Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 355244 merging Sun and Mozilla libssldap

Browse Source 
git-svn-id: svn://10.0.0.236/trunk@213412 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
anton.bobrov%sun.com 2006-10-10 13:37:35 +00:00
parent 08e06bce3e
commit 1e79648fe9
8 changed files with 343 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
mozilla/directory/c-sdk/ldap/clients/tools/common.c
View File

@ -1005,25 +1005,29 @@ ldaptool_ldap_init( int second_host )
{/* startTLS if -ZZ or -ZZZ option is used */
if (( ld = prldap_init( host, port, 0 )) == NULL) {
perror("prldap_init failed");
exit( LDAP_LOCAL_ERROR );
}
perror("prldap_init failed");
exit( LDAP_LOCAL_ERROR );
}
if ( ssl_certname != NULL ) {
if (ldapssl_enable_clientauth( ld, ssl_keydbpath, ssl_passwd,
ssl_certname ) != 0 ) {
exit ( ldaptool_print_lderror( ld, "ldapssl_enable_clientauth",
LDAPTOOL_CHECK4SSL_ALWAYS ));
}
}
/* Call to startTLS over the current clear-text connection */
if ( ( rc = ldap_start_tls_s( ld, NULL, NULL ) ) != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_start_tls_s failed: (%s)\n",ldap_err2string(rc));
if( isZZZ ) {
ldap_unbind( ld );
exit( rc );
}
}
/* Provide client authentication if -N option is used */
if ( ssl_certname != NULL ) {
if (ldapssl_enable_clientauth( ld, ssl_keydbpath, ssl_passwd,
ssl_certname ) != 0 ) {
exit ( ldaptool_print_lderror( ld, "ldapssl_enable_clientauth",
LDAPTOOL_CHECK4SSL_ALWAYS ));
}
}
/* Call to startTLS over the current clear-text connection */
if ( ( rc = ldap_start_tls_s( ld, NULL, NULL ) ) != LDAP_SUCCESS ) {
fprintf( stderr, "ldap_start_tls_s failed: (%s)\n",
ldap_err2string(rc));
if( isZZZ ) {
ldap_unbind( ld );
exit( rc );
}
}
} /* End startTLS case */
else {
/* In order to support IPv6, we use NSPR I/O */

14
mozilla/directory/c-sdk/ldap/include/ldap_ssl.h
View File

@ -234,6 +234,20 @@ int LDAP_CALL ldapssl_set_strength( LDAP *ld, int sslstrength );
int LDAP_CALL ldapssl_set_option( LDAP *ld, int option, int on );
int LDAP_CALL ldapssl_get_option( LDAP *ld, int option, int *onp );
/*
* Import the file descriptor corresponding to the socket of an already
* open LDAP connection into SSL, and update the socket and session
* information accordingly. Returns 0 if all goes well.
*/
int LDAP_CALL ldapssl_import_fd ( LDAP *ld, int secure );
/*
* Reset an LDAP session from SSL to a non-secure status. Basically,
* this function undoes the work done by ldapssl_install_routines.
* Returns 0 if all goes well.
*/
int LDAP_CALL ldapssl_reset_to_nonsecure ( LDAP *ld );
#ifdef __cplusplus
}
#endif

2
mozilla/directory/c-sdk/ldap/libraries/libldap_ssl.ex
View File

@ -48,6 +48,8 @@
462 ldapssl_get_option
463 ldap_start_tls_s
464 ldapssl_shutdown
465 ldapssl_import_fd
466 ldapssl_reset_to_nonsecure
# the last Windows ordinal number that has been reserved for SSL is 469.
# Windows ordinals 1100-1150 are reserved for privately/non-published

6
mozilla/directory/c-sdk/ldap/libraries/libssldap/clientinit.c
View File

@ -389,7 +389,8 @@ ldapssl_clientauth_init( const char *certdbpath, void *certdbhandle,
}
if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
|| SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
|| SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)
|| SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE)) {
if (( rc = PR_GetError()) >= 0 ) {
rc = -1;
}
@ -527,7 +528,8 @@ ldapssl_pkcs_init( const struct ldapssl_pkcs_fns *pfns )
PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );
if (SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_FALSE)
|| SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)) {
|| SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE)
|| SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE)) {
if (( rc = PR_GetError()) >= 0 ) {
rc = -1;
}

