Change version to 3.3.4.8

git-svn-id: svn://10.0.0.236/branches/NSS_3_3_4_1_BRANCH@212422 18797224-902f-48f8-a5cc-f745e15eee43
Fix bug 350640, bug 351079, and bug 351848 on the NSS_3_3_4_1_BRANCH.
2006-09-26 22:30:50 +00:00 · 2006-09-14 05:45:13 +00:00 · 2005-10-31 18:34:43 +00:00 · 2005-08-18 19:16:45 +00:00 · 2005-08-18 18:32:17 +00:00 · 2005-08-12 19:51:32 +00:00
1611 changed files with 563206 additions and 105978 deletions
--- a/mozilla/security/nss/Makefile
+++ b/mozilla/security/nss/Makefile
@@ -0,0 +1,115 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+nss_build_all: build_coreconf build_nspr build_dbm all
+
+build_coreconf:
+	cd $(CORE_DEPTH)/coreconf ;  $(MAKE)
+
+build_nspr:
+	cd $(CORE_DEPTH)/../nsprpub ; $(MAKE) OBJDIR_NAME=${OBJDIR_NAME} 
+
+build_dbm:
+	cd $(CORE_DEPTH)/dbm ; $(MAKE) export libs
+
+	
+
+moz_import::
+ifeq ($(OS_ARCH),WINNT)
+	$(NSINSTALL) -D $(DIST)/include/nspr
+	cp $(DIST)/../include/nspr/*.h $(DIST)/include/nspr
+	cp $(DIST)/../include/* $(DIST)/include
+ifdef BUILD_OPT
+	cp $(DIST)/../WIN32_O.OBJ/lib/* $(DIST)/lib
+else
+	cp $(DIST)/../WIN32_D.OBJ/lib/* $(DIST)/lib
+endif
+	mv $(DIST)/lib/dbm32.lib $(DIST)/lib/dbm.lib
+else
+ifeq ($(OS_ARCH),OS2)
+	cp -rf $(DIST)/../include $(DIST)
+	cp -rf $(DIST)/../lib $(DIST)
+	cp -f $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX) $(DIST)/lib/libdbm.$(LIB_SUFFIX)
+else
+	$(NSINSTALL) -L ../../dist include $(DIST)
+	$(NSINSTALL) -L ../../dist lib $(DIST)
+	cp $(DIST)/lib/libmozdbm_s.$(LIB_SUFFIX) $(DIST)/lib/libdbm.$(LIB_SUFFIX)
+endif
+endif
+
+nss_RelEng_bld: build_coreconf import all
+
+package:
+	$(MAKE) -C pkg publish
+
--- a/mozilla/security/nss/cmd/Makefile
+++ b/mozilla/security/nss/cmd/Makefile
@@ -0,0 +1,182 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../..
+DEPTH = ../..
+
+include manifest.mn
+include $(CORE_DEPTH)/coreconf/config.mk
+
+# These sources were once in this directory, but now are gone.
+MISSING_SOURCES = \
+	addcert.c \
+	berparse.c \
+	cert.c	\
+	key.c	\
+	key_rand.c \
+	keygen.c \
+	sec_fe.c \
+	sec_read.c \
+	secarb.c \
+	secutil.c \
+	$(NULL)
+
+# we don't build these any more, but the sources are still here
+OBSOLETE = \
+	berdec.c \
+	berdump.c \
+	cypher.c \
+	dumpcert.c \
+	listcerts.c \
+	mkdongle.c \
+	p12exprt.c \
+	p12imprt.c \
+	rc4.c \
+	sign.c \
+	unwrap.c \
+	vector.c \
+	verify.c \
+	wrap.c \
+	$(NULL)
+
+# the base files for the executables
+# hey -- keep these alphabetical, please
+EXEC_SRCS = \
+	$(NULL)
+
+# files that generate two separate objects and executables
+# BI_SRCS	= \
+# 	keyutil.c \
+# 	p7env.c \
+# 	tstclnt.c \
+# 	$(NULL)
+
+#	-I$(CORE_DEPTH)/security/lib/cert \
+#	-I$(CORE_DEPTH)/security/lib/key \
+#	-I$(CORE_DEPTH)/security/lib/util  \
+
+INCLUDES += \
+	-I$(DIST)/../public/security \
+	-I./include \
+	$(NULL)
+
+TBD_DIRS = rsh rshd rdist ssld
+
+# For the time being, sec stuff is export only
+# US_FLAGS = -DEXPORT_VERSION -DUS_VERSION
+
+US_FLAGS = -DEXPORT_VERSION
+EXPORT_FLAGS = -DEXPORT_VERSION
+
+BASE_LIBS = \
+	$(DIST)/lib/libdbm.$(LIB_SUFFIX) \
+	$(DIST)/lib/libxp.$(LIB_SUFFIX) \
+	$(DIST)/lib/libnspr.$(LIB_SUFFIX) \
+	$(NULL)
+
+#	$(DIST)/lib/libpurenspr.$(LIB_SUFFIX) \
+
+#There is a circular dependancy in security/lib, and here is a gross fix
+SEC_LIBS = \
+	$(DIST)/lib/libsecnav.$(LIB_SUFFIX) \
+        $(DIST)/lib/libssl.$(LIB_SUFFIX) \
+        $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \
+        $(DIST)/lib/libcert.$(LIB_SUFFIX) \
+        $(DIST)/lib/libkey.$(LIB_SUFFIX) \
+	$(DIST)/lib/libsecmod.$(LIB_SUFFIX) \
+        $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \
+        $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \
+        $(DIST)/lib/libssl.$(LIB_SUFFIX) \
+        $(DIST)/lib/libpkcs7.$(LIB_SUFFIX) \
+        $(DIST)/lib/libcert.$(LIB_SUFFIX) \
+        $(DIST)/lib/libkey.$(LIB_SUFFIX) \
+	$(DIST)/lib/libsecmod.$(LIB_SUFFIX) \
+        $(DIST)/lib/libcrypto.$(LIB_SUFFIX) \
+        $(DIST)/lib/libsecutil.$(LIB_SUFFIX) \
+        $(DIST)/lib/libhash.$(LIB_SUFFIX) \
+	$(NULL)
+
+MYLIB	= lib/$(OBJDIR)/libsectool.$(LIB_SUFFIX)
+
+US_LIBS	= $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS)
+EX_LIBS	= $(MYLIB) $(SEC_LIBS) $(BASE_LIBS) $(MYLIB) $(BASE_LIBS) 
+
+REQUIRES = libxp nspr security
+
+CSRCS	= $(EXEC_SRCS) $(BI_SRCS)
+
+OBJS	= $(CSRCS:.c=.o) $(BI_SRCS:.c=-us.o) $(BI_SRCS:.c=-ex.o)
+
+PROGS		= $(addprefix $(OBJDIR)/, $(EXEC_SRCS:.c=$(BIN_SUFFIX)))
+US_PROGS 	= $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-us$(BIN_SUFFIX)))
+EX_PROGS	= $(addprefix $(OBJDIR)/, $(BI_SRCS:.c=-ex$(BIN_SUFFIX)))
+
+
+NON_DIRS = $(PROGS) $(US_PROGS) $(EX_PROGS)
+TARGETS = $(NON_DIRS)
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+
+ifneq ($(OS_ARCH),OS2)
+$(OBJDIR)/%-us.o: %.c
+	@$(MAKE_OBJDIR)
+	$(CCF) -o $@ $(US_FLAGS) -c $*.c
+
+$(OBJDIR)/%-ex.o: %.c
+	@$(MAKE_OBJDIR)
+	$(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c
+
+$(OBJDIR)/%.o: %.c
+	@$(MAKE_OBJDIR)
+	$(CCF) -o $@ $(EXPORT_FLAGS) -c $*.c
+
+$(US_PROGS):$(OBJDIR)/%-us: $(OBJDIR)/%-us.o $(US_LIBS)
+	@$(MAKE_OBJDIR)
+	$(CCF) -o $@ $(OBJDIR)/$*-us.o $(LDFLAGS) $(US_LIBS) $(OS_LIBS)
+
+$(EX_PROGS):$(OBJDIR)/%-ex: $(OBJDIR)/%-ex.o $(EX_LIBS)
+	@$(MAKE_OBJDIR)
+	$(CCF) -o $@ $(OBJDIR)/$*-ex.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS)
+
+$(PROGS):$(OBJDIR)/%: $(OBJDIR)/%.o $(EX_LIBS)
+	@$(MAKE_OBJDIR)
+	$(CCF) -o $@ $@.o $(LDFLAGS) $(EX_LIBS) $(OS_LIBS)
+
+#install:: $(TARGETS)
+#	$(INSTALL) $(TARGETS) $(DIST)/bin
+endif
+
+symbols::
+	@echo "TARGETS	= $(TARGETS)"
--- a/mozilla/security/nss/cmd/SSLsample/Makefile
+++ b/mozilla/security/nss/cmd/SSLsample/Makefile
@@ -0,0 +1,44 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+# do these once for each target program
+all default export libs program install release_export::
+	$(MAKE) -f make.client $@
+	$(MAKE) -f make.server $@
+
+# only do these things once for the whole directory
+depend dependclean clean clobber realclean clobber_all release_classes release_clean release_cpdistdir release_export release_jars release_md release_policy show::
+	$(MAKE) -f make.client $@
+
+
--- a/mozilla/security/nss/cmd/SSLsample/Makefile.NSS
+++ b/mozilla/security/nss/cmd/SSLsample/Makefile.NSS
@@ -0,0 +1,58 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+ARCH := $(shell uname)
+
+ifeq ($(ARCH), SunOS)
+	DEFINES  = -KPIC -DSVR4 -DSOLARIS -DSYSV -D__svr4 -D__svr4__ \
+ -D_REENTRANT -DSOLARIS2_5 -D_SVID_GETTOD -DXP_UNIX -UDEBUG -DNDEBUG \
+ -DXP_UNIX
+	INCPATH  = -I. -I../include/dbm -I../include/nspr -I../include/security
+	LIBPATH  = -L../lib
+	LIBS     = -lnss -lssl -lpkcs7 -lpkcs12 -lsecmod -lcert -lkey \
+ -lcrypto -lsecutil -lhash -ldbm -lplc4 -lplds4 -lnspr4 -lsocket -lnsl
+	CFLAGS   = -g
+	CC       = cc
+endif # SunOS
+
+# The rules to build the sample apps appear below.
+
+server:
+	$(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS)
+
+client:
+	$(CC) $(CFLAGS) $@.c -o $@ $(DEFINES) $(INCPATH) $(LIBPATH) $(LIBS)
+
+clean:
+	rm -fr server client server.o client.o
+
--- a/mozilla/security/nss/cmd/SSLsample/NSPRerrs.h
+++ b/mozilla/security/nss/cmd/SSLsample/NSPRerrs.h
@@ -0,0 +1,133 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+/* General NSPR 2.0 errors */
+/* Caller must #include "prerror.h" */
+
+ER2( PR_OUT_OF_MEMORY_ERROR, 	"Memory allocation attempt failed." )
+ER2( PR_BAD_DESCRIPTOR_ERROR, 	"Invalid file descriptor." )
+ER2( PR_WOULD_BLOCK_ERROR, 	"The operation would have blocked." )
+ER2( PR_ACCESS_FAULT_ERROR, 	"Invalid memory address argument." )
+ER2( PR_INVALID_METHOD_ERROR, 	"Invalid function for file type." )
+ER2( PR_ILLEGAL_ACCESS_ERROR, 	"Invalid memory address argument." )
+ER2( PR_UNKNOWN_ERROR, 		"Some unknown error has occurred." )
+ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
+ER2( PR_NOT_IMPLEMENTED_ERROR, 	"function not implemented." )
+ER2( PR_IO_ERROR, 		"I/O function error." )
+ER2( PR_IO_TIMEOUT_ERROR, 	"I/O operation timed out." )
+ER2( PR_IO_PENDING_ERROR, 	"I/O operation on busy file descriptor." )
+ER2( PR_DIRECTORY_OPEN_ERROR, 	"The directory could not be opened." )
+ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
+ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
+ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
+ER2( PR_IS_CONNECTED_ERROR, 	"Already connected." )
+ER2( PR_BAD_ADDRESS_ERROR, 	"Network address is invalid." )
+ER2( PR_ADDRESS_IN_USE_ERROR, 	"Local Network address is in use." )
+ER2( PR_CONNECT_REFUSED_ERROR, 	"Connection refused by peer." )
+ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
+ER2( PR_CONNECT_TIMEOUT_ERROR, 	"Connection attempt timed out." )
+ER2( PR_NOT_CONNECTED_ERROR, 	"Network file descriptor is not connected." )
+ER2( PR_LOAD_LIBRARY_ERROR, 	"Failure to load dynamic library." )
+ER2( PR_UNLOAD_LIBRARY_ERROR, 	"Failure to unload dynamic library." )
+ER2( PR_FIND_SYMBOL_ERROR, 	
+"Symbol not found in any of the loaded dynamic libraries." )
+ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
+ER2( PR_DIRECTORY_LOOKUP_ERROR, 	
+"A directory lookup on a network address has failed." )
+ER2( PR_TPD_RANGE_ERROR, 		
+"Attempt to access a TPD key that is out of range." )
+ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
+ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
+ER2( PR_NOT_SOCKET_ERROR, 	
+"Network operation attempted on non-network file descriptor." )
+ER2( PR_NOT_TCP_SOCKET_ERROR, 	
+"TCP-specific function attempted on a non-TCP file descriptor." )
+ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
+ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
+ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, 
+"The requested operation is not supported by the platform." )
+ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, 
+"The host operating system does not support the protocol requested." )
+ER2( PR_REMOTE_FILE_ERROR, 	"Access to the remote file has been severed." )
+ER2( PR_BUFFER_OVERFLOW_ERROR, 	
+"The value requested is too large to be stored in the data buffer provided." )
+ER2( PR_CONNECT_RESET_ERROR, 	"TCP connection reset by peer." )
+ER2( PR_RANGE_ERROR, 		"Unused." )
+ER2( PR_DEADLOCK_ERROR, 	"The operation would have deadlocked." )
+ER2( PR_FILE_IS_LOCKED_ERROR, 	"The file is already locked." )
+ER2( PR_FILE_TOO_BIG_ERROR, 	
+"Write would result in file larger than the system allows." )
+ER2( PR_NO_DEVICE_SPACE_ERROR, 	"The device for storing the file is full." )
+ER2( PR_PIPE_ERROR, 		"Unused." )
+ER2( PR_NO_SEEK_DEVICE_ERROR, 	"Unused." )
+ER2( PR_IS_DIRECTORY_ERROR, 	
+"Cannot perform a normal file operation on a directory." )
+ER2( PR_LOOP_ERROR, 		"Symbolic link loop." )
+ER2( PR_NAME_TOO_LONG_ERROR, 	"File name is too long." )
+ER2( PR_FILE_NOT_FOUND_ERROR, 	"File not found." )
+ER2( PR_NOT_DIRECTORY_ERROR, 	
+"Cannot perform directory operation on a normal file." )
+ER2( PR_READ_ONLY_FILESYSTEM_ERROR, 
+"Cannot write to a read-only file system." )
+ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, 
+"Cannot delete a directory that is not empty." )
+ER2( PR_FILESYSTEM_MOUNTED_ERROR, 
+"Cannot delete or rename a file object while the file system is busy." )
+ER2( PR_NOT_SAME_DEVICE_ERROR, 	
+"Cannot rename a file to a file system on another device." )
+ER2( PR_DIRECTORY_CORRUPTED_ERROR, 
+"The directory object in the file system is corrupted." )
+ER2( PR_FILE_EXISTS_ERROR, 	
+"Cannot create or rename a filename that already exists." )
+ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, 
+"Directory is full.  No additional filenames may be added." )
+ER2( PR_INVALID_DEVICE_STATE_ERROR, 
+"The required device was in an invalid state." )
+ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
+ER2( PR_NO_MORE_FILES_ERROR, 	"No more entries in the directory." )
+ER2( PR_END_OF_FILE_ERROR, 	"Encountered end of file." )
+ER2( PR_FILE_SEEK_ERROR, 	"Seek error." )
+ER2( PR_FILE_IS_BUSY_ERROR, 	"The file is busy." )
+ER2( PR_IN_PROGRESS_ERROR,
+"Operation is still in progress (probably a non-blocking connect)." )
+ER2( PR_ALREADY_INITIATED_ERROR,
+"Operation has already been initiated (probably a non-blocking connect)." )
+
+#ifdef PR_GROUP_EMPTY_ERROR
+ER2( PR_GROUP_EMPTY_ERROR, 	"The wait group is empty." )
+#endif
+
+#ifdef PR_INVALID_STATE_ERROR
+ER2( PR_INVALID_STATE_ERROR, 	"Object state improper for request." )
+#endif
+
+ER2( PR_MAX_ERROR, 		"Placeholder for the end of the list" )
--- a/mozilla/security/nss/cmd/SSLsample/README
+++ b/mozilla/security/nss/cmd/SSLsample/README
@@ -0,0 +1,43 @@
+These sample programs can be built in either of two ways:
+1) is the NSS source tree, using the coreconf build system, and 
+2) stand alone (as part of the NSS distribution).
+
+The following makefiles are used only when building in the NSS source tree
+using coreconf.  These are NOT part of the distribution.
+
+Makefile
+client.mn
+server.mn
+config.mk
+make.client
+make.server
+
+The following makefiles are used only when building in the NSS distribution.
+These files are part of the distribution.
+
+Makefile.NSS
+nmakefile95.nss
+nmakefilent.nss
+
+
+The following source files are common to both build environments and are
+part of the distribution.
+
+NSPRerrs.h
+SECerrs.h
+SSLerrs.h
+client.c
+getopt.c
+server.c
+sslerror.h
+
+In the NSS 2.0 distribution, the sample code and makefiles are in a 
+directory named "samples".  The directories relevant to building 
+in the distributed tree are:
+
+./samples
+./include/dbm
+./include/nspr
+./include/security
+./lib
+
--- a/mozilla/security/nss/cmd/SSLsample/SECerrs.h
+++ b/mozilla/security/nss/cmd/SSLsample/SECerrs.h
@@ -0,0 +1,441 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/* General security error codes  */
+/* Caller must #include "secerr.h" */
+
+ER3(SEC_ERROR_IO,				SEC_ERROR_BASE + 0,
+"An I/O error occurred during security authorization.")
+
+ER3(SEC_ERROR_LIBRARY_FAILURE,			SEC_ERROR_BASE + 1,
+"security library failure.")
+
+ER3(SEC_ERROR_BAD_DATA,				SEC_ERROR_BASE + 2,
+"security library: received bad data.")
+
+ER3(SEC_ERROR_OUTPUT_LEN,			SEC_ERROR_BASE + 3,
+"security library: output length error.")
