oksirc/main.cpp

#include <iostream>
#include <fox-1.6/fx.h>

// NSPR include files
#include <prerror.h>
#include <prinit.h>

// NSS include files
#include <nss.h>
#include <pk11pub.h>
#include <secmod.h>
#include <ssl.h>
#include <sslproto.h>

// PK11 Password Function typedef
typedef char *(*PK11PasswordFunc)(
     PK11SlotInfo *slot,
     PRBool retry,
     void *arg);


int main(int argc, char* argv[]) {
   // NSPR Init
   PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
   NSSInitContext *const nssContext =
        NSS_InitContext("sql:/etc/pki/nssdb", "", "", "", NULL, NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);

   if(nssContext == NULL) {
      const PRErrorCode err = PR_GetError();
      fprintf(stderr, "NSSInitContext failed: Error code %d: %s\n", err, PR_ErrorToName(err));
      exit(1);
   }

   // Ciphers to enable
   static const PRUint16 goodCiphers[] = {
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        SSL_NULL_WITH_NULL_NULL // Sentinel value
   };

   PRBool foundGoodCipher = PR_FALSE;
   for(const PRUint16 *p = goodCiphers; *p != SSL_NULL_WITH_NULL_NULL; ++p) {
      PRInt32 policy;
      if(SSL_CipherPolicyGet(*p, &policy) != SECSuccess) {
         const PRErrorCode err = PR_GetError();
         fprintf(stderr, "Error: Policy for cipher %u: error %d: %s\n",
                 (unsigned)*p, err, PR_ErrorToName(err));
         exit(1);
      }
      if(policy == SSL_ALLOWED) {
         // Policy allowed this cipher choice
         fprintf(stderr, "Info: found cipher %x\n", (unsigned) *p);
         foundGoodCipher = PR_TRUE;
         break;
      }
   }

   if(!foundGoodCipher) {
      if(NSS_SetDomesticPolicy() != SECSuccess) {
         const PRErrorCode err = PR_GetError();
         fprintf(stderr, "Error: NSS_SetDomesticPolicy: error %d: %s\n",
                 err, PR_ErrorToName(err));
         exit(1);
      }
   }

   // Initialize trusted certificate store
   char module_name[] = "library=libnssckbi.so name=\"Root Certs\"";
   SECMODModule *builtInRootsMod = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);
   if(builtInRootsMod == NULL || !builtInRootsMod->loaded) {
      const PRErrorCode err = PR_GetError();
      fprintf(stderr, "Error: Loading built in roots module failed code %d: %s\n",
           err, PR_ErrorToName(err));
      exit(1);
   }

   FXApp app("Hello", "FoxTest");
   app.init(argc, argv);

   FXMainWindow *mainWindow = new FXMainWindow(&app, "Hello", NULL, NULL, DECOR_ALL);
   new FXButton(mainWindow, "&Hello World!", NULL, &app, FXApp::ID_QUIT);
   app.create();
   mainWindow->show(PLACEMENT_SCREEN);
   int foxRetCode = app.run();

   SECMOD_DestroyModule(builtInRootsMod);
   NSS_ShutdownContext(nssContext);

   return app.run();
}
Initial checkin of my attempt at TLS with NSS, may become IRC client 2017-07-06 14:46:18 -07:00			`#include <iostream>`
			`#include <fox-1.6/fx.h>`

			`// NSPR include files`
			`#include <prerror.h>`
			`#include <prinit.h>`

			`// NSS include files`
			`#include <nss.h>`
			`#include <pk11pub.h>`
			`#include <secmod.h>`
			`#include <ssl.h>`
			`#include <sslproto.h>`

			`// PK11 Password Function typedef`
			`typedef char (PK11PasswordFunc)(`
			`PK11SlotInfo *slot,`
			`PRBool retry,`
			`void *arg);`


			`int main(int argc, char* argv[]) {`
			`// NSPR Init`
			`PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);`
			`NSSInitContext *const nssContext =`
			`NSS_InitContext("sql:/etc/pki/nssdb", "", "", "", NULL, NSS_INIT_READONLY \| NSS_INIT_PK11RELOAD);`

			`if(nssContext == NULL) {`
			`const PRErrorCode err = PR_GetError();`
			`fprintf(stderr, "NSSInitContext failed: Error code %d: %s\n", err, PR_ErrorToName(err));`
			`exit(1);`
			`}`

			`// Ciphers to enable`
			`static const PRUint16 goodCiphers[] = {`
			`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
			`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
			`SSL_NULL_WITH_NULL_NULL // Sentinel value`
			`};`

			`PRBool foundGoodCipher = PR_FALSE;`
			`for(const PRUint16 p = goodCiphers; p != SSL_NULL_WITH_NULL_NULL; ++p) {`
			`PRInt32 policy;`
			`if(SSL_CipherPolicyGet(*p, &policy) != SECSuccess) {`
			`const PRErrorCode err = PR_GetError();`
			`fprintf(stderr, "Error: Policy for cipher %u: error %d: %s\n",`
			`(unsigned)*p, err, PR_ErrorToName(err));`
			`exit(1);`
			`}`
			`if(policy == SSL_ALLOWED) {`
			`// Policy allowed this cipher choice`
			`fprintf(stderr, "Info: found cipher %x\n", (unsigned) *p);`
			`foundGoodCipher = PR_TRUE;`
			`break;`
			`}`
			`}`

			`if(!foundGoodCipher) {`
			`if(NSS_SetDomesticPolicy() != SECSuccess) {`
			`const PRErrorCode err = PR_GetError();`
			`fprintf(stderr, "Error: NSS_SetDomesticPolicy: error %d: %s\n",`
			`err, PR_ErrorToName(err));`
			`exit(1);`
			`}`
			`}`

			`// Initialize trusted certificate store`
			`char module_name[] = "library=libnssckbi.so name=\"Root Certs\"";`
			`SECMODModule *builtInRootsMod = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);`
			`if(builtInRootsMod == NULL \|\| !builtInRootsMod->loaded) {`
			`const PRErrorCode err = PR_GetError();`
			`fprintf(stderr, "Error: Loading built in roots module failed code %d: %s\n",`
			`err, PR_ErrorToName(err));`
			`exit(1);`
			`}`

			`FXApp app("Hello", "FoxTest");`
			`app.init(argc, argv);`

			`FXMainWindow *mainWindow = new FXMainWindow(&app, "Hello", NULL, NULL, DECOR_ALL);`
			`new FXButton(mainWindow, "&Hello World!", NULL, &app, FXApp::ID_QUIT);`
			`app.create();`
			`mainWindow->show(PLACEMENT_SCREEN);`
			`int foxRetCode = app.run();`

			`SECMOD_DestroyModule(builtInRootsMod);`
			`NSS_ShutdownContext(nssContext);`

			`return app.run();`
			`}`