2
mozilla/directory/c-sdk/ldap/libraries/libssldap/errormap.c
View File

@ -148,7 +148,7 @@ SECU_Strerror(PRErrorCode errNum) {
* binary search depends on it.
*/
if (!initDone) {
PRErrorCode lastNum = 0x80000000;
PRErrorCode lastNum = ((PRInt32)0x80000000);
for (i = low; i <= high; ++i) {
num = errStrings[i].errNum;
if (num <= lastNum) {

382
mozilla/directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c
View File

@ -502,7 +502,7 @@ ldaptls_complete(LDAP *ld)
LDAPSSLSocketInfo *ssoip = NULL;
LDAPSSLSessionInfo *sseip = NULL;
PRFileDesc *sslfd = NULL;
int intfd = -1;
LBER_SOCKET intfd = -1;
int rc = LDAP_LOCAL_ERROR;
char *hostlist = NULL;
struct lextiof_socket_private *socketargp = NULL;
@ -511,25 +511,25 @@ ldaptls_complete(LDAP *ld)
* Get hostlist from LDAP Handle
*/
if ( ldap_get_option(ld, LDAP_OPT_HOST_NAME, &hostlist) < 0 ) {
rc = ldap_get_lderrno( ld, NULL, NULL );
goto close_socket_and_exit_with_error;
rc = ldap_get_lderrno( ld, NULL, NULL );
goto close_socket_and_exit_with_error;
}
/*
* Get File Desc from current connection
*/
if ( ldap_get_option(ld, LDAP_OPT_DESC, &intfd) < 0 ) {
rc = ldap_get_lderrno( ld, NULL, NULL );
goto close_socket_and_exit_with_error;
rc = ldap_get_lderrno( ld, NULL, NULL );
goto close_socket_and_exit_with_error;
}
/*
* Get Socket Arg Pointer
*/
/*
* Get Socket Arg Pointer
*/
if ( ldap_get_option(ld, LDAP_X_OPT_SOCKETARG, &socketargp) < 0 ) {
rc = ldap_get_lderrno( ld, NULL, NULL );
goto close_socket_and_exit_with_error;
rc = ldap_get_lderrno( ld, NULL, NULL );
goto close_socket_and_exit_with_error;
}
@ -540,7 +540,7 @@ ldaptls_complete(LDAP *ld)
memset( &sei, 0, sizeof(sei));
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
if (LDAP_SUCCESS != (rc = prldap_get_session_info(ld, NULL, &sei))) {
goto close_socket_and_exit_with_error;
goto close_socket_and_exit_with_error;
}
sseip = (LDAPSSLSessionInfo *)sei.seinfo_appdata;
@ -587,7 +587,7 @@ ldaptls_complete(LDAP *ld)
rc = LDAP_LOCAL_ERROR;
goto close_socket_and_exit_with_error;
}
ldap_memfree(hostlist);
ldap_memfree(hostlist);
hostlist = NULL;
/*
@ -681,34 +681,34 @@ ldaptls_setup( LDAP *ld )
return( rc );
}
}
memset( &sei, 0, sizeof(sei));
memset( &sei, 0, sizeof(sei));
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
if ( (rc = prldap_get_session_info( ld, NULL, &sei )) == LDAP_SUCCESS ) {
ssip = (LDAPSSLSessionInfo *)sei.seinfo_appdata;
ssip = (LDAPSSLSessionInfo *)sei.seinfo_appdata;
} else {
return( rc );
}
return( rc );
}
if ( NULL == ssip ) {
if ( (ssip = ldapssl_alloc_sessioninfo()) == NULL ) {
ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL );
return( LDAP_NO_MEMORY );
if ( NULL == ssip ) {
if ( (ssip = ldapssl_alloc_sessioninfo()) == NULL ) {
ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL );
return( LDAP_NO_MEMORY );
}
/*
* Store session info. for later retrieval.
*/
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
sei.seinfo_appdata = (void *)ssip;
if (LDAP_SUCCESS != (rc = prldap_set_session_info( ld, NULL, &sei ))) {
ldapssl_free_session_info( &ssip );
return( rc );
}
}
/*
* Store session info. for later retrieval.
*/
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
sei.seinfo_appdata = (void *)ssip;
if (LDAP_SUCCESS != (rc = prldap_set_session_info( ld, NULL, &sei ))) {
ldapssl_free_session_info( &ssip );
return( rc );
}
}
ssip->lssei_tls_init= PR_TRUE;