+
+ER3(SEC_ERROR_INPUT_LEN,			SEC_ERROR_BASE + 4,
+"security library has experienced an input length error.")
+
+ER3(SEC_ERROR_INVALID_ARGS,			SEC_ERROR_BASE + 5,
+"security library: invalid arguments.")
+
+ER3(SEC_ERROR_INVALID_ALGORITHM,		SEC_ERROR_BASE + 6,
+"security library: invalid algorithm.")
+
+ER3(SEC_ERROR_INVALID_AVA,			SEC_ERROR_BASE + 7,
+"security library: invalid AVA.")
+
+ER3(SEC_ERROR_INVALID_TIME,			SEC_ERROR_BASE + 8,
+"Improperly formatted time string.")
+
+ER3(SEC_ERROR_BAD_DER,				SEC_ERROR_BASE + 9,
+"security library: improperly formatted DER-encoded message.")
+
+ER3(SEC_ERROR_BAD_SIGNATURE,			SEC_ERROR_BASE + 10,
+"Peer's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_EXPIRED_CERTIFICATE,		SEC_ERROR_BASE + 11,
+"Peer's Certificate has expired.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE,		SEC_ERROR_BASE + 12,
+"Peer's Certificate has been revoked.")
+
+ER3(SEC_ERROR_UNKNOWN_ISSUER,			SEC_ERROR_BASE + 13,
+"Peer's Certificate issuer is not recognized.")
+
+ER3(SEC_ERROR_BAD_KEY,				SEC_ERROR_BASE + 14,
+"Peer's public key is invalid.")
+
+ER3(SEC_ERROR_BAD_PASSWORD,			SEC_ERROR_BASE + 15,
+"The security password entered is incorrect.")
+
+ER3(SEC_ERROR_RETRY_PASSWORD,			SEC_ERROR_BASE + 16,
+"New password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_NO_NODELOCK,			SEC_ERROR_BASE + 17,
+"security library: no nodelock.")
+
+ER3(SEC_ERROR_BAD_DATABASE,			SEC_ERROR_BASE + 18,
+"security library: bad database.")
+
+ER3(SEC_ERROR_NO_MEMORY,			SEC_ERROR_BASE + 19,
+"security library: memory allocation failure.")
+
+ER3(SEC_ERROR_UNTRUSTED_ISSUER,			SEC_ERROR_BASE + 20,
+"Peer's certificate issuer has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_UNTRUSTED_CERT,			SEC_ERROR_BASE + 21,
+"Peer's certificate has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT,			(SEC_ERROR_BASE + 22),
+"Certificate already exists in your database.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT_NAME,		(SEC_ERROR_BASE + 23),
+"Downloaded certificate's name duplicates one already in your database.")
+
+ER3(SEC_ERROR_ADDING_CERT,			(SEC_ERROR_BASE + 24),
+"Error adding certificate to database.")
+
+ER3(SEC_ERROR_FILING_KEY,			(SEC_ERROR_BASE + 25),
+"Error refiling the key for this certificate.")
+
+ER3(SEC_ERROR_NO_KEY,				(SEC_ERROR_BASE + 26),
+"The private key for this certificate cannot be found in key database")
+
+ER3(SEC_ERROR_CERT_VALID,			(SEC_ERROR_BASE + 27),
+"This certificate is valid.")
+
+ER3(SEC_ERROR_CERT_NOT_VALID,			(SEC_ERROR_BASE + 28),
+"This certificate is not valid.")
+
+ER3(SEC_ERROR_CERT_NO_RESPONSE,			(SEC_ERROR_BASE + 29),
+"Cert Library: No Response")
+
+ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,	(SEC_ERROR_BASE + 30),
+"The certificate issuer's certificate has expired.  Check your system date and time.")
+
+ER3(SEC_ERROR_CRL_EXPIRED,			(SEC_ERROR_BASE + 31),
+"The CRL for the certificate's issuer has expired.  Update it or check your system data and time.")
+
+ER3(SEC_ERROR_CRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 32),
+"The CRL for the certificate's issuer has an invalid signature.")
+
+ER3(SEC_ERROR_CRL_INVALID,			(SEC_ERROR_BASE + 33),
+"New CRL has an invalid format.")
+
+ER3(SEC_ERROR_EXTENSION_VALUE_INVALID,		(SEC_ERROR_BASE + 34),
+"Certificate extension value is invalid.")
+
+ER3(SEC_ERROR_EXTENSION_NOT_FOUND,		(SEC_ERROR_BASE + 35),
+"Certificate extension not found.")
+
+ER3(SEC_ERROR_CA_CERT_INVALID,			(SEC_ERROR_BASE + 36),
+"Issuer certificate is invalid.")
+   
+ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID,	(SEC_ERROR_BASE + 37),
+"Certificate path length constraint is invalid.")
+
+ER3(SEC_ERROR_CERT_USAGES_INVALID,		(SEC_ERROR_BASE + 38),
+"Certificate usages field is invalid.")
+
+ER3(SEC_INTERNAL_ONLY,				(SEC_ERROR_BASE + 39),
+"**Internal ONLY module**")
+
+ER3(SEC_ERROR_INVALID_KEY,			(SEC_ERROR_BASE + 40),
+"The key does not support the requested operation.")
+
+ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION,	(SEC_ERROR_BASE + 41),
+"Certificate contains unknown critical extension.")
+
+ER3(SEC_ERROR_OLD_CRL,				(SEC_ERROR_BASE + 42),
+"New CRL is not later than the current one.")
+
+ER3(SEC_ERROR_NO_EMAIL_CERT,			(SEC_ERROR_BASE + 43),
+"Not encrypted or signed: you do not yet have an email certificate.")
+
+ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY,		(SEC_ERROR_BASE + 44),
+"Not encrypted: you do not have certificates for each of the recipients.")
+
+ER3(SEC_ERROR_NOT_A_RECIPIENT,			(SEC_ERROR_BASE + 45),
+"Cannot decrypt: you are not a recipient, or matching certificate and \
+private key not found.")
+
+ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH,		(SEC_ERROR_BASE + 46),
+"Cannot decrypt: key encryption algorithm does not match your certificate.")
+
+ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE,		(SEC_ERROR_BASE + 47),
+"Signature verification failed: no signer found, too many signers found, \
+or improper or corrupted data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_KEYALG,		(SEC_ERROR_BASE + 48),
+"Unsupported or unknown key algorithm.")
+
+ER3(SEC_ERROR_DECRYPTION_DISALLOWED,		(SEC_ERROR_BASE + 49),
+"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
+
+
+/* Fortezza Alerts */
+ER3(XP_SEC_FORTEZZA_BAD_CARD,			(SEC_ERROR_BASE + 50),
+"Fortezza card has not been properly initialized.  \
+Please remove it and return it to your issuer.")
+
+ER3(XP_SEC_FORTEZZA_NO_CARD,			(SEC_ERROR_BASE + 51),
+"No Fortezza cards Found")
+
+ER3(XP_SEC_FORTEZZA_NONE_SELECTED,		(SEC_ERROR_BASE + 52),
+"No Fortezza card selected")
+
+ER3(XP_SEC_FORTEZZA_MORE_INFO,			(SEC_ERROR_BASE + 53),
+"Please select a personality to get more info on")
+
+ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND,		(SEC_ERROR_BASE + 54),
+"Personality not found")
+
+ER3(XP_SEC_FORTEZZA_NO_MORE_INFO,		(SEC_ERROR_BASE + 55),
+"No more information on that Personality")
+
+ER3(XP_SEC_FORTEZZA_BAD_PIN,			(SEC_ERROR_BASE + 56),
+"Invalid Pin")
+
+ER3(XP_SEC_FORTEZZA_PERSON_ERROR,		(SEC_ERROR_BASE + 57),
+"Couldn't initialize Fortezza personalities.")
+/* end fortezza alerts. */
+
+ER3(SEC_ERROR_NO_KRL,				(SEC_ERROR_BASE + 58),
+"No KRL for this site's certificate has been found.")
+
+ER3(SEC_ERROR_KRL_EXPIRED,			(SEC_ERROR_BASE + 59),
+"The KRL for this site's certificate has expired.")
+
+ER3(SEC_ERROR_KRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 60),
+"The KRL for this site's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_REVOKED_KEY,			(SEC_ERROR_BASE + 61),
+"The key for this site's certificate has been revoked.")
+
+ER3(SEC_ERROR_KRL_INVALID,			(SEC_ERROR_BASE + 62),
+"New KRL has an invalid format.")
+
+ER3(SEC_ERROR_NEED_RANDOM,			(SEC_ERROR_BASE + 63),
+"security library: need random data.")
+
+ER3(SEC_ERROR_NO_MODULE,			(SEC_ERROR_BASE + 64),
+"security library: no security module can perform the requested operation.")
+
+ER3(SEC_ERROR_NO_TOKEN,				(SEC_ERROR_BASE + 65),
+"The security card or token does not exist, needs to be initialized, or has been removed.")
+
+ER3(SEC_ERROR_READ_ONLY,			(SEC_ERROR_BASE + 66),
+"security library: read-only database.")
+
+ER3(SEC_ERROR_NO_SLOT_SELECTED,			(SEC_ERROR_BASE + 67),
+"No slot or token was selected.")
+
+ER3(SEC_ERROR_CERT_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 68),
+"A certificate with the same nickname already exists.")
+
+ER3(SEC_ERROR_KEY_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 69),
+"A key with the same nickname already exists.")
+
+ER3(SEC_ERROR_SAFE_NOT_CREATED,			(SEC_ERROR_BASE + 70),
+"error while creating safe object")
+
+ER3(SEC_ERROR_BAGGAGE_NOT_CREATED,		(SEC_ERROR_BASE + 71),
+"error while creating baggage object")
+
+ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR,		(SEC_ERROR_BASE + 72),
+"Couldn't remove the principal")
+
+ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR,		(SEC_ERROR_BASE + 73),
+"Couldn't delete the privilege")
+
+ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR,		(SEC_ERROR_BASE + 74),
+"This principal doesn't have a certificate")
+
+ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM,		(SEC_ERROR_BASE + 75),
+"Required algorithm is not allowed.")
+
+ER3(SEC_ERROR_EXPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 76),
+"Error attempting to export certificates.")
+
+ER3(SEC_ERROR_IMPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 77),
+"Error attempting to import certificates.")
+
+ER3(SEC_ERROR_PKCS12_DECODING_PFX,		(SEC_ERROR_BASE + 78),
+"Unable to import.  Decoding error.  File not valid.")
+
+ER3(SEC_ERROR_PKCS12_INVALID_MAC,		(SEC_ERROR_BASE + 79),
+"Unable to import.  Invalid MAC.  Incorrect password or corrupt file.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM,	(SEC_ERROR_BASE + 80),
+"Unable to import.  MAC algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
+"Unable to import.  Only password integrity and privacy modes supported.")
+
+ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE,	(SEC_ERROR_BASE + 82),
+"Unable to import.  File structure is corrupt.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
+"Unable to import.  Encryption algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION,	(SEC_ERROR_BASE + 84),
+"Unable to import.  File version not supported.")
+
+ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
+"Unable to import.  Incorrect privacy password.")
+
+ER3(SEC_ERROR_PKCS12_CERT_COLLISION,		(SEC_ERROR_BASE + 86),
+"Unable to import.  Same nickname already exists in database.")
+
+ER3(SEC_ERROR_USER_CANCELLED,			(SEC_ERROR_BASE + 87),
+"The user pressed cancel.")
+
+ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA,		(SEC_ERROR_BASE + 88),
+"Not imported, already in database.")
+
+ER3(SEC_ERROR_MESSAGE_SEND_ABORTED,		(SEC_ERROR_BASE + 89),
+"Message not sent.")
+
+ER3(SEC_ERROR_INADEQUATE_KEY_USAGE,		(SEC_ERROR_BASE + 90),
+"Certificate key usage inadequate for attempted operation.")
+
+ER3(SEC_ERROR_INADEQUATE_CERT_TYPE,		(SEC_ERROR_BASE + 91),
+"Certificate type not approved for application.")
+
+ER3(SEC_ERROR_CERT_ADDR_MISMATCH,		(SEC_ERROR_BASE + 92),
+"Address in signing certificate does not match address in message headers.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY,	(SEC_ERROR_BASE + 93),
+"Unable to import.  Error attempting to import private key.")
+
+ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN,	(SEC_ERROR_BASE + 94),
+"Unable to import.  Error attempting to import certificate chain.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
+"Unable to export.  Unable to locate certificate or key by nickname.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY,	(SEC_ERROR_BASE + 96),
+"Unable to export.  Private Key could not be located and exported.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, 		(SEC_ERROR_BASE + 97),
+"Unable to export.  Unable to write the export file.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ,		(SEC_ERROR_BASE + 98),
+"Unable to import.  Unable to read the import file.")
+
+ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
+"Unable to export.  Key database corrupt or deleted.")
+
+ER3(SEC_ERROR_KEYGEN_FAIL,			(SEC_ERROR_BASE + 100),
+"Unable to generate public/private key pair.")
+
+ER3(SEC_ERROR_INVALID_PASSWORD,			(SEC_ERROR_BASE + 101),
+"Password entered is invalid.  Please pick a different one.")
+
+ER3(SEC_ERROR_RETRY_OLD_PASSWORD,		(SEC_ERROR_BASE + 102),
+"Old password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_BAD_NICKNAME,			(SEC_ERROR_BASE + 103),
+"Certificate nickname already in use.")
+
+ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER,       	(SEC_ERROR_BASE + 104),
+"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
+
+/* ER3(SEC_ERROR_UNKNOWN, 			(SEC_ERROR_BASE + 105), */
+
+ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, 		(SEC_ERROR_BASE + 106),
+"Invalid module name.")
+
+ER3(SEC_ERROR_JS_INVALID_DLL, 			(SEC_ERROR_BASE + 107),
+"Invalid module path/filename")
+
+ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, 		(SEC_ERROR_BASE + 108),
+"Unable to add module")
+
+ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, 		(SEC_ERROR_BASE + 109),
+"Unable to delete module")
+
+ER3(SEC_ERROR_OLD_KRL,	     			(SEC_ERROR_BASE + 110),
+"New KRL is not later than the current one.")
+ 
+ER3(SEC_ERROR_CKL_CONFLICT,	     		(SEC_ERROR_BASE + 111),
+"New CKL has different issuer than current CKL.  Delete current CKL.")
+
+ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, 		(SEC_ERROR_BASE + 112),
+"The Certifying Authority for this certificate is not permitted to issue a \
+certificate with this name.")
+
+ER3(SEC_ERROR_KRL_NOT_YET_VALID,		(SEC_ERROR_BASE + 113),
+"The key revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_CRL_NOT_YET_VALID,		(SEC_ERROR_BASE + 114),
+"The certificate revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_UNKNOWN_CERT,			(SEC_ERROR_BASE + 115),
+"The requested certificate could not be found.")
+
+ER3(SEC_ERROR_UNKNOWN_SIGNER,			(SEC_ERROR_BASE + 116),
+"The signer's certificate could not be found.")
+
+ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION,		(SEC_ERROR_BASE + 117),
+"The location for the certificate status server has invalid format.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE,	(SEC_ERROR_BASE + 118),
+"The OCSP response cannot be fully decoded; it is of an unknown type.")
+
+ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE,		(SEC_ERROR_BASE + 119),
+"The OCSP server returned unexpected/invalid HTTP data.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST,		(SEC_ERROR_BASE + 120),
+"The OCSP server found the request to be corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_SERVER_ERROR,		(SEC_ERROR_BASE + 121),
+"The OCSP server experienced an internal error.")
+
+ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER,		(SEC_ERROR_BASE + 122),
+"The OCSP server suggests trying again later.")
+
+ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG,		(SEC_ERROR_BASE + 123),
+"The OCSP server requires a signature on this request.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST,	(SEC_ERROR_BASE + 124),
+"The OCSP server has refused this request as unauthorized.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS,	(SEC_ERROR_BASE + 125),
+"The OCSP server returned an unrecognizable status.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_CERT,		(SEC_ERROR_BASE + 126),
+"The OCSP server has no status for the certificate.")
+
+ER3(SEC_ERROR_OCSP_NOT_ENABLED,			(SEC_ERROR_BASE + 127),
+"You must enable OCSP before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER,	(SEC_ERROR_BASE + 128),
+"You must set the OCSP default responder before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE,		(SEC_ERROR_BASE + 129),
+"The response from the OCSP server was corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE,	(SEC_ERROR_BASE + 130),
+"The signer of the OCSP response is not authorized to give status for \
+this certificate.")
+
+ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE,		(SEC_ERROR_BASE + 131),
+"The OCSP response is not yet valid (contains a date in the future).")
+
+ER3(SEC_ERROR_OCSP_OLD_RESPONSE,		(SEC_ERROR_BASE + 132),
+"The OCSP response contains out-of-date information.")
--- a/mozilla/security/nss/cmd/SSLsample/SSLerrs.h
+++ b/mozilla/security/nss/cmd/SSLsample/SSLerrs.h
@@ -0,0 +1,366 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/* SSL-specific security error codes  */
+/* caller must include "sslerr.h" */
+
+ER3(SSL_ERROR_EXPORT_ONLY_SERVER,			SSL_ERROR_BASE + 0,
+"Unable to communicate securely.  Peer does not support high-grade encryption.")
+
+ER3(SSL_ERROR_US_ONLY_SERVER,				SSL_ERROR_BASE + 1,
+"Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
+
+ER3(SSL_ERROR_NO_CYPHER_OVERLAP,			SSL_ERROR_BASE + 2,
+"Cannot communicate securely with peer: no common encryption algorithm(s).")
+
+ER3(SSL_ERROR_NO_CERTIFICATE,				SSL_ERROR_BASE + 3,
+"Unable to find the certificate or key necessary for authentication.")
+
+ER3(SSL_ERROR_BAD_CERTIFICATE,				SSL_ERROR_BASE + 4,
+"Unable to communicate securely with peer: peers's certificate was rejected.")
+
+/* unused						(SSL_ERROR_BASE + 5),*/
+
+ER3(SSL_ERROR_BAD_CLIENT,				SSL_ERROR_BASE + 6,
+"The server has encountered bad data from the client.")
+
+ER3(SSL_ERROR_BAD_SERVER,				SSL_ERROR_BASE + 7,
+"The client has encountered bad data from the server.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,		SSL_ERROR_BASE + 8,
+"Unsupported certificate type.")
+
+ER3(SSL_ERROR_UNSUPPORTED_VERSION,			SSL_ERROR_BASE + 9,
+"Peer using unsupported version of security protocol.")
