Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

nsServerSocket ssl suport

1 view
Skip to first unread message

bam...@acepoint.cz

unread,
Mar 16, 2005, 6:23:17 AM3/16/05
to
Hi,

I'd like to ask if there is some possibility to use nsServerSocket as
an ssl connection accepting server or if there is some other support
for ssl server in necko.

I found $\mozilla\security\nss\cmd\SSLsample\server.c sample but
transform it to nsIServerSocket implmentation seems to be very
dificault maybe impossible. I have been tring to write this
implementation in this way:

in moment I get an ssl socket in handle_connection() function (result
of setupSSLSocket() function call) I apply to it a piece of code from
existing nsServerSocket impl:

nsRefPtr<nsSocketTransport> trans = new nsSocketTransport;
if (!trans)
{
mCondition = NS_ERROR_OUT_OF_MEMORY;
goto cleanup;
}

nsresult rv = trans->InitWithConnectedSocket(clientFD, &clientAddr);
if (NS_FAILED(rv))
{
mCondition = rv;
goto cleanup;
}


and then pass "trans" as an argument to OnSocketAccepted callback. This
is not absolutly tested and I'm not sure this the right way. What more
my condition it to use only mozilla SDK - so I have no access to
nsSocketTransport.

So is there any other way or suggestion?

Thank you very much.

-hb-

Darin Fisher

unread,
Mar 16, 2005, 11:59:35 AM3/16/05
to
bam...@acepoint.cz wrote:

>_______________________________________________
>Mozilla-netlib mailing list
>Mozilla...@mozilla.org
>http://mail.mozilla.org/listinfo/mozilla-netlib
>
>

See https://bugzilla.mozilla.org/show_bug.cgi?id=242448

I did a review of the necko portions of the patch last year, but it
seems that dougt hasn't had the time to revise the patch. If you are
compelled to get involved, I'd start with his patch and drop him a note
to get his advice on where to go from here.

-Darin

bam...@acepoint.cz

unread,
Mar 28, 2005, 10:01:08 AM3/28/05
to
Thanks for your tip. I have read the bug notes and applied the patches.
Now I succesfully run the ssl server. But I am not much expirienced in
ssl technologies and not much familliar with pk11 modules and
interface.

So there is one problem. When I call function PK11_FindKeyByAnyCert
there is need to specify the password protecting the server's
certificate private key in the database because I am not logged in to
the database yet.

I implemented my own nsIPrompt and overloaded its PromptPassword
method. In this method the password is loaded from preference service.
Instance of my nsIPrompt is given to the function PK11_FindKeyByAnyCert
call as the second parameter.

This is total hack and absolutely inappropiate way of password
management.

So I'd like to ask you what is the right way to pass the password to
the function or how to login to the database previewsly.

Thank you very much.

Christian Biesinger

unread,
Mar 28, 2005, 7:16:19 PM3/28/05
to
bam...@acepoint.cz wrote:
> So there is one problem. When I call function PK11_FindKeyByAnyCert
> there is need to specify the password protecting the server's
> certificate private key in the database because I am not logged in to
> the database yet.

It may be better to ask that in npm.crypto...

ComptonNadia30

unread,
Apr 2, 2011, 3:18:52 AM4/2/11
to
freelance writer


0 new messages