ssip->lssei_tls_init= PR_TRUE;
return( LDAP_SUCCESS );
} /* ldaptls_setup()*/
@ -723,8 +723,8 @@ ldap_start_tls_s(LDAP *ld,
LDAPControl **serverctrls,
LDAPControl **clientctrls)
{
int rc = -1;
int version = LDAP_VERSION3;
int rc = -1;
int version = LDAP_VERSION3;
/* Error check on LDAP handle */
if ( ld == NULL ) {
@ -770,79 +770,85 @@ LDAP_CALL
ldapssl_enable_clientauth( LDAP *ld, char *keynickname,
char *keypasswd, char *certnickname )
{
LDAPSSLSessionInfo *ssip;
PRLDAPSessionInfo sei;
int new_session_allocated = 0;
LDAPSSLSessionInfo *ssip;
PRLDAPSessionInfo sei;
int new_session_allocated = 0;
/*
* Check parameters
* allow keypasswd to be NULL in case PK11_SetPasswordFunc()
* already set by the user to their own private pin callback.
* there is no proper way to test if PK11_SetPasswordFunc()
* callback is already set apart from NSS private interfaces
*/
/*
* Check parameters
* allow keypasswd to be NULL in case PK11_SetPasswordFunc()
* already set by the user to their own private pin callback.
* there is no proper way to test if PK11_SetPasswordFunc()
* callback is already set apart from NSS private interfaces
*/
if ( certnickname == NULL ) {
ldap_set_lderrno( ld, LDAP_PARAM_ERROR, NULL,
ldapssl_libldap_compat_strdup(
"A non-NULL certnickname is required" ));
return( -1 );
ldap_set_lderrno( ld, LDAP_PARAM_ERROR, NULL,
ldapssl_libldap_compat_strdup(
"A non-NULL certnickname is required" ));
return( -1 );
}
/*
* get session info. data structure.
* Get session info. data structure.
*/
memset( &sei, 0, sizeof( sei ));
memset( &sei, 0, sizeof(sei));
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
if ( prldap_get_session_info( ld, NULL, &sei ) == LDAP_SUCCESS ) {
ssip = (LDAPSSLSessionInfo *)sei.seinfo_appdata;
ssip = (LDAPSSLSessionInfo *)sei.seinfo_appdata;
} else {
return( -1 );
return( -1 );
}
if ( NULL == ssip ) {
/*
* Allocate our own session information.
*/
if ( NULL == ( ssip = ldapssl_alloc_sessioninfo())) {
ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL );
return( -1 );
}
/*
* Store session info. for later retrieval.
*/
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
sei.seinfo_appdata = (void *)ssip;
if ( prldap_set_session_info( ld, NULL, &sei ) != LDAP_SUCCESS ) {
return( -1 );
}
new_session_allocated = 1;
if ( NULL == ssip ) { /* Failed to get ssl session info pointer */
/*
* Allocate our own session information.
*/
if ( NULL == ( ssip = ldapssl_alloc_sessioninfo())) {
ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL );
return( -1 );
}
/*
* Store session info. for later retrieval.
*/
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
sei.seinfo_appdata = (void *)ssip;
if ( prldap_set_session_info( ld, NULL, &sei ) != LDAP_SUCCESS ) {
return( -1 );
}
new_session_allocated = 1;
}
if ( !(ssip->lssei_ssl_ready) && !new_session_allocated ) {
/* standard SSL setup has not yet done */
ldap_set_lderrno( ld, LDAP_PARAM_ERROR, NULL,
ldapssl_libldap_compat_strdup(
"An SSL-ready LDAP session handle is required" ));
ldapssl_libldap_compat_strdup(
"An SSL-ready LDAP session handle is required" ));
return( -1 );
}
/*
* Update session info. data structure.
*/
ssip->lssei_certnickname = PL_strdup( certnickname );
if ( keypasswd ) {
ssip->lssei_keypasswd = PL_strdup( keypasswd );
} else {
/* set lssei_using_pcks_fns to prevent our own PK11_SetPasswordFunc()
