#ifndef _SSLS_APP_UTILS_H_
#define _SSLS_APP_UTILS_H_ 1
#include <Security/SecBase.h>
#include <Security/SecureTransport.h>
#include <Security/SecureTransportPriv.h>
#include <CoreFoundation/CFArray.h>
#include <stdbool.h>
#include <Security/SecCertificate.h>
#ifdef __cplusplus
extern "C" {
#endif
#define JAGUAR_BUILD 0
const char *sslGetCipherSuiteString(SSLCipherSuite cs);
const char *sslGetProtocolVersionString(SSLProtocol prot);
const char *sslGetSSLErrString(OSStatus err);
void printSslErrStr(const char *op, OSStatus err);
const char *sslGetClientCertStateString(SSLClientCertificateState state);
const char *sslGetClientAuthTypeString(SSLClientAuthenticationType authType);
CFArrayRef getSslCerts(
const char *kcName, bool encryptOnly,
bool completeCertChain,
const char *anchorFile, SecKeychainRef *pKcRef); OSStatus sslCompleteCertChain(
SecIdentityRef identity,
SecCertificateRef trustedAnchor, bool includeRoot, CFArrayRef *outArray); CFArrayRef sslKcRefToCertArray(
SecKeychainRef kcRef,
bool encryptOnly,
bool completeCertChain,
const char *trustedAnchorFile);
OSStatus addTrustedSecCert(
SSLContextRef ctx,
SecCertificateRef secCert,
bool replaceAnchors);
OSStatus sslReadAnchor(
const char *anchorFile,
SecCertificateRef *certRef);
OSStatus sslAddTrustedRoot(
SSLContextRef ctx,
const char *anchorFile,
bool replaceAnchors);
OSStatus addIdentityAsTrustedRoot(
SSLContextRef ctx,
CFArrayRef identArray);
OSStatus sslAddTrustedRoots(
SSLContextRef ctx,
SecKeychainRef keychain,
bool *foundOne);
void sslOutputDot(void);
extern const SSLCipherSuite suites40[];
extern const SSLCipherSuite suitesDES[];
extern const SSLCipherSuite suitesDES40[];
extern const SSLCipherSuite suites3DES[];
extern const SSLCipherSuite suitesRC4[];
extern const SSLCipherSuite suitesRC4_40[];
extern const SSLCipherSuite suitesRC2[];
extern const SSLCipherSuite suitesAES128[];
extern const SSLCipherSuite suitesAES256[];
extern const SSLCipherSuite suitesDH[];
extern const SSLCipherSuite suitesDHAnon[];
extern const SSLCipherSuite suitesDH_RSA[];
extern const SSLCipherSuite suitesDH_DSS[];
extern const SSLCipherSuite suites_SHA1[];
extern const SSLCipherSuite suites_MD5[];
extern const SSLCipherSuite suites_ECDHE[];
extern const SSLCipherSuite suites_ECDH[];
OSStatus sslSetEnabledCiphers(
SSLContextRef ctx,
const SSLCipherSuite *ciphers);
OSStatus sslSetCipherRestrictions(
SSLContextRef ctx,
char cipherRestrict);
#ifndef SPHINX
OSStatus sslSetProtocols(
SSLContextRef ctx,
const char *acceptedProts,
SSLProtocol tryVersion); #endif
int sslVerifyRtn(
const char *whichSide, OSStatus expectRtn,
OSStatus gotRtn);
int sslVerifyProtVers(
const char *whichSide, SSLProtocol expectProt,
SSLProtocol gotProt);
int sslVerifyClientCertState(
const char *whichSide, SSLClientCertificateState expectState,
SSLClientCertificateState gotState);
int sslVerifyCipher(
const char *whichSide, SSLCipherSuite expectCipher,
SSLCipherSuite gotCipher);
OSStatus sslIdentityPicker(
SecKeychainRef kcRef, const char *trustedAnchor, bool includeRoot, CFArrayRef *outArray);
void sslKeychainPath(
const char *kcName,
char *kcPath);
int sslCheckFile(const char *path);
extern const char *sslCurveString(
SSL_ECDSA_NamedCurve namedCurve);
SecKeyRef create_private_key_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len);
CFArrayRef chain_from_der(bool ecdsa, const unsigned char *pkey_der, size_t pkey_der_len, const unsigned char *cert_der, size_t cert_der_len);
#ifdef __cplusplus
}
#endif
#endif