SSL and related APIs allow compliant applications to configure sockets for authenticated, tamper-proof, and encrypted communications. This chapter introduces some of the basic SSL functions. Chapter 2, "Getting Started With SSL" illustrates their use in sample client and server applications.

Initialization

Initializing Caches

Configuration

Communication

Functions Used by Callbacks

Cleanup

This chapter describes how to set up your environment, including certificate and key databases, to run the NSS sample code. The sample code and makefiles are located in the samples directory.

SSL, PKCS #11, and the Default Security Databases

Setting Up the Certificate and Key Databases

Setting Up the CA and Server Certificates

Creating the Databases and Generating the Keys

Creating the CA Certificate and Adding It to the Database

Creating the Server Certificate and Adding It to the Database

Setting Up the Client Certificate

Creating the Databases and Generating the Keys

Creating the Client Certificate and Adding It to the Database

Adding the CA Certificate to the Database

Verifying the Server and Client Certificates

Building NSS Programs

This chapter describes some of the most important types and structures used with the functions described in the rest of this document, and how to manage the memory used for them. Additional types are described with the functions that use them or in the header files.

Types and Structures

CERTCertDBHandle

CERTCertificate

PK11SlotInfo

SECItem

SECKEYPrivateKey

SECStatus

Managing SECItem Memory

SECItem_FreeItem

SECItem_ZfreeItem

This chapter describes the core SSL functions.

SSL Initialization Functions

NSS_Init

SSL_EnableDefault

SSL_EnableCipher

SSL_ClearSessionCache

SSL_ConfigServerSessionIDCache

Initializing Multi-Processing with a Shared SSL Server Cache

SSL_ConfigMPServerSIDCache

SSL_InheritMPServerSIDCache

SSL Export Policy Functions

NSS_SetDomesticPolicy

NSS_SetExportPolicy

NSS_SetFrancePolicy

SSL_SetPolicy

SSL Configuration Functions

SSL Configuration

SSL_ImportFD

SSL_Enable

SSL_ConfigSecureServer

SSL_SetURL

SSL_SetPKCS11PinArg

Callback Configuration

SSL_AuthCertificateHook

SSL_AuthCertificate

SSL_BadCertHook

SSL_GetClientAuthDataHook

NSS_GetClientAuthData

SSL_HandshakeCallback

SSL Communication Functions

SSL_InvalidateSession

SSL_DataPending

SSL_SecurityStatus

SSL_GetSessionID

SSL_SetSockPeerID

SSL Functions Used by Callbacks

SSL_PeerCertificate

SSL_RevealURL

SSL_RevealPinArg

SSL Handshake Functions

SSL_ForceHandshake

SSL_RedoHandshake

SSL_ResetHandshake

NSS Shutdown Function

NSS_Shutdown

This chapter describes the functions and related types used to work with a certificate database such as the cert7.db database provided with Communicator.

Validating Certificates

CERT_VerifyCertNow

CERT_VerifyCertName

CERT_CheckCertValidTimes

NSS_CmpCertChainWCANames

Manipulating Certificates

CERT_DupCertificate

CERT_DestroyCertificate

Getting Certificate Information

CERT_FindCertByName

CERT_GetCertNicknames

CERT_FreeNicknames

CERT_GetDefaultCertDB

NSS_FindCertKEAType

Comparing SecItem Objects

SECITEM_CompareItem

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with Communicator.

SECKEY_GetDefaultKeyDB

SECKEY_DestroyPrivateKey

This chapter describes the core PKCS #11 functions that an application needs for communicating with cryptographic modules. In particular, these functions are used for obtaining certificates, keys, and passwords.

PK11_FindCertFromNickname

PK11_FindKeyByAnyCert

PK11_GetSlotName

PK11_GetTokenName

PK11_IsHW

PK11_IsPresent

PK11_IsReadOnly

PK11_SetPasswordFunc

NSS error codes are retrieved using the NSPR function PR_GetError. In addition to the error codes defined by NSPR, PR_GetError retrieves the error codes described in this chapter.

SSL Error Codes

SEC Error Codes