+
+/* unused						(SSL_ERROR_BASE + 10),*/
+
+ER3(SSL_ERROR_WRONG_CERTIFICATE,			SSL_ERROR_BASE + 11,
+"Client authentication failed: private key in key database does not match public key in certificate database.")
+
+ER3(SSL_ERROR_BAD_CERT_DOMAIN,				SSL_ERROR_BASE + 12,
+"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
+
+/* SSL_ERROR_POST_WARNING				(SSL_ERROR_BASE + 13),
+   defined in sslerr.h
+*/
+
+ER3(SSL_ERROR_SSL2_DISABLED,				(SSL_ERROR_BASE + 14),
+"Peer only supports SSL version 2, which is locally disabled.")
+
+
+ER3(SSL_ERROR_BAD_MAC_READ,				(SSL_ERROR_BASE + 15),
+"SSL received a record with an incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_MAC_ALERT,				(SSL_ERROR_BASE + 16),
+"SSL peer reports incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_CERT_ALERT,				(SSL_ERROR_BASE + 17),
+"SSL peer cannot verify your certificate.")
+
+ER3(SSL_ERROR_REVOKED_CERT_ALERT,			(SSL_ERROR_BASE + 18),
+"SSL peer rejected your certificate as revoked.")
+
+ER3(SSL_ERROR_EXPIRED_CERT_ALERT,			(SSL_ERROR_BASE + 19),
+"SSL peer rejected your certificate as expired.")
+
+ER3(SSL_ERROR_SSL_DISABLED,				(SSL_ERROR_BASE + 20),
+"Cannot connect: SSL is disabled.")
+
+ER3(SSL_ERROR_FORTEZZA_PQG,				(SSL_ERROR_BASE + 21),
+"Cannot connect: SSL peer is in another FORTEZZA domain.")
+
+
+ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE          , (SSL_ERROR_BASE + 22),
+"An unknown SSL cipher suite has been requested.")
+
+ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED          , (SSL_ERROR_BASE + 23),
+"No cipher suites are present and enabled in this program.")
+
+ER3(SSL_ERROR_BAD_BLOCK_PADDING             , (SSL_ERROR_BASE + 24),
+"SSL received a record with bad block padding.")
+
+ER3(SSL_ERROR_RX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 25),
+"SSL received a record that exceeded the maximum permissible length.")
+
+ER3(SSL_ERROR_TX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 26),
+"SSL attempted to send a record that exceeded the maximum permissible length.")
+
+/*
+ * Received a malformed (too long or short or invalid content) SSL handshake.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    , (SSL_ERROR_BASE + 27),
+"SSL received a malformed Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     , (SSL_ERROR_BASE + 28),
+"SSL received a malformed Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO     , (SSL_ERROR_BASE + 29),
+"SSL received a malformed Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE      , (SSL_ERROR_BASE + 30),
+"SSL received a malformed Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  , (SSL_ERROR_BASE + 31),
+"SSL received a malformed Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST     , (SSL_ERROR_BASE + 32),
+"SSL received a malformed Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE       , (SSL_ERROR_BASE + 33),
+"SSL received a malformed Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY      , (SSL_ERROR_BASE + 34),
+"SSL received a malformed Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  , (SSL_ERROR_BASE + 35),
+"SSL received a malformed Client Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_FINISHED         , (SSL_ERROR_BASE + 36),
+"SSL received a malformed Finished handshake message.")
+
+/*
+ * Received a malformed (too long or short) SSL record.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    , (SSL_ERROR_BASE + 37),
+"SSL received a malformed Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_ALERT            , (SSL_ERROR_BASE + 38),
+"SSL received a malformed Alert record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE        , (SSL_ERROR_BASE + 39),
+"SSL received a malformed Handshake record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
+"SSL received a malformed Application Data record.")
+
+/*
+ * Received an SSL handshake that was inappropriate for the state we're in.
+ * E.g. Server received message from server, or wrong state in state machine.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   , (SSL_ERROR_BASE + 41),
+"SSL received an unexpected Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    , (SSL_ERROR_BASE + 42),
+"SSL received an unexpected Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    , (SSL_ERROR_BASE + 43),
+"SSL received an unexpected Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     , (SSL_ERROR_BASE + 44),
+"SSL received an unexpected Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
+"SSL received an unexpected Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    , (SSL_ERROR_BASE + 46),
+"SSL received an unexpected Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      , (SSL_ERROR_BASE + 47),
+"SSL received an unexpected Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     , (SSL_ERROR_BASE + 48),
+"SSL received an unexpected Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
+"SSL received an unexpected Cllient Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED        , (SSL_ERROR_BASE + 50),
+"SSL received an unexpected Finished handshake message.")
+
+/*
+ * Received an SSL record that was inappropriate for the state we're in.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   , (SSL_ERROR_BASE + 51),
+"SSL received an unexpected Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_ALERT           , (SSL_ERROR_BASE + 52),
+"SSL received an unexpected Alert record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       , (SSL_ERROR_BASE + 53),
+"SSL received an unexpected Handshake record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
+"SSL received an unexpected Application Data record.")
+
+/*
+ * Received record/message with unknown discriminant.
+ */
+ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        , (SSL_ERROR_BASE + 55),
+"SSL received a record with an unknown content type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE          , (SSL_ERROR_BASE + 56),
+"SSL received a handshake message with an unknown message type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_ALERT              , (SSL_ERROR_BASE + 57),
+"SSL received an alert record with an unknown alert description.")
+
+/*
+ * Received an alert reporting what we did wrong.  (more alerts above)
+ */
+ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT            , (SSL_ERROR_BASE + 58),
+"SSL peer has closed this connection.")
+
+ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    , (SSL_ERROR_BASE + 59),
+"SSL peer was not expecting a handshake message it received.")
+
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   , (SSL_ERROR_BASE + 60),
+"SSL peer was unable to succesfully decompress an SSL record it received.")
+
+ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT       , (SSL_ERROR_BASE + 61),
+"SSL peer was unable to negotiate an acceptable set of security parameters.")
+
+ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT       , (SSL_ERROR_BASE + 62),
+"SSL peer rejected a handshake message for unacceptable content.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT        , (SSL_ERROR_BASE + 63),
+"SSL peer does not support certificates of the type it received.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     , (SSL_ERROR_BASE + 64),
+"SSL peer had some unspecified issue with the certificate it received.")
+
+
+ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE       , (SSL_ERROR_BASE + 65),
+"SSL experienced a failure of its random number generator.")
+
+ER3(SSL_ERROR_SIGN_HASHES_FAILURE           , (SSL_ERROR_BASE + 66),
+"Unable to digitally sign data required to verify your certificate.")
+
+ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    , (SSL_ERROR_BASE + 67),
+"SSL was unable to extract the public key from the peer's certificate.")
+
+ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 68),
+"Unspecified failure while processing SSL Server Key Exchange handshake.")
+
+ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 69),
+"Unspecified failure while processing SSL Client Key Exchange handshake.")
+
+ER3(SSL_ERROR_ENCRYPTION_FAILURE            , (SSL_ERROR_BASE + 70),
+"Bulk data encryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILURE            , (SSL_ERROR_BASE + 71),
+"Bulk data decryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_SOCKET_WRITE_FAILURE          , (SSL_ERROR_BASE + 72),
+"Attempt to write encrypted data to underlying socket failed.")
+
+ER3(SSL_ERROR_MD5_DIGEST_FAILURE            , (SSL_ERROR_BASE + 73),
+"MD5 digest function failed.")
+
+ER3(SSL_ERROR_SHA_DIGEST_FAILURE            , (SSL_ERROR_BASE + 74),
+"SHA-1 digest function failed.")
+
+ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE       , (SSL_ERROR_BASE + 75),
+"MAC computation failed.")
+
+ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       , (SSL_ERROR_BASE + 76),
+"Failure to create Symmetric Key context.")
+
+ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        , (SSL_ERROR_BASE + 77),
+"Failure to unwrap the Symmetric key in Client Key Exchange message.")
+
+ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   , (SSL_ERROR_BASE + 78),
+"SSL Server attempted to use domestic-grade public key with export cipher suite.")
+
+ER3(SSL_ERROR_IV_PARAM_FAILURE              , (SSL_ERROR_BASE + 79),
+"PKCS11 code failed to translate an IV into a param.")
+
+ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     , (SSL_ERROR_BASE + 80),
+"Failed to initialize the selected cipher suite.")
+
+ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE       , (SSL_ERROR_BASE + 81),
+"Client failed to generate session keys for SSL session.")
+
+ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG         , (SSL_ERROR_BASE + 82),
+"Server has no key for the attempted key exchange algorithm.")
+
+ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL       , (SSL_ERROR_BASE + 83),
+"PKCS#11 token was inserted or removed while operation was in progress.")
+
+ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND          , (SSL_ERROR_BASE + 84),
+"No PKCS#11 token could be found to do a required operation.")
+
+ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP        , (SSL_ERROR_BASE + 85),
+"Cannot communicate securely with peer: no common compression algorithm(s).")
+
+ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED       , (SSL_ERROR_BASE + 86),
+"Cannot initiate another SSL handshake until current handshake is complete.")
+
+ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      , (SSL_ERROR_BASE + 87),
+"Received incorrect handshakes hash values from peer.")
+
+ER3(SSL_ERROR_CERT_KEA_MISMATCH             , (SSL_ERROR_BASE + 88),
+"The certificate provided cannot be used with the selected key exchange algorithm.")
+
+ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA	, (SSL_ERROR_BASE + 89),
+"No certificate authority is trusted for SSL client authentication.")
+
+ER3(SSL_ERROR_SESSION_NOT_FOUND		, (SSL_ERROR_BASE + 90),
+"Client's SSL session ID not found in server's session cache.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT     , (SSL_ERROR_BASE + 91),
+"Peer was unable to decrypt an SSL record it received.")
+
+ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT       , (SSL_ERROR_BASE + 92),
+"Peer received an SSL record that was longer than is permitted.")
+
+ER3(SSL_ERROR_UNKNOWN_CA_ALERT            , (SSL_ERROR_BASE + 93),
+"Peer does not recognize and trust the CA that issued your certificate.")
+
+ER3(SSL_ERROR_ACCESS_DENIED_ALERT         , (SSL_ERROR_BASE + 94),
+"Peer received a valid certificate, but access was denied.")
+
+ER3(SSL_ERROR_DECODE_ERROR_ALERT          , (SSL_ERROR_BASE + 95),
+"Peer could not decode an SSL handshake message.")
+
+ER3(SSL_ERROR_DECRYPT_ERROR_ALERT         , (SSL_ERROR_BASE + 96),
+"Peer reports failure of signature verification or key exchange.")
+
+ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT    , (SSL_ERROR_BASE + 97),
+"Peer reports negotiation not in compliance with export regulations.")
+
+ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT      , (SSL_ERROR_BASE + 98),
+"Peer reports incompatible or unsupported protocol version.")
+
+ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
+"Server requires ciphers more secure than those supported by client.")
+
+ER3(SSL_ERROR_INTERNAL_ERROR_ALERT        , (SSL_ERROR_BASE + 100),
+"Peer reports it experienced an internal error.")
+
+ER3(SSL_ERROR_USER_CANCELED_ALERT         , (SSL_ERROR_BASE + 101),
+"Peer user canceled handshake.")
+
+ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT      , (SSL_ERROR_BASE + 102),
+"Peer does not permit renegotiation of SSL security parameters.")
+
--- a/mozilla/security/nss/cmd/SSLsample/client.c
+++ b/mozilla/security/nss/cmd/SSLsample/client.c
@@ -0,0 +1,449 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/****************************************************************************
+ *  SSL client program that sets up a connection to SSL server, transmits   *
+ *  some data and then reads the reply                                      *
+ ****************************************************************************/ 
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(XP_UNIX)
+#include <unistd.h>
+#endif
+
+#include "prerror.h"
+
+#include "pk11func.h"
+#include "secitem.h"
+
+
+#include <stdlib.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prio.h"
+#include "prnetdb.h"
+#include "nss.h"
+
+#include "sslsample.h"
+
+#define RD_BUF_SIZE (60 * 1024)
+
+extern int ssl2CipherSuites[];
+extern int ssl3CipherSuites[];
+
+GlobalThreadMgr threadMGR;
+char *certNickname = NULL;
+char *hostName = NULL;
+char *password = NULL;
+unsigned short port = 0;
+
+static void
+Usage(const char *progName)
+{
+	fprintf(stderr, 
+	  "Usage: %s [-n rsa_nickname] [-p port] [-d dbdir] [-c connections]\n"
+	  "          [-w dbpasswd] [-C cipher(s)] hostname\n",
+	progName);
+	exit(1);
+}
+
+PRFileDesc *
+setupSSLSocket(PRNetAddr *addr)
+{
+	PRFileDesc         *tcpSocket;
+	PRFileDesc         *sslSocket;
+	PRSocketOptionData	socketOption;
+	PRStatus            prStatus;
+	SECStatus           secStatus;
+
+retry:
+
+	tcpSocket = PR_NewTCPSocket();
+	if (tcpSocket == NULL) {
+		errWarn("PR_NewTCPSocket");
+	}
+
+	/* Make the socket blocking. */
+	socketOption.option	            = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+
+	prStatus = PR_SetSocketOption(tcpSocket, &socketOption);
+	if (prStatus != PR_SUCCESS) {
+		errWarn("PR_SetSocketOption");
+		goto loser;
+	} 
+
+#if 0
+	/* Verify that a connection can be made to the socket. */
+	prStatus = PR_Connect(tcpSocket, addr, PR_INTERVAL_NO_TIMEOUT);
+	if (prStatus != PR_SUCCESS) {
+		PRErrorCode err = PR_GetError();
+		if (err == PR_CONNECT_REFUSED_ERROR) {
+			PR_Close(tcpSocket);
+			PR_Sleep(PR_MillisecondsToInterval(10));
+			fprintf(stderr, "Connection to port refused, retrying.\n");
+			goto retry;
+		}
+		errWarn("PR_Connect");
+		goto loser;
+	}
+#endif
+
+	/* Import the socket into the SSL layer. */
+	sslSocket = SSL_ImportFD(NULL, tcpSocket);
+	if (!sslSocket) {
+		errWarn("SSL_ImportFD");
+		goto loser;
+	}
+
+	/* Set configuration options. */
+	secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet:SSL_SECURITY");
+		goto loser;
+	}
+
+	secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_CLIENT");
+		goto loser;
+	}
+
+	/* Set SSL callback routines. */
+	secStatus = SSL_GetClientAuthDataHook(sslSocket,
+	                          (SSLGetClientAuthData)myGetClientAuthData,
+	                          (void *)certNickname);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_GetClientAuthDataHook");
+		goto loser;
+	}
+
+	secStatus = SSL_AuthCertificateHook(sslSocket,
+	                                   (SSLAuthCertificate)myAuthCertificate,
+                                       (void *)CERT_GetDefaultCertDB());
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_AuthCertificateHook");
+		goto loser;
+	}
+
+	secStatus = SSL_BadCertHook(sslSocket, 
+	                           (SSLBadCertHandler)myBadCertHandler, NULL);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_BadCertHook");
+		goto loser;
+	}
+
+	secStatus = SSL_HandshakeCallback(sslSocket, 
+	                                 (SSLHandshakeCallback)myHandshakeCallback,
+	                                 NULL);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_HandshakeCallback");
+		goto loser;
+	}
+
+	return sslSocket;
+
+loser:
+
+	PR_Close(tcpSocket);
+	return NULL;
+}
+
+
+const char requestString[] = {"GET /testfile HTTP/1.0\r\n\r\n" };
+
+SECStatus
+handle_connection(PRFileDesc *sslSocket, int connection)
+{
+	int	     countRead = 0;
+	PRInt32  numBytes;
+	char    *readBuffer;
+
+	readBuffer = PORT_Alloc(RD_BUF_SIZE);
+	if (!readBuffer) {
+		exitErr("PORT_Alloc");
+	}
+
+	/* compose the http request here. */
+
+	numBytes = PR_Write(sslSocket, requestString, strlen(requestString));
+	if (numBytes <= 0) {
+		errWarn("PR_Write");
+		PR_Free(readBuffer);
+		readBuffer = NULL;
+		return SECFailure;
+	}
+
+	/* read until EOF */
+	while (PR_TRUE) {
+		numBytes = PR_Read(sslSocket, readBuffer, RD_BUF_SIZE);
+		if (numBytes == 0) {
+			break;	/* EOF */
+		}
+		if (numBytes < 0) {
+			errWarn("PR_Read");
+			break;
+		}
+		countRead += numBytes;
+		fprintf(stderr, "***** Connection %d read %d bytes (%d total).\n", 
+			connection, numBytes, countRead );
+		readBuffer[numBytes] = '\0';
+		fprintf(stderr, "************\n%s\n************\n", readBuffer);
+	}
+
+	printSecurityInfo(sslSocket);
+	
+	PR_Free(readBuffer);
+	readBuffer = NULL;
+
+	/* Caller closes the socket. */
+
+	fprintf(stderr, 
+	        "***** Connection %d read %d bytes total.\n", 
+	        connection, countRead);
+
+	return SECSuccess;	/* success */
+}
+
+/* one copy of this function is launched in a separate thread for each
+** connection to be made.