/* set lssei_using_pcks_fns to prevent our own PK11_SetPasswordFunc()
* callback being installed in get_keyandcert() if keypasswd is NULL
* workaround for now til NSS comes up with proper check interface
*/
ssip->lssei_using_pcks_fns = 1;
ssip->lssei_keypasswd = NULL; /* assume pre-authenticated */
}
if ( NULL == ssip->lssei_certnickname ||
( keypasswd && ( NULL == ssip->lssei_keypasswd ) ) ) {
if ( NULL == ssip->lssei_certnickname ||
( keypasswd && ( NULL == ssip->lssei_keypasswd ) ) ) {
ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL );
return( -1 );
}
if ( check_clientauth_nicknames_and_passwd( ld, ssip ) != SECSuccess ) {
/* LDAP errno is set by check_clientauth_nicknames_and_passwd() */
return( -1 );
}
@ -1194,20 +1200,20 @@ get_keyandcert( LDAPSSLSessionInfo *ssip,
CERTCertificate **pRetCert, SECKEYPrivateKey **pRetKey,
char **errmsgp )
{
CERTCertificate *cert;
CERTCertificate *cert;
SECKEYPrivateKey *key;
if (!ssip->lssei_using_pcks_fns && NULL != ssip->lssei_keypasswd) {
if ( !ssip->lssei_using_pcks_fns && (NULL != ssip->lssei_keypasswd) ) {
/*
* XXX: This function should be called only once, and probably
* in one of the ldapssl_.*_init() calls.
*/
PK11_SetPasswordFunc( get_keypassword );
}
if (( cert = CERT_FindUserCertByUsage( CERT_GetDefaultCertDB(), ssip->lssei_certnickname,
certUsageSSLClient, PR_FALSE, (void *)ssip ))
== NULL ) {
if (( cert = CERT_FindUserCertByUsage( CERT_GetDefaultCertDB(),
ssip->lssei_certnickname, certUsageSSLClient,
PR_FALSE, (void *)ssip )) == NULL ) {
if ( errmsgp != NULL ) {
*errmsgp = "unable to find certificate";
}
@ -1329,4 +1335,216 @@ int stubs_o_stuff( void )
return 0;
}
/*
* Import the file descriptor corresponding to the socket of an already
* open LDAP connection into SSL, and update the socket and session
* information accordingly. Returns 0 if all goes well.
*/
int
LDAP_CALL
ldapssl_import_fd ( LDAP *ld, int secure )
{
PRLDAPSessionInfo sei;
PRLDAPSocketInfo soi;
LDAPSSLSocketInfo *ssoip = NULL;
LDAPSSLSessionInfo *sseip;
PRFileDesc *sslfd = NULL;
LBER_SOCKET intfd = -1;
char *hostlist;
struct lextiof_socket_private *socketargp;
/*
* Get hostlist from LDAP Handle
*/
if ( ldap_get_option(ld, LDAP_OPT_HOST_NAME, &hostlist) < 0 ) {
return( -1 );
}
/*
* Get File Desc from current connection
*/
if ( ldap_get_option(ld, LDAP_OPT_DESC, &intfd) < 0 ) {
return( -1 );
}
/*
* Get Socket Arg Pointer
*/
if ( ldap_get_option(ld, LDAP_X_OPT_SOCKETARG, &socketargp) < 0 ) {
return( -1 );
}
/*
* Retrieve session info. so we can store a pointer to our session info.
* in our socket info. later.
*/
memset( &sei, 0, sizeof(sei));
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
if ( prldap_get_session_info( ld, NULL, &sei ) != LDAP_SUCCESS ) {
return( -1 );
}
sseip = (LDAPSSLSessionInfo *)sei.seinfo_appdata;
/*
* Retrieve socket info. so we have the PRFileDesc.
*/
memset( &soi, 0, sizeof(soi));
soi.soinfo_size = PRLDAP_SOCKETINFO_SIZE;
if ( prldap_get_socket_info( intfd, socketargp, &soi ) != LDAP_SUCCESS ) {
return( -1 );
}
/*
* Allocate a structure to hold our socket-specific data.
*/
if ( NULL == ( ssoip = PR_Calloc( 1, sizeof( LDAPSSLSocketInfo )))) {
goto reset_socket_and_exit_with_error;
}
ssoip->soi_sessioninfo = sseip;
/*
* Add SSL layer and let the standard NSPR to LDAP layer and enable SSL.
*/
if (( sslfd = SSL_ImportFD( NULL, soi.soinfo_prfd )) == NULL ) {
