|
Hi all,
I have been working on a
application in which I need to create a raw socket and then upgrade it to
SSL. I am using nsiSocketTransport (i.e. the socket is created via
nsiSocketTransportService's createTransport method). For upgrading the socket
and forcing a handshake, I am using the following code. Though the code doesn't
throw any errors, the handshake doesn't happen. Any ideas what could be the
problem?
NS_IMETHODIMP upgradeToSSL(nsISocketTransport *a,
const char *url)
{ /* defaults for command line arguments */ char *certdir=NULL; double currAllowedPeriod = 0; int isCurrCertValid = 0; char netdbbuf[PR_NETDB_BUF_SIZE]; PRHostEnt hp; PRStatus r; PRNetAddr na; SECStatus rv; SECStatus whichCiphers; int portnum=443; /* default https: port */ PRFileDesc *s,*fd; CERTCertDBHandle *handle;
CERTCertificate *c; /* allow you to set env var SSLDIR to set
the cert directory */
if (! certdir) certdir = SECU_DefaultSSLDir(); if (!certdir)
{
rv = NSS_NoDB_Init(NULL); } else { return -1; } if (NS_FAILED(a->GetFileDescriptor(&fd))) return -1; rv = SSL_ResetHandshake(fd,
PR_TRUE);
if (rv!=SECSuccess) { PR_Close(s); return rv; } s = SSL_ImportFD(NULL,fd);
if (s == NULL) { return -1; } rv = SSL_SetURL(s, url);
if (rv < 0) { return -1; } rv=SSL_SetPKCS11PinArg(s, NULL);
if (rv < 0) { return -1; } rv = SSL_OptionSet(s, SSL_SECURITY, PR_TRUE); if (rv < 0) { return -1; } SSL_ClearSessionCache(); whichCiphers =
NSS_SetDomesticPolicy();
if (whichCiphers != SECSuccess) { } SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE); rv = SSL_OptionSet(s,
SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
if (rv < 0) { return -1; } SSL_AuthCertificateHook(s, NULL,
NULL);
if (SSL_ForceHandshake(s)!=0) { PR_Close(s); if (NSS_Shutdown() != SECSuccess)
{
} return rv; } return NS_OK; }
Regards,
Umesh. |