+*/
+SECStatus
+do_connects(void *a, int connection)
+{
+	PRNetAddr  *addr = (PRNetAddr *)a;
+	PRFileDesc *sslSocket;
+	PRHostEnt   hostEntry;
+	char        buffer[PR_NETDB_BUF_SIZE];
+	PRStatus    prStatus;
+	PRIntn      hostenum;
+	SECStatus   secStatus;
+
+	/* Set up SSL secure socket. */
+	sslSocket = setupSSLSocket(addr);
+	if (sslSocket == NULL) {
+		errWarn("setupSSLSocket");
+		return SECFailure;
+	}
+
+	secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_SetPKCS11PinArg");
+		return secStatus;
+	}
+
+	secStatus = SSL_SetURL(sslSocket, hostName);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_SetURL");
+		return secStatus;
+	}
+
+	/* Prepare and setup network connection. */
+	prStatus = PR_GetHostByName(hostName, buffer, sizeof(buffer), &hostEntry);
+	if (prStatus != PR_SUCCESS) {
+		errWarn("PR_GetHostByName");
+		return SECFailure;
+	}
+
+	hostenum = PR_EnumerateHostEnt(0, &hostEntry, port, addr);
+	if (hostenum == -1) {
+		errWarn("PR_EnumerateHostEnt");
+		return SECFailure;
+	}
+
+	prStatus = PR_Connect(sslSocket, addr, PR_INTERVAL_NO_TIMEOUT);
+	if (prStatus != PR_SUCCESS) {
+		errWarn("PR_Connect");
+		return SECFailure;
+	}
+
+	/* Established SSL connection, ready to send data. */
+#if 0
+	secStatus = SSL_ForceHandshake(sslSocket);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_ForceHandshake");
+		return secStatus;
+	}
+#endif
+
+	secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_FALSE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_ResetHandshake");
+		prStatus = PR_Close(sslSocket);
+		if (prStatus != PR_SUCCESS) {
+			errWarn("PR_Close");
+		}
+		return secStatus;
+	}
+
+	secStatus = handle_connection(sslSocket, connection);
+	if (secStatus != SECSuccess) {
+		errWarn("handle_connection");
+		return secStatus;
+	}
+
+	PR_Close(sslSocket);
+	return SECSuccess;
+}
+
+void
+client_main(unsigned short      port, 
+            int	                connections, 
+            const char *        hostName)
+{
+	int			i;
+	SECStatus	secStatus;
+	PRStatus    prStatus;
+	PRInt32     rv;
+	PRNetAddr	addr;
+	PRHostEnt   hostEntry;
+	char        buffer[256];
+
+	/* Setup network connection. */
+	prStatus = PR_GetHostByName(hostName, buffer, 256, &hostEntry);
+	if (prStatus != PR_SUCCESS) {
+		exitErr("PR_GetHostByName");
+	}
+
+	rv = PR_EnumerateHostEnt(0, &hostEntry, port, &addr);
+	if (rv < 0) {
+		exitErr("PR_EnumerateHostEnt");
+	}
+
+	secStatus = launch_thread(&threadMGR, do_connects, &addr, 1);
+	if (secStatus != SECSuccess) {
+		exitErr("launch_thread");
+	}
+
+	if (connections > 1) {
+		/* wait for the first connection to terminate, then launch the rest. */
+		reap_threads(&threadMGR);
+		/* Start up the connections */
+		for (i = 2; i <= connections; ++i) {
+			secStatus = launch_thread(&threadMGR, do_connects, &addr, i);
+			if (secStatus != SECSuccess) {
+				errWarn("launch_thread");
+			}
+		}
+	}
+
+	reap_threads(&threadMGR);
+	destroy_thread_data(&threadMGR);
+}
+
+int
+main(int argc, char **argv)
+{
+	char *               certDir      = ".";
+	char *               progName     = NULL;
+	int					 connections  = 1;
+	char *               cipherString = NULL;
+	SECStatus            secStatus;
+	PLOptState *         optstate;
+	PLOptStatus          status;
+
+	/* Call the NSPR initialization routines */
+	PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+	progName = PL_strdup(argv[0]);
+
+	hostName = NULL;
+	optstate = PL_CreateOptState(argc, argv, "C:c:d:n:p:w:");
+	while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+		switch(optstate->option) {
+		case 'C' : cipherString = PL_strdup(optstate->value); break;
+		case 'c' : connections = PORT_Atoi(optstate->value);  break;
+		case 'd' : certDir = PL_strdup(optstate->value);      break;
+		case 'n' : certNickname = PL_strdup(optstate->value); break;
+		case 'p' : port = PORT_Atoi(optstate->value);         break;
+		case 'w' : password = PL_strdup(optstate->value);     break;
+		case '\0': hostName = PL_strdup(optstate->value);     break;
+		default  : Usage(progName);
+		}
+	}
+
+	if (port == 0 || hostName == NULL)
+		Usage(progName);
+
+	if (certDir == NULL) {
+		certDir = PR_smprintf("%s/.netscape", getenv("HOME"));
+	}
+
+	/* Set our password function callback. */
+	PK11_SetPasswordFunc(myPasswd);
+
+	/* Initialize the NSS libraries. */
+	secStatus = NSS_Init(certDir);
+	if (secStatus != SECSuccess) {
+		exitErr("NSS_Init");
+	}
+
+	/* All cipher suites except RSA_NULL_MD5 are enabled by Domestic Policy. */
+	NSS_SetDomesticPolicy();
+	SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+
+	/* all the SSL2 and SSL3 cipher suites are enabled by default. */
+	if (cipherString) {
+	    int ndx;
+
+	    /* disable all the ciphers, then enable the ones we want. */
+	    disableAllSSLCiphers();
+
+	    while (0 != (ndx = *cipherString++)) {
+		int *cptr;
+		int  cipher;
+
+		if (! isalpha(ndx))
+		    Usage(progName);
+		cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
+		for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
+		    /* do nothing */;
+		if (cipher) {
+		    SSL_CipherPrefSetDefault(cipher, PR_TRUE);
+		}
+	    }
+	}
+
+	client_main(port, connections, hostName);
+
+	NSS_Shutdown();
+	PR_Cleanup();
+	return 0;
+}
+
--- a/mozilla/security/nss/cmd/SSLsample/client.mn
+++ b/mozilla/security/nss/cmd/SSLsample/client.mn
@@ -0,0 +1,50 @@
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../../..
+
+MODULE = security
+
+EXPORTS = 
+
+CSRCS =  client.c \
+	sslsample.c \
+	$(NULL)
+
+PROGRAM = client
+
+REQUIRES = dbm 
+
+IMPORTS = security/lib/nss
+
+DEFINES = -DNSPR20 
+
--- a/mozilla/security/nss/cmd/SSLsample/gencerts
+++ b/mozilla/security/nss/cmd/SSLsample/gencerts
@@ -0,0 +1,79 @@
+#!/bin/sh
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+#
+# Script to generate sample db files neccessary for SSL.
+
+# Directory for db's, use in all subsequent -d flags.
+rm -rf SampleCertDBs
+mkdir SampleCertDBs
+
+# Password to use.
+echo sample > passfile
+
+# Generate the db files, using the above password.
+certutil -N -d SampleCertDBs -f passfile
+
+# Generate the CA cert.  This cert is self-signed and only useful for
+# test purposes.  Set the trust bits to allow it to sign SSL client/server
+# certs.
+certutil -S -n SampleRootCA -x -t "CTu,CTu,CTu" \
+            -s "CN=My Sample Root CA, O=My Organization" \
+            -m 25000 -o ./SampleCertDBs/SampleRootCA.crt \
+            -d SampleCertDBs -f passfile
+
+# Generate the server cert.  This cert is signed by the CA cert generated
+# above.  The CN must be hostname.domain.[com|org|net|...].
+certutil -S -n SampleSSLServerCert -c SampleRootCA -t "u,u,u" \
+            -s "CN=$HOSTNAME.$MYDOMAIN, O=$HOSTNAME Corp." \
+            -m 25001 -o ./SampleCertDBs/SampleSSLServer.crt \
+            -d SampleCertDBs -f passfile
+
+# Generate the client cert.  This cert is signed by the CA cert generated
+# above.
+certutil -S -n SampleSSLClientCert -c SampleRootCA -t "u,u,u" \
+            -s "CN=My Client Cert, O=Client Organization" \
+            -m 25002 -o ./SampleCertDBs/SampleSSLClient.crt \
+            -d SampleCertDBs -f passfile
+
+# Verify the certificates.
+certutil -V -u V -n SampleSSLServerCert -d SampleCertDBs
+certutil -V -u C -n SampleSSLClientCert -d SampleCertDBs
+
+# Remove unneccessary files.
+rm -f passfile
+rm -f tempcert*
+
+# You are now ready to run your client/server!  Example command lines:
+# server -n SampleSSLServerCert -p 8080 -d SampleCertDBs -w sample -c e -R
+# client -n SampleSSLClientCert -p 8080 -d SampleCertDBs -w sample -c 2 trane.mcom.com
--- a/mozilla/security/nss/cmd/SSLsample/make.client
+++ b/mozilla/security/nss/cmd/SSLsample/make.client
@@ -0,0 +1,78 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include client.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+#CC = cc 
+
+
--- a/mozilla/security/nss/cmd/SSLsample/make.server
+++ b/mozilla/security/nss/cmd/SSLsample/make.server
@@ -0,0 +1,77 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include server.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#include $(CORE_DEPTH)/$(MODULE)/config/config.mk
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+
--- a/mozilla/security/nss/cmd/SSLsample/nmakefile95.nss
+++ b/mozilla/security/nss/cmd/SSLsample/nmakefile95.nss
@@ -0,0 +1,60 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+# NSS 2.6.2 Sample Win95 Makefile
+#
+#
+# This nmake file will build server.c and client.c on Windows 95.
+#
+
+DEFINES=-D_X86_ -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS
+
+INCPATH=/I. /I..\include\dbm /I..\include\nspr /I..\include\security
+
+LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib
+
+CFLAGS=-O2 -MD -W3 -nologo
+
+CC=cl
+
+LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console
+
+server:
+	$(CC) $(CFLAGS) $(INCPATH) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS)
+
+client:
+	$(CC) $(CFLAGS) $(INCPATH) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(LDOPTIONS)
+
+clean:
+	del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj
+
--- a/mozilla/security/nss/cmd/SSLsample/nmakefilent.nss
+++ b/mozilla/security/nss/cmd/SSLsample/nmakefilent.nss
@@ -0,0 +1,59 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+# NSS 2.6.2 Sample NT Makefile
+#
+#
+# This nmake file will build server.c and client.c on Windows NT 4 SP3.
+#
+
+DEFINES=-D_X86_ -GT -DWINNT -DXP_PC -UDEBUG -U_DEBUG -DNDEBUG -DWIN32 -D_WINDOWS
+INCPATH=-I. -I..\include\dbm -I..\include\nspr -I..\include\security
+
+LIBS=nss.lib ssl.lib pkcs7.lib pkcs12.lib secmod.lib cert.lib key.lib crypto.lib secutil.lib hash.lib dbm.lib libplc3.lib libplds3.lib libnspr3.lib wsock32.lib
+
+CFLAGS=-O2 -MD -W3 -nologo
+
+CC=cl
+
+LDOPTIONS=/link /LIBPATH:..\lib /nodefaultlib:libcd.lib /subsystem:console
+
+server:
+	$(CC) $(CFLAGS) /Feserver server.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS)
+
+client:
+	$(CC) $(CFLAGS) /Feclient client.c getopt.c $(LIBS) $(DEFINES) $(INCPATH) $(LDOPTIONS)
+
+clean:
+	del /S server.exe client.exe server.lib server.exp client.lib client.exp server.obj client.obj getopt.obj
+
--- a/mozilla/security/nss/cmd/SSLsample/server.c
+++ b/mozilla/security/nss/cmd/SSLsample/server.c
@@ -0,0 +1,821 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/****************************************************************************
+ *  SSL server program listens on a port, accepts client connection, reads  *
+ *  request and responds to it                                              *
+ ****************************************************************************/
+
+/* Generic header files */
+
+#include <stdio.h>
+#include <string.h>
+
+/* NSPR header files */
+
+#include "nspr.h"
+#include "plgetopt.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+/* NSS header files */
+
+#include "pk11func.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "certt.h"
+#include "nss.h"
+#include "secrng.h"
+#include "secder.h"
+#include "key.h"
+#include "sslproto.h"
+
+/* Custom header files */
+
+#include "sslsample.h"
+
+#ifndef PORT_Sprintf
+#define PORT_Sprintf sprintf
+#endif
+
+#define REQUEST_CERT_ONCE 1
+#define REQUIRE_CERT_ONCE 2
+#define REQUEST_CERT_ALL  3
+#define REQUIRE_CERT_ALL  4
+
+/* Global variables */
+GlobalThreadMgr   threadMGR;
+char             *password = NULL;
+CERTCertificate  *cert = NULL;
+SECKEYPrivateKey *privKey = NULL;
+int               stopping;
+
+static void
+Usage(const char *progName)
+{
+	fprintf(stderr, 
+
+"Usage: %s -n rsa_nickname -p port [-3RFrf] [-w password]\n"
+"					[-c ciphers] [-d dbdir] \n"
+"-3 means disable SSL v3\n"
+"-r means request certificate on first handshake.\n"
+"-f means require certificate on first handshake.\n"
+"-R means request certificate on all handshakes.\n"
+"-F means require certificate on all handshakes.\n"
+"-c ciphers   Letter(s) chosen from the following list\n"
+"A	  SSL2 RC4 128 WITH MD5\n"
+"B	  SSL2 RC4 128 EXPORT40 WITH MD5\n"
+"C	  SSL2 RC2 128 CBC WITH MD5\n"
+"D	  SSL2 RC2 128 CBC EXPORT40 WITH MD5\n"
+"E	  SSL2 DES 64 CBC WITH MD5\n"
+"F	  SSL2 DES 192 EDE3 CBC WITH MD5\n"
+"\n"
+"a	  SSL3 FORTEZZA DMS WITH FORTEZZA CBC SHA\n"
+"b	  SSL3 FORTEZZA DMS WITH RC4 128 SHA\n"
+"c	  SSL3 RSA WITH RC4 128 MD5\n"
+"d	  SSL3 RSA WITH 3DES EDE CBC SHA\n"
+"e	  SSL3 RSA WITH DES CBC SHA\n"
+"f	  SSL3 RSA EXPORT WITH RC4 40 MD5\n"
+"g	  SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
+"h	  SSL3 FORTEZZA DMS WITH NULL SHA\n"
+"i	  SSL3 RSA WITH NULL MD5\n"
+"j	  SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
+"k	  SSL3 RSA FIPS WITH DES CBC SHA\n"
+"l	  SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
+"m	  SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n",
+	progName);
+	exit(1);
+}
+
+/* Function:  readDataFromSocket()
+ *
+ * Purpose:  Parse an HTTP request by reading data from a GET or POST.
+ *
+ */
+SECStatus
+readDataFromSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char **fileName)
+{
+	char  *post;
+	int    numBytes = 0;
+	int    newln    = 0;  /* # of consecutive newlns */
+
+	/* Read data while it comes in from the socket. */
+	while (PR_TRUE) {
+		buffer->index = 0;
+		newln = 0;
+
+		/* Read the buffer. */
+		numBytes = PR_Read(sslSocket, &buffer->data[buffer->index], 
+		                   buffer->remaining);
+		if (numBytes <= 0) {
+			errWarn("PR_Read");
+			return SECFailure;
+		}
+		buffer->dataEnd = buffer->dataStart + numBytes;
+
+		/* Parse the input, starting at the beginning of the buffer.
+		 * Stop when we detect two consecutive \n's (or \r\n's) 
+		 * as this signifies the end of the GET or POST portion.
+		 * The posted data follows.
+		 */
+		while (buffer->index < buffer->dataEnd && newln < 2) {
+			int octet = buffer->data[buffer->index++];
+			if (octet == '\n') {
+				newln++;
+			} else if (octet != '\r') {
+				newln = 0;
+			}
+		}
+
+		/* Came to the end of the buffer, or second newline.
+		 * If we didn't get an empty line ("\r\n\r\n"), then keep on reading.
+		 */
+		if (newln < 2) 
+			continue;
+
+		/* we're at the end of the HTTP request.
+		 * If the request is a POST, then there will be one more
+		 * line of data.
+		 * This parsing is a hack, but ok for SSL test purposes.
+		 */
+		post = PORT_Strstr(buffer->data, "POST ");
+		if (!post || *post != 'P') 
+			break;
+
+		/* It's a post, so look for the next and final CR/LF. */
+		/* We should parse content length here, but ... */
+		while (buffer->index < buffer->dataEnd && newln < 3) {
+			int octet = buffer->data[buffer->index++];
+			if (octet == '\n') {
+				newln++;
+			}
+		}
+
+		if (newln == 3)
+			break;
+	}
+
+	/* Have either (a) a complete get, (b) a complete post, (c) EOF */
+
+	/*  Execute a "GET " operation. */
+	if (buffer->index > 0 && PORT_Strncmp(buffer->data, "GET ", 4) == 0) {
+		int fnLength;
+
+		/* File name is the part after "GET ". */
+		fnLength = strcspn(buffer->data + 5, " \r\n");
+		*fileName = (char *)PORT_Alloc(fnLength + 1);
+		PORT_Strncpy(*fileName, buffer->data + 5, fnLength);
+		(*fileName)[fnLength] = '\0';
+	}
+
+	return SECSuccess;
+}
+
+/* Function:  authenticateSocket()
+ *
+ * Purpose:  Configure a socket for SSL.
+ *
+ *
+ */
+PRFileDesc * 
+setupSSLSocket(PRFileDesc *tcpSocket, int requestCert)
+{
+	PRFileDesc *sslSocket;
+	SSLKEAType  certKEA;
+	int         certErr = 0;
+	SECStatus   secStatus;
+
+	/* Set the appropriate flags. */
+
+	sslSocket = SSL_ImportFD(NULL, tcpSocket);
+	if (sslSocket == NULL) {
+		errWarn("SSL_ImportFD");
+		goto loser;
+	}
+   
+	secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, PR_TRUE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet SSL_SECURITY");
+		goto loser;
+	}
+
+	secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, PR_TRUE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet:SSL_HANDSHAKE_AS_SERVER");
+		goto loser;
+	}
+
+	secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, 
+	                       (requestCert >= REQUEST_CERT_ONCE));
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
+		goto loser;
+	}
+
+	secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, 
+	                       (requestCert == REQUIRE_CERT_ONCE));
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
+		goto loser;
+	}
+
+	/* Set the appropriate callback routines. */
+
+	secStatus = SSL_AuthCertificateHook(sslSocket, myAuthCertificate, 
+	                                    CERT_GetDefaultCertDB());
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_AuthCertificateHook");
+		goto loser;
+	}
+
+	secStatus = SSL_BadCertHook(sslSocket, 
+	                            (SSLBadCertHandler)myBadCertHandler, &certErr);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_BadCertHook");
+		goto loser;
+	}
+
+	secStatus = SSL_HandshakeCallback(sslSocket,
+	                                 (SSLHandshakeCallback)myHandshakeCallback,
+									  NULL);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_HandshakeCallback");
+		goto loser;
+	}
+
+	secStatus = SSL_SetPKCS11PinArg(sslSocket, password);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_HandshakeCallback");
+		goto loser;
+	}
+
+	certKEA = NSS_FindCertKEAType(cert);
+
+	secStatus = SSL_ConfigSecureServer(sslSocket, cert, privKey, certKEA);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_ConfigSecureServer");
+		goto loser;
+	}
+
+	return sslSocket;
+
+loser:
+
+	PR_Close(tcpSocket);
+	return NULL;
+}
+
+/* Function:  authenticateSocket()
+ *
+ * Purpose:  Perform client authentication on the socket.