goto reset_socket_and_exit_with_error;
}
if ( SSL_OptionSet( sslfd, SSL_SECURITY, secure ) != SECSuccess ||
SSL_OptionSet( sslfd, SSL_ENABLE_TLS, secure ) ||
SSL_OptionSet( sslfd, SSL_HANDSHAKE_AS_CLIENT, secure )
!= SECSuccess || ( secure && SSL_ResetHandshake( sslfd,
PR_FALSE ) != SECSuccess )) {
goto reset_socket_and_exit_with_error;
}
/*
* Set hostname which will be retrieved (depending on ssl strength) when
* using client or server auth.
*/
if ( SSL_SetURL( sslfd, hostlist ) != SECSuccess ) {
goto reset_socket_and_exit_with_error;
}
/*
* Set any SSL options that were modified by a previous call to
* the ldapssl_set_option() function.
*/
if ( set_ssl_options( sslfd, sseip->lssei_ssl_option_value,
sseip->lssei_ssl_option_isset ) < 0 ) {
goto reset_socket_and_exit_with_error;
}
/*
* Let the standard NSPR to LDAP layer know about the new socket and
* our own socket-specific data.
*/
soi.soinfo_prfd = sslfd;
soi.soinfo_appdata = (void *)ssoip;
if ( prldap_set_default_socket_info( ld, &soi ) != LDAP_SUCCESS ) {
goto reset_socket_and_exit_with_error;
}
/*
* Install certificate hook function.
*/
if ( SSL_AuthCertificateHook( soi.soinfo_prfd,
(SSLAuthCertificate)ldapssl_AuthCertificate,
(void *)sseip) != 0 ) {
goto reset_socket_and_exit_with_error;
}
if ( SSL_GetClientAuthDataHook( soi.soinfo_prfd,
get_clientauth_data, sseip->lssei_certnickname ? sseip : NULL )
!= 0 ) {
goto reset_socket_and_exit_with_error;
}
return 0;
reset_socket_and_exit_with_error:
if ( NULL != sslfd ) {
/*
* "Unimport" the socket from SSL, i.e. get rid of the upper layer of
* the file descriptor stack, which represents SSL.
*/
soi.soinfo_prfd = sslfd;
sslfd = PR_PopIOLayer( soi.soinfo_prfd, PR_TOP_IO_LAYER );
sslfd->dtor( sslfd );
}
if ( NULL != ssoip ) {
ldapssl_free_socket_info( &ssoip );
soi.soinfo_appdata = NULL;
}
prldap_set_default_socket_info( ld, &soi );
return( -1 );
}
/*
* Reset an LDAP session from SSL to a non-secure status. Basically,
* this function undoes the work done by ldapssl_install_routines.
* Returns 0 if all goes well.
*/
int
LDAP_CALL
ldapssl_reset_to_nonsecure ( LDAP *ld )
{
PRLDAPSessionInfo sei;
LDAPSSLSessionInfo *sseip;
struct ldap_x_ext_io_fns iofns;
int rc = 0;
/*
* Retrieve session info.
*/
memset( &sei, 0, sizeof(sei));
sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE;
if ( prldap_get_session_info( ld, NULL, &sei ) != LDAP_SUCCESS ) {
return( -1 );
}
sseip = (LDAPSSLSessionInfo *)sei.seinfo_appdata;
if ( sseip != NULL ) {
/*
* Reset the standard extended io functions.
*/
memset( &iofns, 0, sizeof(iofns));
iofns.lextiof_size = LDAP_X_EXTIO_FNS_SIZE;
if ( ldap_get_option( ld, LDAP_X_OPT_EXTIO_FN_PTRS, (void *)&iofns )
< 0) {
rc = -1;
goto free_session_info;
}
/* reset socket, connect, and ioctl */
iofns.lextiof_connect = sseip->lssei_std_functions.lssf_connect_fn;
iofns.lextiof_close = sseip->lssei_std_functions.lssf_close_fn;
iofns.lextiof_disposehandle =
sseip->lssei_std_functions.lssf_disposehdl_fn;
if ( ldap_set_option( ld, LDAP_X_OPT_EXTIO_FN_PTRS, (void *)&iofns )
< 0) {
rc = -1;
goto free_session_info;
}
free_session_info:
ldapssl_free_session_info( &sseip );
sei.seinfo_appdata = NULL;
if ( prldap_set_session_info( ld, NULL, &sei ) != LDAP_SUCCESS ) {
rc = -1;
}
} /* if ( sseip && *sseip ) */
if ( ldap_set_option( ld, LDAP_OPT_SSL, LDAP_OPT_OFF ) < 0 ) {
return (-1);
}
return rc;
}
#endif /* NET_SSL */

