git] / Security / libsecurity_ssl / sslViewer / sslAppUtils.h
1 /*
2 * Copyright (c) 2006-2008,2010-2012,2014 Apple Inc. All Rights Reserved.
3 */
4
5 #ifndef _SSLS_APP_UTILS_H_
6 #define _SSLS_APP_UTILS_H_ 1
7
8 #include <Security/SecureTransport.h>
9 #include <Security/SecureTransportPriv.h>
10 #include <CoreFoundation/CFArray.h>
11 #include <stdbool.h>
12 #include <Security/SecCertificate.h>
13
14 #include <TargetConditionals.h>
15
16 #if TARGET_OS_IPHONE
17 typedef void *SecKeychainRef;
18 #endif
19
20 #ifdef __cplusplus
21 extern "C" {
22 #endif
23
24 const char *sslGetCipherSuiteString(SSLCipherSuite cs);
25 const char *sslGetProtocolVersionString(SSLProtocol prot);
26 const char *sslGetSSLErrString(OSStatus err);
27 void printSslErrStr(const char *op, OSStatus err);
28 const char *sslGetClientCertStateString(SSLClientCertificateState state);
29 const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType);
30
31 CFArrayRef getSslCerts(
32 const char *kcName, // may be NULL, i.e., use default
33 bool encryptOnly,
34 bool completeCertChain,
35 const char *anchorFile, // optional trusted anchor
36 SecKeychainRef *pKcRef); // RETURNED
37 OSStatus sslCompleteCertChain(
38 SecIdentityRef identity,
39 SecCertificateRef trustedAnchor, // optional additional trusted anchor
40 bool includeRoot, // include the root in outArray
41 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
42 CFArrayRef *outArray); // created and RETURNED
43 CFArrayRef sslKcRefToCertArray(
44 SecKeychainRef kcRef,
45 bool encryptOnly,
46 bool completeCertChain,
47 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL policy to complete
48 const char *trustedAnchorFile);
49
50 OSStatus addTrustedSecCert(
51 SSLContextRef ctx,
52 SecCertificateRef secCert,
53 bool replaceAnchors);
54 OSStatus sslReadAnchor(
55 const char *anchorFile,
56 SecCertificateRef *certRef);
57 OSStatus sslAddTrustedRoot(
58 SSLContextRef ctx,
59 const char *anchorFile,
60 bool replaceAnchors);
61
62 /*
63 * Assume incoming identity contains a root (e.g., created by
64 * certtool) and add that cert to ST's trusted anchors. This
65 * enables ST's verify of the incoming chain to succeed without
66 * a kludgy "AllowAnyRoot" specification.
67 */
68 OSStatus addIdentityAsTrustedRoot(
69 SSLContextRef ctx,
70 CFArrayRef identArray);
71
72 OSStatus sslAddTrustedRoots(
73 SSLContextRef ctx,
74 SecKeychainRef keychain,
75 bool *foundOne);
76
77 void sslOutputDot();
78
79 /*
80 * Lists of SSLCipherSuites used in sslSetCipherRestrictions.
81 */
82 extern const SSLCipherSuite suites40[];
83 extern const SSLCipherSuite suitesDES[];
84 extern const SSLCipherSuite suitesDES40[];
85 extern const SSLCipherSuite suites3DES[];
86 extern const SSLCipherSuite suitesRC4[];
87 extern const SSLCipherSuite suitesRC4_40[];
88 extern const SSLCipherSuite suitesRC2[];
89 extern const SSLCipherSuite suitesAES128[];
90 extern const SSLCipherSuite suitesAES256[];
91 extern const SSLCipherSuite suitesDH[];
92 extern const SSLCipherSuite suitesDHAnon[];
93 extern const SSLCipherSuite suitesDH_RSA[];
94 extern const SSLCipherSuite suitesDH_DSS[];
95 extern const SSLCipherSuite suites_SHA1[];
96 extern const SSLCipherSuite suites_MD5[];
97 extern const SSLCipherSuite suites_ECDHE[];
98 extern const SSLCipherSuite suites_ECDH[];
99
100 /*
101 * Given an SSLContextRef and an array of SSLCipherSuites, terminated by
102 * SSL_NO_SUCH_CIPHERSUITE, select those SSLCipherSuites which the library
103 * supports and do a SSLSetEnabledCiphers() specifying those.
104 */
105 OSStatus sslSetEnabledCiphers(
106 SSLContextRef ctx,
107 const SSLCipherSuite *ciphers);
108
109 /*
110 * Specify restricted sets of cipherspecs and protocols.
111 */
112 OSStatus sslSetCipherRestrictions(
113 SSLContextRef ctx,
114 char cipherRestrict);
115
116 #ifndef SPHINX
117 OSStatus sslSetProtocols(
118 SSLContextRef ctx,
119 const char *acceptedProts,
120 SSLProtocol tryVersion); // only used if acceptedProts NULL
121 #endif
122
123 int sslVerifyRtn(
124 const char *whichSide, // "client" or "server"
125 OSStatus expectRtn,
126 OSStatus gotRtn);
127 int sslVerifyProtVers(
128 const char *whichSide, // "client" or "server"
129 SSLProtocol expectProt,
130 SSLProtocol gotProt);
131 int sslVerifyClientCertState(
132 const char *whichSide, // "client" or "server"
133 SSLClientCertificateState expectState,
134 SSLClientCertificateState gotState);
135 int sslVerifyCipher(
136 const char *whichSide, // "client" or "server"
137 SSLCipherSuite expectCipher,
138 SSLCipherSuite gotCipher);
139
140
141 /*
142 * Wrapper for sslIdentPicker, with optional trusted anchor specified as a filename.
143 */
144 OSStatus sslIdentityPicker(
145 SecKeychainRef kcRef, // NULL means use default list
146 const char *trustedAnchor, // optional additional trusted anchor
147 bool includeRoot, // true --> root is appended to outArray
148 // false --> root not included
149 // const CSSM_OID *vfyPolicy, // optional - if NULL, use SSL
150 CFArrayRef *outArray); // created and RETURNED
151
152 void sslKeychainPath(
153 const char *kcName,
154 char *kcPath); // allocd by caller, MAXPATHLEN
155
156 /* Verify presence of required file. Returns nonzero if not found. */
157 int sslCheckFile(const char *path);
158
159 /* Stringify a SSL_ECDSA_NamedCurve */
160 extern const char *sslCurveString(
161 SSL_ECDSA_NamedCurve namedCurve);
162
163 #ifdef __cplusplus
164 }
165 #endif
166
167 #endif /* _SSLS_APP_UTILS_H_ */
mirror of Security