+ *
+ */
+SECStatus
+authenticateSocket(PRFileDesc *sslSocket, PRBool requireCert)
+{
+	CERTCertificate *cert;
+	SECStatus secStatus;
+
+	/* Returns NULL if client authentication is not enabled or if the
+	 * client had no certificate. */
+	cert = SSL_PeerCertificate(sslSocket);
+	if (cert) {
+		/* Client had a certificate, so authentication is through. */
+		CERT_DestroyCertificate(cert);
+		return SECSuccess;
+	}
+
+	/* Request client to authenticate itself. */
+	secStatus = SSL_OptionSet(sslSocket, SSL_REQUEST_CERTIFICATE, PR_TRUE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet:SSL_REQUEST_CERTIFICATE");
+		return SECFailure;
+	}
+
+	/* If desired, require client to authenticate itself.  Note
+	 * SSL_REQUEST_CERTIFICATE must also be on, as above.  */
+	secStatus = SSL_OptionSet(sslSocket, SSL_REQUIRE_CERTIFICATE, requireCert);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_OptionSet:SSL_REQUIRE_CERTIFICATE");
+		return SECFailure;
+	}
+
+	/* Having changed socket configuration parameters, redo handshake. */
+	secStatus = SSL_ReHandshake(sslSocket, PR_TRUE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_ReHandshake");
+		return SECFailure;
+	}
+
+	/* Force the handshake to complete before moving on. */
+	secStatus = SSL_ForceHandshake(sslSocket);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_ForceHandshake");
+		return SECFailure;
+	}
+
+	return SECSuccess;
+}
+
+/* Function:  writeDataToSocket
+ *
+ * Purpose:  Write the client's request back to the socket.  If the client
+ *           requested a file, dump it to the socket.
+ *
+ */
+SECStatus
+writeDataToSocket(PRFileDesc *sslSocket, DataBuffer *buffer, char *fileName)
+{
+	int headerLength;
+	int numBytes;
+	char messageBuffer[120];
+	PRFileDesc *local_file_fd = NULL;
+	char header[] = "<html><body><h1>Sample SSL server</h1><br><br>";
+	char filehd[] = "<h2>The file you requested:</h2><br>";
+	char reqhd[]  = "<h2>This is your request:</h2><br>";
+	char link[]   = "Try getting a <a HREF=\"../testfile\">file</a><br>";
+	char footer[] = "<br><h2>End of request.</h2><br></body></html>";
+
+	headerLength = PORT_Strlen(defaultHeader);
+
+	/* Write a header to the socket. */
+	numBytes = PR_Write(sslSocket, header, PORT_Strlen(header));
+	if (numBytes < 0) {
+		errWarn("PR_Write");
+		goto loser;
+	}
+
+	if (fileName) {
+		PRFileInfo  info;
+		PRStatus    prStatus;
+
+		/* Try to open the local file named.	
+		 * If successful, then write it to the client.
+		 */
+		prStatus = PR_GetFileInfo(fileName, &info);
+		if (prStatus != PR_SUCCESS ||
+		    info.type != PR_FILE_FILE ||
+		    info.size < 0) {
+			PORT_Free(fileName);
+			/* Maybe a GET not sent from client.c? */
+			goto writerequest;
+			return SECSuccess;
+		}
+
+		local_file_fd = PR_Open(fileName, PR_RDONLY, 0);
+		if (local_file_fd == NULL) {
+			PORT_Free(fileName);
+			goto writerequest;
+		}
+
+		/* Write a header to the socket. */
+		numBytes = PR_Write(sslSocket, filehd, PORT_Strlen(filehd));
+		if (numBytes < 0) {
+			errWarn("PR_Write");
+			goto loser;
+		}
+
+		/* Transmit the local file prepended by the default header
+		 * across the socket.
+		 */
+		numBytes = PR_TransmitFile(sslSocket, local_file_fd, 
+		                           defaultHeader, headerLength,
+		                           PR_TRANSMITFILE_KEEP_OPEN,
+		                           PR_INTERVAL_NO_TIMEOUT);
+
+		/* Error in transmission. */
+		if (numBytes < 0) {
+			errWarn("PR_TransmitFile");
+			/*
+			i = PORT_Strlen(errString);
+			PORT_Memcpy(buf, errString, i);
+			*/
+		/* Transmitted bytes successfully. */
+		} else {
+			numBytes -= headerLength;
+			fprintf(stderr, "PR_TransmitFile wrote %d bytes from %s\n",
+			        numBytes, fileName);
+		}
+
+		PORT_Free(fileName);
+		PR_Close(local_file_fd);
+	}
+
+writerequest:
+
+	/* Write a header to the socket. */
+	numBytes = PR_Write(sslSocket, reqhd, PORT_Strlen(reqhd));
+	if (numBytes < 0) {
+		errWarn("PR_Write");
+		goto loser;
+	}
+
+	/* Write the buffer data to the socket. */
+	if (buffer->index <= 0) {
+		/* Reached the EOF.  Report incomplete transaction to socket. */
+		PORT_Sprintf(messageBuffer,
+		             "GET or POST incomplete after %d bytes.\r\n",
+		             buffer->dataEnd);
+		numBytes = PR_Write(sslSocket, messageBuffer, 
+		                    PORT_Strlen(messageBuffer));
+		if (numBytes < 0) {
+			errWarn("PR_Write");
+			goto loser;
+		}
+	} else {
+		/* Display the buffer data. */
+		fwrite(buffer->data, 1, buffer->index, stdout);
+		/* Write the buffer data to the socket. */
+		numBytes = PR_Write(sslSocket, buffer->data, buffer->index);
+		if (numBytes < 0) {
+			errWarn("PR_Write");
+			goto loser;
+		}
+		/* Display security information for the socket. */
+		printSecurityInfo(sslSocket);
+		/* Write any discarded data out to the socket. */
+		if (buffer->index < buffer->dataEnd) {
+			PORT_Sprintf(buffer->data, "Discarded %d characters.\r\n", 
+			             buffer->dataEnd - buffer->index);
+			numBytes = PR_Write(sslSocket, buffer->data, 
+			                    PORT_Strlen(buffer->data));
+			if (numBytes < 0) {
+				errWarn("PR_Write");
+				goto loser;
+			}
+		}
+	}
+
+	/* Write a footer to the socket. */
+	numBytes = PR_Write(sslSocket, footer, PORT_Strlen(footer));
+	if (numBytes < 0) {
+		errWarn("PR_Write");
+		goto loser;
+	}
+
+	/* Write a link to the socket. */
+	numBytes = PR_Write(sslSocket, link, PORT_Strlen(link));
+	if (numBytes < 0) {
+		errWarn("PR_Write");
+		goto loser;
+	}
+
+	/* Complete the HTTP transaction. */
+	numBytes = PR_Write(sslSocket, "EOF\r\n\r\n\r\n", 9);
+	if (numBytes < 0) {
+		errWarn("PR_Write");
+		goto loser;
+	}
+
+	/* Do a nice shutdown if asked. */
+	if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
+		stopping = 1;
+	}
+	return SECSuccess;
+
+loser:
+
+	/* Do a nice shutdown if asked. */
+	if (!strncmp(buffer->data, stopCmd, strlen(stopCmd))) {
+		stopping = 1;
+	}
+	return SECFailure;
+}
+
+/* Function:  int handle_connection()
+ *
+ * Purpose:  Thread to handle a connection to a socket.
+ *
+ */
+SECStatus
+handle_connection(void *tcp_sock, int requestCert)
+{
+	PRFileDesc *       tcpSocket = (PRFileDesc *)tcp_sock;
+	PRFileDesc *       sslSocket = NULL;
+	SECStatus          secStatus = SECFailure;
+	PRStatus           prStatus;
+	PRSocketOptionData socketOption;
+	DataBuffer         buffer;
+	char *             fileName = NULL;
+
+	/* Initialize the data buffer. */
+	memset(buffer.data, 0, BUFFER_SIZE);
+	buffer.remaining = BUFFER_SIZE;
+	buffer.index = 0;
+	buffer.dataStart = 0;
+	buffer.dataEnd = 0;
+
+	/* Make sure the socket is blocking. */
+	socketOption.option             = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+	PR_SetSocketOption(tcpSocket, &socketOption);
+
+	sslSocket = setupSSLSocket(tcpSocket, requestCert);
+	if (sslSocket == NULL) {
+		errWarn("setupSSLSocket");
+		goto cleanup;
+	}
+
+	secStatus = SSL_ResetHandshake(sslSocket, /* asServer */ PR_TRUE);
+	if (secStatus != SECSuccess) {
+		errWarn("SSL_ResetHandshake");
+		goto cleanup;
+	}
+
+	/* Read data from the socket, parse it for HTTP content.
+	 * If the user is requesting/requiring authentication, authenticate
+	 * the socket.  Then write the result back to the socket.  */
+	fprintf(stdout, "\nReading data from socket...\n\n");
+	secStatus = readDataFromSocket(sslSocket, &buffer, &fileName);
+	if (secStatus != SECSuccess) {
+		goto cleanup;
+	}
+	if (requestCert >= REQUEST_CERT_ALL) {
+		fprintf(stdout, "\nAuthentication requested.\n\n");
+		secStatus = authenticateSocket(sslSocket, 
+		                               (requestCert == REQUIRE_CERT_ALL));
+		if (secStatus != SECSuccess) {
+			goto cleanup;
+		}
+	}
+
+	fprintf(stdout, "\nWriting data to socket...\n\n");
+	secStatus = writeDataToSocket(sslSocket, &buffer, fileName);
+
+cleanup:
+
+	/* Close down the socket. */
+	prStatus = PR_Close(tcpSocket);
+	if (prStatus != PR_SUCCESS) {
+		errWarn("PR_Close");
+	}
+
+	return secStatus;
+}
+
+/* Function:  int accept_connection()
+ *
+ * Purpose:  Thread to accept a connection to the socket.
+ *
+ */
+SECStatus
+accept_connection(void *listener, int requestCert)
+{
+	PRFileDesc *listenSocket = (PRFileDesc*)listener;
+	PRNetAddr   addr;
+	PRStatus    prStatus;
+
+	/* XXX need an SSL socket here? */
+	while (!stopping) {
+		PRFileDesc *tcpSocket;
+		SECStatus	result;
+
+		fprintf(stderr, "\n\n\nAbout to call accept.\n");
+
+		/* Accept a connection to the socket. */
+		tcpSocket = PR_Accept(listenSocket, &addr, PR_INTERVAL_NO_TIMEOUT);
+		if (tcpSocket == NULL) {
+			errWarn("PR_Accept");
+			break;
+		}
+
+		/* Accepted the connection, now handle it. */
+		result = launch_thread(&threadMGR, handle_connection, 
+		                       tcpSocket, requestCert);
+
+		if (result != SECSuccess) {
+			prStatus = PR_Close(tcpSocket);
+			if (prStatus != PR_SUCCESS) {
+				exitErr("PR_Close");
+			}
+			break;
+		}
+	}
+
+	fprintf(stderr, "Closing listen socket.\n");
+
+	prStatus = PR_Close(listenSocket);
+	if (prStatus != PR_SUCCESS) {
+		exitErr("PR_Close");
+	}
+	return SECSuccess;
+}
+
+/* Function:  void server_main()
+ *
+ * Purpose:  This is the server's main function.  It configures a socket
+ *			 and listens to it.
+ *
+ */
+void
+server_main(
+	unsigned short      port, 
+	int                 requestCert, 
+	SECKEYPrivateKey *  privKey,
+	CERTCertificate *   cert, 
+	PRBool              disableSSL3)
+{
+	SECStatus           secStatus;
+	PRStatus            prStatus;
+	PRFileDesc *        listenSocket;
+	PRNetAddr           addr;
+	PRSocketOptionData  socketOption;
+
+	/* Create a new socket. */
+	listenSocket = PR_NewTCPSocket();
+	if (listenSocket == NULL) {
+		exitErr("PR_NewTCPSocket");
+	}
+
+	/* Set socket to be blocking -
+	 * on some platforms the default is nonblocking.
+	 */
+	socketOption.option = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+
+	prStatus = PR_SetSocketOption(listenSocket, &socketOption);
+	if (prStatus != PR_SUCCESS) {
+		exitErr("PR_SetSocketOption");
+	}
+
+	/* This cipher is not on by default. The Acceptance test
+	 * would like it to be. Turn this cipher on.
+	 */
+	secStatus = SSL_CipherPrefSetDefault(SSL_RSA_WITH_NULL_MD5, PR_TRUE);
+	if (secStatus != SECSuccess) {
+		exitErr("SSL_CipherPrefSetDefault:SSL_RSA_WITH_NULL_MD5");
+	}
+
+	/* Configure the network connection. */
+	addr.inet.family = PR_AF_INET;
+	addr.inet.ip	 = PR_INADDR_ANY;
+	addr.inet.port	 = PR_htons(port);
+
+	/* Bind the address to the listener socket. */
+	prStatus = PR_Bind(listenSocket, &addr);
+	if (prStatus != PR_SUCCESS) {
+		exitErr("PR_Bind");
+	}
+
+	/* Listen for connection on the socket.  The second argument is
+	 * the maximum size of the queue for pending connections.
+	 */
+	prStatus = PR_Listen(listenSocket, 5);
+	if (prStatus != PR_SUCCESS) {
+		exitErr("PR_Listen");
+	}
+
+	/* Launch thread to handle connections to the socket. */
+	secStatus = launch_thread(&threadMGR, accept_connection, 
+                              listenSocket, requestCert);
+	if (secStatus != SECSuccess) {
+		PR_Close(listenSocket);
+	} else {
+		reap_threads(&threadMGR);
+		destroy_thread_data(&threadMGR);
+	}
+}
+
+/* Function: int main()
+ *
+ * Purpose:  Parses command arguments and configures SSL server.
+ *
+ */
+int
+main(int argc, char **argv)
+{
+	char *              progName      = NULL;
+	char *              nickName      = NULL;
+	char *              cipherString  = NULL;
+	char *              dir           = ".";
+	int                 requestCert   = 0;
+	unsigned short      port          = 0;
+	SECStatus           secStatus;
+	PRBool              disableSSL3   = PR_FALSE;
+	PLOptState *        optstate;
+	PLOptStatus         status;
+
+	/* Zero out the thread manager. */
+	PORT_Memset(&threadMGR, 0, sizeof(threadMGR));
+
+	progName = PL_strdup(argv[0]);
+
+	optstate = PL_CreateOptState(argc, argv, "3FRc:d:fp:n:rw:");
+	while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+		switch(optstate->option) {
+		case '3': disableSSL3 = PR_TRUE;                      break;
+		case 'F': requestCert = REQUIRE_CERT_ALL;             break;
+		case 'R': requestCert = REQUEST_CERT_ALL;             break;
+		case 'c': cipherString = PL_strdup(optstate->value);  break;
+		case 'd': dir = PL_strdup(optstate->value);           break;
+		case 'f': requestCert = REQUIRE_CERT_ONCE;            break;
+		case 'n': nickName = PL_strdup(optstate->value);      break;
+		case 'p': port = PORT_Atoi(optstate->value);          break;
+		case 'r': requestCert = REQUEST_CERT_ONCE;            break;
+		case 'w': password = PL_strdup(optstate->value);      break;
+		default:
+		case '?': Usage(progName);
+		}
+	}
+
+	if (nickName == NULL || port == 0)
+		Usage(progName);
+
+	/* Call the NSPR initialization routines. */
+	PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+
+	/* Set the cert database password callback. */
+	PK11_SetPasswordFunc(myPasswd);
+
+	/* Initialize NSS. */
+	secStatus = NSS_Init(dir);
+	if (secStatus != SECSuccess) {
+		exitErr("NSS_Init");
+	}
+
+	/* Set the policy for this server (REQUIRED - no default). */
+	secStatus = NSS_SetDomesticPolicy();
+	if (secStatus != SECSuccess) {
+		exitErr("NSS_SetDomesticPolicy");
+	}
+
+	/* XXX keep this? */
+	/* all the SSL2 and SSL3 cipher suites are enabled by default. */
+	if (cipherString) {
+	    int ndx;
+
+	    /* disable all the ciphers, then enable the ones we want. */
+	    disableAllSSLCiphers();
+
+	    while (0 != (ndx = *cipherString++)) {
+		int *cptr;
+		int  cipher;
+
+		if (! isalpha(ndx))
+			Usage(progName);
+		cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
+		for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) 
+		    /* do nothing */;
+		if (cipher) {
+		    SECStatus status;
+		    status = SSL_CipherPrefSetDefault(cipher, PR_TRUE);
+		    if (status != SECSuccess) 
+			errWarn("SSL_CipherPrefSetDefault()");
+		}
+	    }
+	}
+
+	/* Get own certificate and private key. */
+	cert = PK11_FindCertFromNickname(nickName, password);
+	if (cert == NULL) {
+		exitErr("PK11_FindCertFromNickname");
+	}
+
+	privKey = PK11_FindKeyByAnyCert(cert, password);
+	if (privKey == NULL) {
+		exitErr("PK11_FindKeyByAnyCert");
+	}
+
+	/* Configure the server's cache for a multi-process application
+	 * using default timeout values (24 hrs) and directory location (/tmp). 
+	 */
+	SSL_ConfigMPServerSIDCache(256, 0, 0, NULL);
+
+	/* Launch server. */
+	server_main(port, requestCert, privKey, cert, disableSSL3);
+
+	/* Shutdown NSS and exit NSPR gracefully. */
+	NSS_Shutdown();
+	PR_Cleanup();
+	return 0;
+}
--- a/mozilla/security/nss/cmd/SSLsample/server.mn
+++ b/mozilla/security/nss/cmd/SSLsample/server.mn
@@ -0,0 +1,48 @@
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../../..
+
+MODULE  = security
+
+EXPORTS = 
+
+CSRCS =  server.c	\
+	sslsample.c	\
+	$(NULL)
+
+PROGRAM  = server
+
+REQUIRES = dbm 
+
+DEFINES  = -DNSPR20
+
--- a/mozilla/security/nss/cmd/SSLsample/sslerror.h
+++ b/mozilla/security/nss/cmd/SSLsample/sslerror.h
@@ -0,0 +1,110 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "nspr.h"
+
+struct tuple_str {
+    PRErrorCode	 errNum;
+    const char * errString;
+};
+
+typedef struct tuple_str tuple_str;
+
+#define ER2(a,b)   {a, b},
+#define ER3(a,b,c) {a, c},
+
+#include "secerr.h"
+#include "sslerr.h"
+
+const tuple_str errStrings[] = {
+
+/* keep this list in asceding order of error numbers */
+#include "SSLerrs.h"
+#include "SECerrs.h"
+#include "NSPRerrs.h"
+
+};
+
+const PRInt32 numStrings = sizeof(errStrings) / sizeof(tuple_str);
+
+/* Returns a UTF-8 encoded constant error string for "errNum".
+ * Returns NULL of errNum is unknown.
+ */
+const char *
+SSL_Strerror(PRErrorCode errNum) {
+    PRInt32 low  = 0;
+    PRInt32 high = numStrings - 1;
+    PRInt32 i;
+    PRErrorCode num;
+    static int initDone;
+
+    /* make sure table is in ascending order.
+     * binary search depends on it.