31
mozilla/directory/c-sdk/ldap/libraries/libssldap/secerrstrs.h
View File

@ -202,34 +202,6 @@ ER3(SEC_ERROR_UNSUPPORTED_KEYALG, (SEC_ERROR_BASE + 48),
ER3(SEC_ERROR_DECRYPTION_DISALLOWED, (SEC_ERROR_BASE + 49),
"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
/* Fortezza Alerts */
ER3(XP_SEC_FORTEZZA_BAD_CARD, (SEC_ERROR_BASE + 50),
"Fortezza card has not been properly initialized. \
Please remove it and return it to your issuer.")
ER3(XP_SEC_FORTEZZA_NO_CARD, (SEC_ERROR_BASE + 51),
"No Fortezza cards Found")
ER3(XP_SEC_FORTEZZA_NONE_SELECTED, (SEC_ERROR_BASE + 52),
"No Fortezza card selected")
ER3(XP_SEC_FORTEZZA_MORE_INFO, (SEC_ERROR_BASE + 53),
"Please select a personality to get more info on")
ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND, (SEC_ERROR_BASE + 54),
"Personality not found")
ER3(XP_SEC_FORTEZZA_NO_MORE_INFO, (SEC_ERROR_BASE + 55),
"No more information on that Personality")
ER3(XP_SEC_FORTEZZA_BAD_PIN, (SEC_ERROR_BASE + 56),
"Invalid Pin")
ER3(XP_SEC_FORTEZZA_PERSON_ERROR, (SEC_ERROR_BASE + 57),
"Couldn't initialize Fortezza personalities.")
/* end fortezza alerts. */
ER3(SEC_ERROR_NO_KRL, (SEC_ERROR_BASE + 58),
"No KRL for this site's certificate has been found.")
@ -368,9 +340,6 @@ ER3(SEC_ERROR_RETRY_OLD_PASSWORD, (SEC_ERROR_BASE + 102),
ER3(SEC_ERROR_BAD_NICKNAME, (SEC_ERROR_BASE + 103),
"Certificate nickname already in use.")
ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER, (SEC_ERROR_BASE + 104),
"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, (SEC_ERROR_BASE + 105),
"A sensitive key cannot be moved to the slot where it is needed.")

4
mozilla/directory/c-sdk/ldap/libraries/libssldap/sslerrstrs.h
View File

@ -113,10 +113,6 @@ ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19),
ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20),
"Cannot connect: SSL is disabled.")
ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21),
"Cannot connect: SSL peer is in another FORTEZZA domain.")
ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22),
"An unknown SSL cipher suite has been requested.")