Hello,
We are trying to use NSS to validate various SSL parameters of a server,
such as ciphers supported, certificate expiry, domain name check and so on.
We are using SSL_ForceHandshake function which is failing, by giving
error SSL_ERROR_SSL_DISABLED(Error code: -12268) on an SSL site. We are
using following steps to handle SSL operation.
1. SSL initialization using a call to NSS_NoDB_Init(Null). We have to
use NoDB_Init because we don't have a certificate DB.
2. Create a TCP socket, say
fd = PR_NewTCPSocket();
3. Make it an SSL socket
s = SSL_ImportFD(NULL,fd);
4. Use SSL_OptionSet for SSL_Security and SSL_HANDSHAKE_AS_CLIENT
SSL_OptionSet(s, SSL_SECURITY, PR_TRUE);
SSL_OptionSet(s, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
5. Then we clear session cache using SSL_ClearSessionCache()
6. We want to check a list of ciphers to see if they're supported. For
checking one, we set all the cipher preferences to false and then set
the one to be checked to true using
SSL_CipherPrefSet(fd,<cipher>, PR_TRUE);
7. SSL_AuthCertificateHook & SSL_badCertHook is used to bypass the
certificates checks.
8. We connect using PR_Connect. We are getting PR->Success here
9. Then, we try to do an SSLHandshake using
SSL_ForceHandshake(s)
This is where our SSLHandshake is consistently failing, with the return
code -12268, as above.
Any help will be highly appreciated.
Thanks,
Regards,
Rohit
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