+     */
+    if (!initDone) {
+	PRErrorCode lastNum = 0x80000000;
+    	for (i = low; i <= high; ++i) {
+	    num = errStrings[i].errNum;
+	    if (num <= lastNum) {
+	    	fprintf(stderr, 
+"sequence error in error strings at item %d\n"
+"error %d (%s)\n"
+"should come after \n"
+"error %d (%s)\n",
+		        i, lastNum, errStrings[i-1].errString, 
+			num, errStrings[i].errString);
+	    }
+	    lastNum = num;
+	}
+	initDone = 1;
+    }
+
+    /* Do binary search of table. */
+    while (low + 1 < high) {
+    	i = (low + high) / 2;
+	num = errStrings[i].errNum;
+	if (errNum == num) 
+	    return errStrings[i].errString;
+        if (errNum < num)
+	    high = i;
+	else 
+	    low = i;
+    }
+    if (errNum == errStrings[low].errNum)
+    	return errStrings[low].errString;
+    if (errNum == errStrings[high].errNum)
+    	return errStrings[high].errString;
+    return NULL;
+}
--- a/mozilla/security/nss/cmd/SSLsample/sslsample.c
+++ b/mozilla/security/nss/cmd/SSLsample/sslsample.c
@@ -0,0 +1,590 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "sslsample.h"
+#include "sslerror.h"
+
+/* Declare SSL cipher suites. */
+
+int ssl2CipherSuites[] = {
+	SSL_EN_RC4_128_WITH_MD5,              /* A */
+	SSL_EN_RC4_128_EXPORT40_WITH_MD5,     /* B */
+	SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
+	SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
+	SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
+	SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
+	0
+};
+
+int ssl3CipherSuites[] = {
+	SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, /* a */
+	SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,      /* b */
+	SSL_RSA_WITH_RC4_128_MD5,               /* c */
+	SSL_RSA_WITH_3DES_EDE_CBC_SHA,          /* d */
+	SSL_RSA_WITH_DES_CBC_SHA,               /* e */
+	SSL_RSA_EXPORT_WITH_RC4_40_MD5,         /* f */
+	SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,     /* g */
+	SSL_FORTEZZA_DMS_WITH_NULL_SHA,         /* h */
+	SSL_RSA_WITH_NULL_MD5,                  /* i */
+	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,     /* j */
+	SSL_RSA_FIPS_WITH_DES_CBC_SHA,          /* k */
+	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,    /* l */
+	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,     /* m */
+	0
+};
+
+/**************************************************************************
+** 
+** SSL callback routines.
+**
+**************************************************************************/
+
+/* Function: char * myPasswd()
+ * 
+ * Purpose: This function is our custom password handler that is called by
+ * SSL when retreiving private certs and keys from the database. Returns a
+ * pointer to a string that with a password for the database. Password pointer
+ * should point to dynamically allocated memory that will be freed later.
+ */
+char *
+myPasswd(PK11SlotInfo *info, PRBool retry, void *arg)
+{
+	char * passwd = NULL;
+
+	if ( (!retry) && arg ) {
+		passwd = PORT_Strdup((char *)arg);
+	}
+
+	return passwd;
+}
+
+/* Function: SECStatus myAuthCertificate()
+ *
+ * Purpose: This function is our custom certificate authentication handler.
+ * 
+ * Note: This implementation is essentially the same as the default 
+ *       SSL_AuthCertificate().
+ */
+SECStatus 
+myAuthCertificate(void *arg, PRFileDesc *socket, 
+                  PRBool checksig, PRBool isServer) 
+{
+
+	SECCertUsage        certUsage;
+	CERTCertificate *   cert;
+	void *              pinArg;
+	char *              hostName;
+	SECStatus           secStatus;
+
+	if (!arg || !socket) {
+		errWarn("myAuthCertificate");
+		return SECFailure;
+	}
+
+	/* Define how the cert is being used based upon the isServer flag. */
+
+	certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+
+	cert = SSL_PeerCertificate(socket);
+	
+	pinArg = SSL_RevealPinArg(socket);
+
+	secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
+	                               cert,
+	                               checksig,
+	                               certUsage,
+	                               pinArg);
+
+	/* If this is a server, we're finished. */
+	if (isServer || secStatus != SECSuccess) {
+		CERT_DestroyCertificate(cert);
+		return secStatus;
+	}
+
+	/* Certificate is OK.  Since this is the client side of an SSL
+	 * connection, we need to verify that the name field in the cert
+	 * matches the desired hostname.  This is our defense against
+	 * man-in-the-middle attacks.
+	 */
+
+	/* SSL_RevealURL returns a hostName, not an URL. */
+	hostName = SSL_RevealURL(socket);
+
+	if (hostName && hostName[0]) {
+		secStatus = CERT_VerifyCertName(cert, hostName);
+	} else {
+		PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
+		secStatus = SECFailure;
+	}
+
+	if (hostName)
+		PR_Free(hostName);
+
+	CERT_DestroyCertificate(cert);
+	return secStatus;
+}
+
+/* Function: SECStatus myBadCertHandler()
+ *
+ * Purpose: This callback is called when the incoming certificate is not
+ * valid. We define a certain set of parameters that still cause the
+ * certificate to be "valid" for this session, and return SECSuccess to cause
+ * the server to continue processing the request when any of these conditions
+ * are met. Otherwise, SECFailure is return and the server rejects the 
+ * request.
+ */
+SECStatus 
+myBadCertHandler(void *arg, PRFileDesc *socket) 
+{
+
+    SECStatus	secStatus = SECFailure;
+    PRErrorCode	err;
+
+    /* log invalid cert here */
+
+    if (!arg) {
+		return secStatus;
+    }
+
+    *(PRErrorCode *)arg = err = PORT_GetError();
+
+    /* If any of the cases in the switch are met, then we will proceed   */
+    /* with the processing of the request anyway. Otherwise, the default */	
+    /* case will be reached and we will reject the request.              */
+
+    switch (err) {
+    case SEC_ERROR_INVALID_AVA:
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_BAD_SIGNATURE:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SEC_ERROR_UNTRUSTED_CERT:
+    case SEC_ERROR_CERT_VALID:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_CRL_EXPIRED:
+    case SEC_ERROR_CRL_BAD_SIGNATURE:
+    case SEC_ERROR_EXTENSION_VALUE_INVALID:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case SEC_ERROR_CERT_USAGES_INVALID:
+    case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
+		secStatus = SECSuccess;
+	break;
+    default:
+		secStatus = SECFailure;
+	break;
+    }
+
+	printf("Bad certificate: %d, %s\n", err, SSL_Strerror(err));
+
+    return secStatus;
+}
+
+/* Function: SECStatus ownGetClientAuthData()
+ *
+ * Purpose: This callback is used by SSL to pull client certificate 
+ * information upon server request.
+ */
+SECStatus 
+myGetClientAuthData(void *arg,
+                    PRFileDesc *socket,
+                    struct CERTDistNamesStr *caNames,
+                    struct CERTCertificateStr **pRetCert,
+                    struct SECKEYPrivateKeyStr **pRetKey) 
+{
+
+    CERTCertificate *  cert;
+    SECKEYPrivateKey * privKey;
+    char *             chosenNickName = (char *)arg;
+    void *             proto_win      = NULL;
+    SECStatus          secStatus      = SECFailure;
+
+    proto_win = SSL_RevealPinArg(socket);
+
+    if (chosenNickName) {
+		cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+		if (cert) {
+		    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+		    if (privKey) {
+				secStatus = SECSuccess;
+		    } else {
+				CERT_DestroyCertificate(cert);
+		    }
+		}
+    } else { /* no nickname given, automatically find the right cert */
+	CERTCertNicknames *names;
+	int                i;
+
+	names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), 
+				      SEC_CERT_NICKNAMES_USER, proto_win);
+
+	if (names != NULL) {
+	    for(i = 0; i < names->numnicknames; i++ ) {
+
+		cert = PK11_FindCertFromNickname(names->nicknames[i], 
+						 proto_win);
+		if (!cert) {
+		    continue;
+		}
+
+		/* Only check unexpired certs */
+		if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
+		      != secCertTimeValid ) {
+		    CERT_DestroyCertificate(cert);
+		    continue;
+		}
+
+		secStatus = NSS_CmpCertChainWCANames(cert, caNames);
+		if (secStatus == SECSuccess) {
+		    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+		    if (privKey) {
+			break;
+		    }
+		    secStatus = SECFailure;
+		    break;
+		}
+		CERT_FreeNicknames(names);
+	    } /* for loop */
+	}
+    }
+
+    if (secStatus == SECSuccess) {
+		*pRetCert = cert;
+		*pRetKey  = privKey;
+    }
+
+    return secStatus;
+}
+
+/* Function: SECStatus myHandshakeCallback()
+ *
+ * Purpose: Called by SSL to inform application that the handshake is
+ * complete. This function is mostly used on the server side of an SSL
+ * connection, although it is provided for a client as well.
+ * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake 
+ * is used to initiate a handshake.
+ *
+ * A typical scenario would be:
+ *
+ * 1. Server accepts an SSL connection from the client without client auth.
+ * 2. Client sends a request.
+ * 3. Server determines that to service request it needs to authenticate the
+ * client and initiates another handshake requesting client auth.
+ * 4. While handshake is in progress, server can do other work or spin waiting
+ * for the handshake to complete.
+ * 5. Server is notified that handshake has been successfully completed by
+ * the custom handshake callback function and it can service the client's
+ * request.
+ *
+ * Note: This function is not implemented in this sample, as we are using
+ * blocking sockets.
+ */
+SECStatus 
+myHandshakeCallback(PRFileDesc *socket, void *arg) 
+{
+    printf("Handshake has completed, ready to send data securely.\n");
+    return SECSuccess;
+}
+
+
+/**************************************************************************
+** 
+** Routines for disabling SSL ciphers.
+**
+**************************************************************************/
+
+void
+disableAllSSLCiphers(void)
+{
+    const PRUint16 *cipherSuites = SSL_ImplementedCiphers;
+    int             i            = SSL_NumImplementedCiphers;
+    SECStatus       rv;
+
+    /* disable all the SSL3 cipher suites */
+    while (--i >= 0) {
+	PRUint16 suite = cipherSuites[i];
+        rv = SSL_CipherPrefSetDefault(suite, PR_FALSE);
+	if (rv != SECSuccess) {
+	    printf("SSL_CipherPrefSetDefault didn't like value 0x%04x (i = %d)\n",
+	    	   suite, i);
+	    errWarn("SSL_CipherPrefSetDefault");
+	    exit(2);
+	}
+    }
+}
+
+/**************************************************************************
+** 
+** Error and information routines.
+**
+**************************************************************************/
+
+void
+errWarn(char *function)
+{
+	PRErrorCode  errorNumber = PR_GetError();
+	const char * errorString = SSL_Strerror(errorNumber);
+
+	printf("Error in function %s: %d\n - %s\n",
+			function, errorNumber, errorString);
+}
+
+void
+exitErr(char *function)
+{
+	errWarn(function);
+	/* Exit gracefully. */
+	NSS_Shutdown();
+	PR_Cleanup();
+	exit(1);
+}
+
+void 
+printSecurityInfo(PRFileDesc *fd)
+{
+	char * cp;	/* bulk cipher name */
+	char * ip;	/* cert issuer DN */
+	char * sp;	/* cert subject DN */
+	int    op;	/* High, Low, Off */
+	int    kp0;	/* total key bits */
+	int    kp1;	/* secret key bits */
+	int    result;
+	SSL3Statistics * ssl3stats = SSL_GetStatistics();
+
+	result = SSL_SecurityStatus(fd, &op, &cp, &kp0, &kp1, &ip, &sp);
+	if (result != SECSuccess)
+		return;
+	printf("bulk cipher %s, %d secret key bits, %d key bits, status: %d\n"
+		   "subject DN: %s\n"
+	   "issuer	DN: %s\n", cp, kp1, kp0, op, sp, ip);
+	PR_Free(cp);
+	PR_Free(ip);
+	PR_Free(sp);
+
+	printf("%ld cache hits; %ld cache misses, %ld cache not reusable\n",
+		ssl3stats->hch_sid_cache_hits, ssl3stats->hch_sid_cache_misses,
+	ssl3stats->hch_sid_cache_not_ok);
+
+}
+
+
+/**************************************************************************
+** Begin thread management routines and data.
+**************************************************************************/
+
+void
+thread_wrapper(void * arg)
+{
+	GlobalThreadMgr *threadMGR = (GlobalThreadMgr *)arg;
+	perThread *slot = &threadMGR->threads[threadMGR->index];
+
+	/* wait for parent to finish launching us before proceeding. */
+	PR_Lock(threadMGR->threadLock);
+	PR_Unlock(threadMGR->threadLock);
+
+	slot->rv = (* slot->startFunc)(slot->a, slot->b);
+
+	PR_Lock(threadMGR->threadLock);
+	slot->running = rs_zombie;
+
+	/* notify the thread exit handler. */
+	PR_NotifyCondVar(threadMGR->threadEndQ);
+
+	PR_Unlock(threadMGR->threadLock);
+}
+
+SECStatus
+launch_thread(GlobalThreadMgr *threadMGR,
+              startFn         *startFunc,
+              void            *a,
+              int              b)
+{
+	perThread *slot;
+	int        i;
+
+	if (!threadMGR->threadStartQ) {
+		threadMGR->threadLock   = PR_NewLock();
+		threadMGR->threadStartQ = PR_NewCondVar(threadMGR->threadLock);
+		threadMGR->threadEndQ   = PR_NewCondVar(threadMGR->threadLock);
+	}
+	PR_Lock(threadMGR->threadLock);
+	while (threadMGR->numRunning >= MAX_THREADS) {
+		PR_WaitCondVar(threadMGR->threadStartQ, PR_INTERVAL_NO_TIMEOUT);
+	}
+	for (i = 0; i < threadMGR->numUsed; ++i) {
+		slot = &threadMGR->threads[i];
+		if (slot->running == rs_idle) 
+			break;
+	}
+	if (i >= threadMGR->numUsed) {
+		if (i >= MAX_THREADS) {
+			/* something's really wrong here. */
+			PORT_Assert(i < MAX_THREADS);
+			PR_Unlock(threadMGR->threadLock);
+			return SECFailure;
+		}
+		++(threadMGR->numUsed);
+		PORT_Assert(threadMGR->numUsed == i + 1);
+		slot = &threadMGR->threads[i];
+	}
+
+	slot->a = a;
+	slot->b = b;
+	slot->startFunc = startFunc;
+
+	threadMGR->index = i;
+
+	slot->prThread = PR_CreateThread(PR_USER_THREAD,
+	                                 thread_wrapper, threadMGR,
+	                                 PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+	                                 PR_JOINABLE_THREAD, 0);
+
+	if (slot->prThread == NULL) {
+		PR_Unlock(threadMGR->threadLock);
+		printf("Failed to launch thread!\n");
+		return SECFailure;
+	} 
+
+	slot->inUse   = 1;
+	slot->running = 1;
+	++(threadMGR->numRunning);
+	PR_Unlock(threadMGR->threadLock);
+	printf("Launched thread in slot %d \n", threadMGR->index);
+
+	return SECSuccess;
+}
+
+SECStatus 
+reap_threads(GlobalThreadMgr *threadMGR)
+{
+	perThread * slot;
+	int			i;
+
+	if (!threadMGR->threadLock)
+		return 0;
+	PR_Lock(threadMGR->threadLock);
+	while (threadMGR->numRunning > 0) {
+	    PR_WaitCondVar(threadMGR->threadEndQ, PR_INTERVAL_NO_TIMEOUT);
+	    for (i = 0; i < threadMGR->numUsed; ++i) {
+		slot = &threadMGR->threads[i];
+		if (slot->running == rs_zombie)  {
+		    /* Handle cleanup of thread here. */
+		    printf("Thread in slot %d returned %d\n", i, slot->rv);
+
+		    /* Now make sure the thread has ended OK. */
+		    PR_JoinThread(slot->prThread);
+		    slot->running = rs_idle;
+		    --threadMGR->numRunning;
+
+		    /* notify the thread launcher. */
+		    PR_NotifyCondVar(threadMGR->threadStartQ);
+		}
+	    }
+	}
+
+	/* Safety Sam sez: make sure count is right. */
+	for (i = 0; i < threadMGR->numUsed; ++i) {
+		slot = &threadMGR->threads[i];
+		if (slot->running != rs_idle)  {
+			fprintf(stderr, "Thread in slot %d is in state %d!\n", 
+			                 i, slot->running);
+		}
+	}
+	PR_Unlock(threadMGR->threadLock);
+	return 0;
+}
+
+void
+destroy_thread_data(GlobalThreadMgr *threadMGR)
+{
+	PORT_Memset(threadMGR->threads, 0, sizeof(threadMGR->threads));
+
+	if (threadMGR->threadEndQ) {
+		PR_DestroyCondVar(threadMGR->threadEndQ);
+		threadMGR->threadEndQ = NULL;
+	}
+	if (threadMGR->threadStartQ) {
+		PR_DestroyCondVar(threadMGR->threadStartQ);
+		threadMGR->threadStartQ = NULL;
+	}
+	if (threadMGR->threadLock) {
+		PR_DestroyLock(threadMGR->threadLock);
+		threadMGR->threadLock = NULL;
+	}
+}
+
+/**************************************************************************
+** End	 thread management routines.
+**************************************************************************/
+
+void 
+lockedVars_Init( lockedVars * lv)
+{
+	lv->count	= 0;
+	lv->waiters = 0;
+	lv->lock	= PR_NewLock();
+	lv->condVar = PR_NewCondVar(lv->lock);
+}
+
+void
+lockedVars_Destroy( lockedVars * lv)
+{
+	PR_DestroyCondVar(lv->condVar);
+	lv->condVar = NULL;
+
+	PR_DestroyLock(lv->lock);
+	lv->lock = NULL;
+}
+
+void
+lockedVars_WaitForDone(lockedVars * lv)
+{
+	PR_Lock(lv->lock);
+	while (lv->count > 0) {
+		PR_WaitCondVar(lv->condVar, PR_INTERVAL_NO_TIMEOUT);
+	}
+	PR_Unlock(lv->lock);
+}
+
+int	/* returns count */
+lockedVars_AddToCount(lockedVars * lv, int addend)
+{
+	int rv;
+
+	PR_Lock(lv->lock);
+	rv = lv->count += addend;
+	if (rv <= 0) {
+	PR_NotifyCondVar(lv->condVar);
+	}
+	PR_Unlock(lv->lock);
+	return rv;
+}
--- a/mozilla/security/nss/cmd/SSLsample/sslsample.h
+++ b/mozilla/security/nss/cmd/SSLsample/sslsample.h
@@ -0,0 +1,178 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef SSLSAMPLE_H
+#define SSLSAMPLE_H
+
+/* Generic header files */
+
+#include <stdio.h>
+#include <string.h>
+
+/* NSPR header files */
+
+#include "nspr.h"
+#include "prerror.h"
+#include "prnetdb.h"
+
+/* NSS header files */
+
+#include "pk11func.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "certt.h"
+#include "nss.h"
+#include "secrng.h"
+#include "secder.h"
+#include "key.h"
+#include "sslproto.h"
+
+/* Custom header files */
+
+/*
+#include "sslerror.h"
+*/
+
+#define BUFFER_SIZE 10240
+
+/* Declare SSL cipher suites. */
+
+extern int cipherSuites[];
+extern int ssl2CipherSuites[];
+extern int ssl3CipherSuites[];
+
+/* Data buffer read from a socket. */
+typedef struct DataBufferStr {
+	char data[BUFFER_SIZE];
+	int  index;
+	int  remaining;
+	int  dataStart;
+	int  dataEnd;
+} DataBuffer;
+
+/* SSL callback routines. */
+
+char * myPasswd(PK11SlotInfo *info, PRBool retry, void *arg);
+
+SECStatus myAuthCertificate(void *arg, PRFileDesc *socket,
+                            PRBool checksig, PRBool isServer);
+
+SECStatus myBadCertHandler(void *arg, PRFileDesc *socket);
+
+SECStatus myHandshakeCallback(PRFileDesc *socket, void *arg);
+
+SECStatus myGetClientAuthData(void *arg, PRFileDesc *socket,
+                              struct CERTDistNamesStr *caNames,
+                              struct CERTCertificateStr **pRetCert,
+                              struct SECKEYPrivateKeyStr **pRetKey);
+
+/* Disable all v2/v3 SSL ciphers. */
+
+void disableAllSSLCiphers(void);
+
+
+/* Error and information utilities. */
+
+void errWarn(char *function);
+
+void exitErr(char *function);
+
+void printSecurityInfo(PRFileDesc *fd);
+
+/* Some simple thread management routines. */
+
+#define MAX_THREADS 32
+
+typedef SECStatus startFn(void *a, int b);
+
+typedef enum { rs_idle = 0, rs_running = 1, rs_zombie = 2 } runState;
+
+typedef struct perThreadStr {
+	PRFileDesc *a;
+	int         b;
+	int         rv;
+	startFn    *startFunc;
+	PRThread   *prThread;
+	PRBool      inUse;
+	runState    running;
+} perThread;
+
+typedef struct GlobalThreadMgrStr {
+	PRLock	  *threadLock;
+	PRCondVar *threadStartQ;
+	PRCondVar *threadEndQ;
+	perThread  threads[MAX_THREADS];
+	int        index;
+	int        numUsed;
+	int        numRunning;
+} GlobalThreadMgr;
+
+void thread_wrapper(void * arg);
+
+SECStatus launch_thread(GlobalThreadMgr *threadMGR, 
+                        startFn *startFunc, void *a, int b);
+
+SECStatus reap_threads(GlobalThreadMgr *threadMGR);
+
+void destroy_thread_data(GlobalThreadMgr *threadMGR);
+
+/* Management of locked variables. */
+
+struct lockedVarsStr {
+	PRLock *    lock;
+	int         count;
+	int         waiters;
+	PRCondVar * condVar;
+};
+
+typedef struct lockedVarsStr lockedVars;
+
+void lockedVars_Init(lockedVars *lv);
+
+void lockedVars_Destroy(lockedVars *lv);
+
+void lockedVars_WaitForDone(lockedVars *lv);
+
+int lockedVars_AddToCount(lockedVars *lv, int addend);
+
+/* Buffer stuff. */
+
+static const char stopCmd[] = { "GET /stop " };
+static const char defaultHeader[] = {
+	"HTTP/1.0 200 OK\r\n"
+	"Server: SSL sample server\r\n"
+	"Content-type: text/plain\r\n"
+	"\r\n"
+};
+
+#endif
--- a/mozilla/security/nss/cmd/addbuiltin/Makefile
+++ b/mozilla/security/nss/cmd/addbuiltin/Makefile
@@ -0,0 +1,76 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+ 
--- a/mozilla/security/nss/cmd/addbuiltin/addbuiltin.c
+++ b/mozilla/security/nss/cmd/addbuiltin/addbuiltin.c
@@ -0,0 +1,337 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+/*
+ * Tool for converting builtin CA certs.
+ *
+ * $Id: addbuiltin.c,v 1.2 2001-01-26 16:45:45 mcgreer%netscape.com Exp $
+ */
+
+#include "nss.h"
+#include "cert.h"
+#include "secutil.h"
+#include "pk11func.h"
+
+void dumpbytes(unsigned char *buf, int len)
+{
+    int i;
+    for (i=0; i < len; i++) {
+	if ((i !=0) && ((i & 0xf) == 0)) {
+	    printf("\n");
+	}
+	printf("\\%03o",buf[i]);
+    }
+    printf("\n");
+}
+
+char *getTrustString(unsigned int trust)
+{
+    if (trust & CERTDB_TRUSTED) {
+	if (trust & CERTDB_TRUSTED_CA) {
+		return "CKT_NETSCAPE_TRUSTED_DELEGATOR|CKT_NETSCAPE_TRUSTED";
+	} else {
+		return "CKT_NETSCAPE_TRUSTED";
+	}
+    } else {
+	if (trust & CERTDB_TRUSTED_CA) {
+		return "CKT_NETSCAPE_TRUSTED_DELEGATOR";
+	} else {
+		return "CKT_NETSCAPE_VALID";
+	}
+    }
+    return "CKT_NETSCAPE_VALID"; /* not reached */
+}
+	
+static SECStatus
+ConvertCertificate(SECItem *sdder, char *nickname, CERTCertTrust *trust)
+{
+    SECStatus rv = SECSuccess;
+    CERTCertificate *cert;
+    unsigned char sha1_hash[SHA1_LENGTH];
+    unsigned char md5_hash[MD5_LENGTH];
+
+    cert = CERT_DecodeDERCertificate(sdder, PR_FALSE, nickname);
+    if (!cert) {
+	return SECFailure;
+    }
+
+    printf("\n#\n# Certificate \"%s\"\n#\n",nickname);
+    printf("CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE\n");
+    printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
+    printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
+    printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
+    printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
+    printf("CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509\n");
+    printf("CKA_SUBJECT MULTILINE_OCTAL\n");
+    dumpbytes(cert->derSubject.data,cert->derSubject.len);
+    printf("END\n");
+    printf("CKA_ID UTF8 \"0\"\n");
+    printf("CKA_ISSUER MULTILINE_OCTAL\n");
+    dumpbytes(cert->derIssuer.data,cert->derIssuer.len);
+    printf("END\n");
+    printf("CKA_SERIAL_NUMBER MULTILINE_OCTAL\n");
+    dumpbytes(cert->serialNumber.data,cert->serialNumber.len);
+    printf("END\n");
+    printf("CKA_VALUE MULTILINE_OCTAL\n");
+    dumpbytes(sdder->data,sdder->len);
+    printf("END\n");
+
+    PK11_HashBuf(SEC_OID_SHA1, sha1_hash, sdder->data, sdder->len);
+    PK11_HashBuf(SEC_OID_MD5, md5_hash, sdder->data, sdder->len);
+    printf("\n# Trust for Certificate \"%s\"\n",nickname);
+    printf("CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST\n");
+    printf("CKA_TOKEN CK_BBOOL CK_TRUE\n");
+    printf("CKA_PRIVATE CK_BBOOL CK_FALSE\n");
+    printf("CKA_MODIFIABLE CK_BBOOL CK_FALSE\n");
+    printf("CKA_LABEL UTF8 \"%s\"\n",nickname);
+    printf("CKA_CERT_SHA1_HASH MULTILINE_OCTAL\n");
+    dumpbytes(sha1_hash,SHA1_LENGTH);
+    printf("END\n");
+    printf("CKA_CERT_MD5_HASH MULTILINE_OCTAL\n");
+    dumpbytes(md5_hash,MD5_LENGTH);
+    printf("END\n");
+    
+    printf("CKA_TRUST_SERVER_AUTH CK_TRUST %s\n",
+				 getTrustString(trust->sslFlags));
+    printf("CKA_TRUST_EMAIL_PROTECTION CK_TRUST %s\n",
+				 getTrustString(trust->emailFlags));
+    printf("CKA_TRUST_CODE_SIGNING CK_TRUST %s\n",
+				 getTrustString(trust->objectSigningFlags));
+#ifdef notdef
+    printf("CKA_TRUST_CLIENT_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED\n");*/
+    printf("CKA_TRUST_DIGITAL_SIGNATURE CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_NON_REPUDIATION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_KEY_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_DATA_ENCIPHERMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_KEY_AGREEMENT CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
+    printf("CKA_TRUST_KEY_CERT_SIGN CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR\n");
+#endif
+
+
+    PORT_Free(sdder->data);
+    return(rv);
+
+}
+
+printheader() {
+    printf("# \n"
+     "# The contents of this file are subject to the Mozilla Public\n"
+     "# License Version 1.1 (the \"License\"); you may not use this file\n"
+     "# except in compliance with the License. You may obtain a copy of\n"
+     "# the License at http://www.mozilla.org/MPL/\n"
+     "# \n"
+     "# Software distributed under the License is distributed on an \"AS\n"
+     "# IS\" basis, WITHOUT WARRANTY OF ANY KIND, either express or\n"
+     "# implied. See the License for the specific language governing\n"
+     "# rights and limitations under the License.\n"
+     "# \n"
+     "# The Original Code is the Netscape security libraries.\n"
+     "# \n"
+     "# The Initial Developer of the Original Code is Netscape\n"
+     "# Communications Corporation.  Portions created by Netscape are \n"
+     "# Copyright (C) 1994-2000 Netscape Communications Corporation.  All\n"
+     "# Rights Reserved.\n"
+     "# \n"
+     "# Contributor(s):\n"
+     "# \n"
+     "# Alternatively, the contents of this file may be used under the\n"
+     "# terms of the GNU General Public License Version 2 or later (the\n"
+     "# \"GPL\"), in which case the provisions of the GPL are applicable \n"
+     "# instead of those above.  If you wish to allow use of your \n"
+     "# version of this file only under the terms of the GPL and not to\n"
+     "# allow others to use your version of this file under the MPL,\n"
+     "# indicate your decision by deleting the provisions above and\n"
+     "# replace them with the notice and other provisions required by\n"
+     "# the GPL.  If you do not delete the provisions above, a recipient\n"
+     "# may use your version of this file under either the MPL or the\n"
+     "# GPL.\n"
+     "#\n"
+     "CVS_ID \"@(#) $RCSfile: addbuiltin.c,v $ $Revision: 1.2 $ $Date: 2001-01-26 16:45:45 $ $Name: not supported by cvs2svn $\"\n"
+     "\n"
+     "#\n"
+     "# certdata.txt\n"
+     "#\n"
+     "# This file contains the object definitions for the certs and other\n"
+     "# information \"built into\" NSS.\n"
+     "#\n"
+     "# Object definitions:\n"
+     "#\n"
+     "#    Certificates\n"
+     "#\n"
+     "#  -- Attribute --          -- type --              -- value --\n"
+     "#  CKA_CLASS                CK_OBJECT_CLASS         CKO_CERTIFICATE\n"
+     "#  CKA_TOKEN                CK_BBOOL                CK_TRUE\n"
+     "#  CKA_PRIVATE              CK_BBOOL                CK_FALSE\n"
+     "#  CKA_MODIFIABLE           CK_BBOOL                CK_FALSE\n"
+     "#  CKA_LABEL                UTF8                    (varies)\n"
+     "#  CKA_CERTIFICATE_TYPE     CK_CERTIFICATE_TYPE     CKC_X_509\n"
+     "#  CKA_SUBJECT              DER+base64              (varies)\n"
+     "#  CKA_ID                   byte array              (varies)\n"
+     "#  CKA_ISSUER               DER+base64              (varies)\n"
+     "#  CKA_SERIAL_NUMBER        DER+base64              (varies)\n"
+     "#  CKA_VALUE                DER+base64              (varies)\n"
+     "#  CKA_NETSCAPE_EMAIL       ASCII7                  (unused here)\n"
+     "#\n"
+     "#    Trust\n"
+     "#\n"
+     "#  -- Attribute --              -- type --          -- value --\n"
+     "#  CKA_CLASS                    CK_OBJECT_CLASS     CKO_TRUST\n"
+     "#  CKA_TOKEN                    CK_BBOOL            CK_TRUE\n"
+     "#  CKA_PRIVATE                  CK_BBOOL            CK_FALSE\n"
+     "#  CKA_MODIFIABLE               CK_BBOOL            CK_FALSE\n"
+     "#  CKA_LABEL                    UTF8                (varies)\n"
+     "#  CKA_ISSUER                   DER+base64          (varies)\n"
+     "#  CKA_SERIAL_NUMBER            DER+base64          (varies)\n"
+     "#  CKA_CERT_HASH                binary+base64       (varies)\n"
+     "#  CKA_EXPIRES                  CK_DATE             (not used here)\n"
+     "#  CKA_TRUST_DIGITAL_SIGNATURE  CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_NON_REPUDIATION    CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_KEY_ENCIPHERMENT   CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_DATA_ENCIPHERMENT  CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_KEY_AGREEMENT      CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_KEY_CERT_SIGN      CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_CRL_SIGN           CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_SERVER_AUTH        CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_CLIENT_AUTH        CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_CODE_SIGNING       CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_EMAIL_PROTECTION   CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_IPSEC_END_SYSTEM   CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_IPSEC_TUNNEL       CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_IPSEC_USER         CK_TRUST            (varies)\n"
+     "#  CKA_TRUST_TIME_STAMPING      CK_TRUST            (varies)\n"
+     "#  (other trust attributes can be defined)\n"
+     "#\n"
+     "\n"
+     "#\n"
+     "# The object to tell NSS that this is a root list and we don't\n"
+     "# have to go looking for others.\n"
+     "#\n"
+     "BEGINDATA\n"
+     "CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_BUILTIN_ROOT_LIST\n"
+     "CKA_TOKEN CK_BBOOL CK_TRUE\n"
+     "CKA_PRIVATE CK_BBOOL CK_FALSE\n"
+     "CKA_MODIFIABLE CK_BBOOL CK_FALSE\n"
+     "CKA_LABEL UTF8 \"Mozilla Builtin Roots\"\n");
+}
+
+static void Usage(char *progName)
+{
+    fprintf(stderr, "%s -n nickname -t trust\n", progName);
+    fprintf(stderr, 
+            "read a der-encoded cert from stdin in, and output\n"
+            "it to stdout in a format suitable for the builtin root module.\n"
+            "example: %s -n MyCA -t \"C,C,C\" < myca.der >> certdata.txt\n"
+            "(pipe through atob if the cert is b64-encoded)\n");
+    fprintf(stderr, "%15s nickname to assign to builtin cert.\n", 
+                    "-n nickname");
+    fprintf(stderr, "%15s default trust flags (cCTpPuw).\n",
+                    "-t trust");
+    exit(-1);
+}
+
+enum {
+    opt_Input = 0,
+    opt_Nickname,
+    opt_Trust
+};
+
+static secuCommandFlag addbuiltin_options[] =
+{
+	{ /* opt_Input         */  'i', PR_TRUE, 0, PR_FALSE },
+	{ /* opt_Nickname      */  'n', PR_TRUE, 0, PR_FALSE },
+	{ /* opt_Trust         */  't', PR_TRUE, 0, PR_FALSE }
+};
+
+main(int argc, char **argv)
+{
+    SECStatus rv;
+    char *nickname;
+    char *trusts;
+    char *progName;
+    PRFileDesc *infile;
+    CERTCertTrust trust = { 0 };
+    SECItem derCert = { 0 };
+
+    secuCommand addbuiltin = { 0 };
+    addbuiltin.numOptions = sizeof(addbuiltin_options)/sizeof(secuCommandFlag);
+    addbuiltin.options = addbuiltin_options;
+
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName+1 : argv[0];
+
+    rv = SECU_ParseCommandLine(argc, argv, progName, &addbuiltin);
+
+    if (rv != SECSuccess)
+	Usage(progName);
+
+    if (!addbuiltin.options[opt_Nickname].activated &&
+        !addbuiltin.options[opt_Trust].activated) {
+	fprintf(stderr, "%s: you must specify both a nickname and trust.\n");
+	Usage(progName);
+    }
+
+    if (addbuiltin.options[opt_Input].activated) {
+	infile = PR_Open(addbuiltin.options[opt_Input].arg, PR_RDONLY, 00660);
+	if (!infile) {
+	    fprintf(stderr, "%s: failed to open input file.\n");
+	    exit(1);
+	}
+    } else {
+	infile = PR_STDIN;
+    }
+
+    nickname = strdup(addbuiltin.options[opt_Nickname].arg);
+    trusts = strdup(addbuiltin.options[opt_Trust].arg);
+
+    NSS_NoDB_Init(NULL);
+
+    rv = CERT_DecodeTrustString(&trust, trusts);
+    if (rv) {
+	fprintf(stderr, "%s: incorrectly formatted trust string.\n", progName);
+	Usage(progName);
+    }
+
+    SECU_FileToItem(&derCert, infile);
+    
+    /*printheader();*/
+
+    rv = ConvertCertificate(&derCert, nickname, &trust);
+    if (rv) {
+	fprintf(stderr, "%s: failed to convert certificate.\n", progName);
+	exit(1);
+    }
+    
+    NSS_Shutdown();
+
+    return(SECSuccess);
+}
--- a/mozilla/security/nss/cmd/addbuiltin/manifest.mn
+++ b/mozilla/security/nss/cmd/addbuiltin/manifest.mn
@@ -0,0 +1,49 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH = ../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = security 
+
+CSRCS = \
+	addbuiltin.c \
+	$(NULL)
+
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = dbm seccmd
+
+PROGRAM = addbuiltin
+
+USE_STATIC_LIBS = 1
--- a/mozilla/security/nss/cmd/atob/Makefile
+++ b/mozilla/security/nss/cmd/atob/Makefile
@@ -0,0 +1,76 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
--- a/mozilla/security/nss/cmd/atob/atob.c
+++ b/mozilla/security/nss/cmd/atob/atob.c
@@ -0,0 +1,177 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "plgetopt.h"
+#include "secutil.h"
+#include "nssb64.h"
+#include <errno.h>
+
+#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
+#if !defined(WIN32)
+extern int fread(char *, size_t, size_t, FILE*);
+extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fprintf(FILE *, char *, ...);
+#endif
+#endif
+
+#if defined(WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+static PRInt32 
+output_binary (void *arg, const unsigned char *obuf, PRInt32 size)
+{
+    FILE *outFile = arg;
+    int nb;
+
+    nb = fwrite(obuf, 1, size, outFile);
+    if (nb != size) {
+	PORT_SetError(SEC_ERROR_IO);
+	return -1;
+    }
+
+    return nb;
+}
+
+static SECStatus
+decode_file(FILE *outFile, FILE *inFile)
+{
+    NSSBase64Decoder *cx;
+    int nb;
+    SECStatus status = SECFailure;
+    char ibuf[4096];
+
+    cx = NSSBase64Decoder_Create(output_binary, outFile);
+    if (!cx) {
+	return -1;
+    }
+
+    for (;;) {
+	if (feof(inFile)) break;
+	nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+	if (nb != sizeof(ibuf)) {
+	    if (nb == 0) {
+		if (ferror(inFile)) {
+		    PORT_SetError(SEC_ERROR_IO);
+		    goto loser;
+		}
+		/* eof */
+		break;
+	    }
+	}
+
+	status = NSSBase64Decoder_Update(cx, ibuf, nb);
+	if (status != SECSuccess) goto loser;
+    }
+
+    return NSSBase64Decoder_Destroy(cx, PR_FALSE);
+
+  loser:
+    (void) NSSBase64Decoder_Destroy(cx, PR_TRUE);
+    return status;
+}
+
+static void Usage(char *progName)
+{
+    fprintf(stderr,
+	    "Usage: %s [-i input] [-o output]\n",
+	    progName);
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+	    "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+	    "-o output");
+    exit(-1);
+}
+
+int main(int argc, char **argv)
+{
+    char *progName;
+    SECStatus rv;
+    FILE *inFile, *outFile;
+    PLOptState *optstate;
+    PLOptStatus status;
+
+    inFile = 0;
+    outFile = 0;
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName+1 : argv[0];
+
+    /* Parse command line arguments */
+    optstate = PL_CreateOptState(argc, argv, "i:o:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+	switch (optstate->option) {
+	  case '?':
+	    Usage(progName);
+	    break;
+
+	  case 'i':
+	    inFile = fopen(optstate->value, "r");
+	    if (!inFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+
+	  case 'o':
+	    outFile = fopen(optstate->value, "wb");
+	    if (!outFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+	}
+    }
+    if (!inFile) inFile = stdin;
+    if (!outFile) {
+#if defined(WIN32)
+	int smrv = _setmode(_fileno(stdout), _O_BINARY);
+	if (smrv == -1) {
+	    fprintf(stderr,
+	    "%s: Cannot change stdout to binary mode. Use -o option instead.\n",
+	            progName);
+	    return smrv;
+	}
+#endif
+    	outFile = stdout;
+    }
+    rv = decode_file(outFile, inFile);
+    if (rv != SECSuccess) {
+	fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+		progName, PORT_GetError(), errno);
+	return -1;
+    }
+    return 0;
+}
--- a/mozilla/security/nss/cmd/atob/makefile.win
+++ b/mozilla/security/nss/cmd/atob/makefile.win
@@ -0,0 +1,155 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+VERBOSE	= 1
+include <manifest.mn>
+
+#cannot define PROGRAM in manifest compatibly with NT and UNIX
+PROGRAM = atob
+PROGRAM	= ./$(OBJDIR)/$(PROGRAM).exe
+include <$(DEPTH)\config\config.mak>
+
+# let manifest generate C_OBJS, it will prepend ./$(OBJDIR)/
+# rules.mak will append C_OBJS onto OBJS.
+# OBJS	= $(CSRCS:.c=.obj)
+
+# include files are looked for in $LINCS and $INCS.
+# $LINCS is in manifest.mnw, computed from REQUIRES=
+INCS = $(INCS) \
+ -I$(DEPTH)/security/lib/cert \
+ -I../include \
+ $(NULL)
+
+IGNORE_ME = \
+ -I$(DEPTH)/security/lib/key \
+ -I$(DEPTH)/security/lib/util  \
+ $(NULL)
+
+
+WINFE	= $(DEPTH)/cmd/winfe/mkfiles$(MOZ_BITS)/x86Dbg
+
+# these files are the content of libdbm
+DBM_LIB	= \
+ $(WINFE)/DB.obj \
+ $(WINFE)/HASH.obj \
+ $(WINFE)/H_BIGKEY.obj \
+ $(WINFE)/H_PAGE.obj \
+ $(WINFE)/H_LOG2.obj \
+ $(WINFE)/H_FUNC.obj \
+ $(WINFE)/HASH_BUF.obj \
+ $(NULL)
+
+MOZ_LIBS = \
+ $(WINFE)/ALLXPSTR.obj \
+ $(WINFE)/XP_ERROR.obj \
+ $(WINFE)/XPASSERT.obj \
+ $(WINFE)/XP_REG.obj \
+ $(WINFE)/XP_TRACE.obj \
+ $(DBM_LIB) \
+ $(WINFE)/XP_STR.obj \
+ $(WINFE)/MKTEMP.obj \
+ $(NULL)
+
+SEC_LIBS = \
+ $(DIST)/lib/cert$(MOZ_BITS).lib \
+ $(DIST)/lib/crypto$(MOZ_BITS).lib \
+ $(DIST)/lib/hash$(MOZ_BITS).lib \
+ $(DIST)/lib/key$(MOZ_BITS).lib \
+ $(DIST)/lib/pkcs7$(MOZ_BITS).lib \
+ $(DIST)/lib/secmod$(MOZ_BITS).lib \
+ $(DIST)/lib/secutl$(MOZ_BITS).lib \
+ $(DIST)/lib/ssl$(MOZ_BITS).lib \
+ $(NULL)
+
+LLFLAGS	= $(LLFLAGS) \
+ ../lib/$(OBJDIR)/sectool$(MOZ_BITS).lib \
+ $(SEC_LIBS) \
+ $(MOZ_LIBS) \
+ $(DEPTH)/nspr/src/$(OBJDIR)/getopt.obj \
+ $(LIBNSPR) \
+ $(NULL)
+
+
+# awt3240.lib 		# brpref32.lib 		# cert32.lib
+# crypto32.lib 		# dllcom.lib 		# editor32.lib
+# edpref32.lib 		# edtplug.lib 		# font.lib
+# hash32.lib 		# htmldg32.lib 		# img32.lib
+# javart32.lib 		# jbn3240.lib 		# jdb3240.lib
+# jmc.lib 		# jpeg3240.lib 		# jpw3240.lib
+# jrt3240.lib 		# js3240.lib 		# jsd3240.lib
+# key32.lib 		# libapplet32.lib 	# libnjs32.lib
+# libnsc32.lib 		# libreg32.lib 		# mm3240.lib
+# mnpref32.lib 		# netcst32.lib 		# nsdlg32.lib
+# nsldap32.lib 		# nsldaps32.lib 	# nsn32.lib
+# pkcs1232.lib 		# pkcs732.lib 		# pr3240.lib
+# prefui32.lib 		# prefuuid.lib 		# secmod32.lib
+# secnav32.lib 		# secutl32.lib 		# softup32.lib
+# sp3240.lib 		# ssl32.lib 		# uni3200.lib
+# unicvt32.lib 		# win32md.lib 		# winfont.lib
+# xppref32.lib 		# zlib32.lib
+
+include <$(DEPTH)\config\rules.mak>
+
+INSTALL	= $(MAKE_INSTALL)
+
+objs:	$(OBJS)
+
+$(PROGRAM)::
+	$(INSTALL) $(DIST)/bin/pr3240.dll ./$(OBJDIR)
+
+programs: $(PROGRAM)
+
+install:: $(TARGETS)
+	$(INSTALL) $(TARGETS) $(DIST)/bin
+
+# ALLXPSTR.obj  XP_ALLOC.obj  XP_HASH.obj   XP_RGB.obj    XP_WRAP.obj
+# CXPRINT.obj   XP_C.cl       XP_LIST.obj   XP_SEC.obj    netscape.exp
+# CXPRNDLG.obj  XP_CNTXT.obj  XP_MD5.obj    XP_STR.obj    xp.pch
+# EXPORT.obj    XP_CORE.obj   XP_MESG.obj   XP_THRMO.obj  xppref32.dll
+# XPASSERT.obj  XP_ERROR.obj  XP_RECT.obj   XP_TIME.obj
+# XPLOCALE.obj  XP_FILE.obj   XP_REG.obj    XP_TRACE.obj
+
+
+symbols:
+	@echo "CSRCS	= $(CSRCS)"
+	@echo "INCS	= $(INCS)"
+	@echo "OBJS	= $(OBJS)"
+	@echo "LIBRARY	= $(LIBRARY)"
+	@echo "PROGRAM	= $(PROGRAM)"
+	@echo "TARGETS	= $(TARGETS)"
+	@echo "DIST	= $(DIST)"
+	@echo "VERSION_NUMBER	= $(VERSION_NUMBER)"
+	@echo "WINFE	= $(WINFE)"
+	@echo "DBM_LIB	= $(DBM_LIB)"
+	@echo "INSTALL	= $(INSTALL)"
+
--- a/mozilla/security/nss/cmd/atob/manifest.mn
+++ b/mozilla/security/nss/cmd/atob/manifest.mn
@@ -0,0 +1,50 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+CORE_DEPTH	= ../../..
+
+# MODULE public and private header  directories are implicitly REQUIRED.
+MODULE = security 
+
+# This next line is used by .mk files
+# and gets translated into $LINCS in manifest.mnw
+# The MODULE is always implicitly required.
+# Listing it here in REQUIRES makes it appear twice in the cc command line.
+REQUIRES = seccmd dbm 
+
+DEFINES = -DNSPR20
+
+CSRCS = atob.c
+
+PROGRAM	= atob
+
--- a/mozilla/security/nss/cmd/bltest/Makefile
+++ b/mozilla/security/nss/cmd/bltest/Makefile
@@ -0,0 +1,82 @@
+#! gmake
+#
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+#MKPROG = purify -cache-dir=/u/mcgreer/pcache -best-effort \
+#	-always-use-cache-dir $(CC)
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#EXTRA_SHARED_LIBS += \
+#	-L/usr/lib \
+#	-lposix4 \
+#	$(NULL)
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+include ../platrules.mk
--- a/mozilla/security/nss/cmd/bltest/blapitest.c
+++ b/mozilla/security/nss/cmd/bltest/blapitest.c
--- a/mozilla/security/nss/cmd/bltest/manifest.mn
+++ b/mozilla/security/nss/cmd/bltest/manifest.mn
@@ -0,0 +1,52 @@
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+CORE_DEPTH = ../../..
+
+MODULE = security
+
+REQUIRES = seccmd dbm
+
+PROGRAM = bltest
+
+ USE_STATIC_LIBS = 1
+
+EXPORTS = \
+	$(NULL)
+
+PRIVATE_EXPORTS = \
+	$(NULL)
+
+CSRCS = \
+	blapitest.c \
+	$(NULL)
+
--- a/mozilla/security/nss/cmd/bltest/tests/README
+++ b/mozilla/security/nss/cmd/bltest/tests/README
@@ -0,0 +1,26 @@
+This directory contains a set of tests for each cipher supported by BLAPI.  Each subdirectory contains known plaintext and ciphertext pairs (and keys and/or iv's if needed).  The tests can be run as a full set with:
+bltest -T
+or as subsets, for example:
+bltest -T des_ecb rc2 rsa
+
+In each subdirectory, the plaintext, key, and iv are ascii, and treated as such.  The ciphertext is base64-encoded to avoid the hassle of binary files.
+
+To add a test, incremement the value in the numtests file.  Create a plaintext, key, and iv file, such that the name of the file is incrememted one from the last set of tests.  For example, if you are adding the second test, put your data in files named plaintext1, key1, and iv1 (ignoring key and iv if they are not needed, of course).  Make sure your key and iv are the correct number of bytes for your cipher (a trailing \n is okay, but any other trailing bytes will be used!).  Once you have your input data, create output data by running bltest on a trusted implementation.  For example, for a new DES ECB test, run
+bltest -E -m des_ecb -i plaintext1 -k key1 -o ciphertext1 -a
+in the tests/des_ecb directory.  Then run
+bltest -T des_ecb
+from the cmd/bltest directory in the tree of the implementation you want to test.
+
+Note that the -a option above is important, it tells bltest to expect the input to be straight ASCII, and not base64 encoded binary!
+
+Special cases:
+
+RC5:
+RC5 can take additional parameters, the number of rounds to perform and the wordsize to use.  The number of rounds is between is between 0 and 255, and the wordsize is either is either 16, 32, or 64 bits (at this time only 32-bit is supported).  These parameters are specified in a paramsN file, where N is an index as above.  The format of the file is "rounds=R\nwordsize=W\n".
+
+public key modes (RSA and DSA):
+Asymmetric key ciphers use keys with special properties, so creating a key file with "Mozilla!" in it will not get you very far!  To create a public key, run bltest with the plaintext you want to encrypt, using a trusted implementation.  bltest will generate a key and store it in "tmp.key", rename that file to keyN.  For example:
+bltest -E -m rsa -i plaintext0 -o ciphertext0 -e 65537 -g 32 -a
+mv tmp.key key0
+
+[note: specifying a keysize (-g) when using RSA is important!]
--- a/mozilla/security/nss/cmd/bltest/tests/aes_cbc/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/aes_cbc/numtests
@@ -0,0 +1 @@
+0
--- a/mozilla/security/nss/cmd/bltest/tests/aes_ecb/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/aes_ecb/numtests
@@ -0,0 +1 @@
+0
--- a/mozilla/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_cbc/ciphertext0
@@ -0,0 +1 @@
+KV3MDNGKWOc=
--- a/mozilla/security/nss/cmd/bltest/tests/des3_cbc/iv0
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_cbc/iv0
@@ -0,0 +1 @@
+12345678
--- a/mozilla/security/nss/cmd/bltest/tests/des3_cbc/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_cbc/key0
@@ -0,0 +1 @@
+abcdefghijklmnopqrstuvwx
--- a/mozilla/security/nss/cmd/bltest/tests/des3_cbc/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_cbc/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/des3_cbc/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_ecb/ciphertext0
@@ -0,0 +1 @@
+RgckVNh4QcM=
--- a/mozilla/security/nss/cmd/bltest/tests/des3_ecb/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_ecb/key0
@@ -0,0 +1 @@
+abcdefghijklmnopqrstuvwx
--- a/mozilla/security/nss/cmd/bltest/tests/des3_ecb/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_ecb/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/des3_ecb/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des3_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/des_cbc/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des_cbc/ciphertext0
@@ -0,0 +1 @@
+Perdg9FMYQ4=
--- a/mozilla/security/nss/cmd/bltest/tests/des_cbc/iv0
+++ b/mozilla/security/nss/cmd/bltest/tests/des_cbc/iv0
@@ -0,0 +1 @@
+12345678
--- a/mozilla/security/nss/cmd/bltest/tests/des_cbc/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/des_cbc/key0
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/des_cbc/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/des_cbc/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/des_cbc/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/des_ecb/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des_ecb/ciphertext0
@@ -0,0 +1 @@
+3bNoWzzNiFc=
--- a/mozilla/security/nss/cmd/bltest/tests/des_ecb/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/des_ecb/key0
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/des_ecb/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/des_ecb/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/des_ecb/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/des_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/dsa/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/dsa/ciphertext0
@@ -0,0 +1 @@
+fB0bnKWvjT6X5NIkZ5l/Y/DXZ6QNI6j0iPhR/ZERkfj67xRnTWY1cg==
--- a/mozilla/security/nss/cmd/bltest/tests/dsa/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/dsa/key0
@@ -0,0 +1,6 @@
+AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s
+Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA
+Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc
+xC6fb0ZLCIzFcq9T5teIAgAAAEAZExhx11sWEqgZ8p140bDXNG96p3u2KoWb/WxW
+ddqdIS06Nu8Wcu9mC4x8JVzA7HSFj7oz9EwGaZYwp2sDDuMzAAAAFCBwsyI9ujcv
+3hwP/HsuO0mLJgYU
--- a/mozilla/security/nss/cmd/bltest/tests/dsa/keyseed0
+++ b/mozilla/security/nss/cmd/bltest/tests/dsa/keyseed0
@@ -0,0 +1 @@
+AAAAAAAAAAAAAAAAAAAAAAAAAAA=
--- a/mozilla/security/nss/cmd/bltest/tests/dsa/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/dsa/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/dsa/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/dsa/plaintext0
@@ -0,0 +1 @@
+qZk+NkcGgWq6PiVxeFDCbJzQ2J0=
--- a/mozilla/security/nss/cmd/bltest/tests/dsa/pqg0
+++ b/mozilla/security/nss/cmd/bltest/tests/dsa/pqg0
@@ -0,0 +1,4 @@
+AAAAQI3ypJRJInaqPSV1m7BoacvqwNg6+40M98u4Mk8NeILl0HYvxbchDq/C6a2s
+Mqt6rElpPfv4NyTC7Ac27jHIApEAAAAUx3MhjHN+yO6ZO08t7TD0jtrOkV8AAABA
+Ym0CeDnqChNBMWOlW0y1ACmdVSKVbO/LO/8Q85nOLC5xy53l+iS6v1jlt5Uhklyc
+xC6fb0ZLCIzFcq9T5teIAg==
--- a/mozilla/security/nss/cmd/bltest/tests/dsa/sigseed0
+++ b/mozilla/security/nss/cmd/bltest/tests/dsa/sigseed0
@@ -0,0 +1 @@
+aHpm2QZI+ZOGfhIfTd+d2wEgVYQ=
--- a/mozilla/security/nss/cmd/bltest/tests/md2/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/md2/ciphertext0
@@ -0,0 +1 @@
+CS/UNcrWhB5Knt7Gf8Tz3Q==
--- a/mozilla/security/nss/cmd/bltest/tests/md2/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/md2/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/md2/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/md2/plaintext0
@@ -0,0 +1 @@
+16-bytes to MD2.
--- a/mozilla/security/nss/cmd/bltest/tests/md5/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/md5/ciphertext0
@@ -0,0 +1 @@
+XN8lnQuWAiMqmSGfvd8Hdw==
--- a/mozilla/security/nss/cmd/bltest/tests/md5/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/md5/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/md5/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/md5/plaintext0
@@ -0,0 +1 @@
+63-byte input to MD5 can be a bit tricky, but no problems here.
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/ciphertext0
@@ -0,0 +1 @@
+3ki6eVsWpY8=
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/iv0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/iv0
@@ -0,0 +1 @@
+12345678
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/key0
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/ciphertext0
@@ -0,0 +1 @@
+WT+tc4fANhQ=
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/key0
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc2_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/rc4/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc4/ciphertext0
@@ -0,0 +1 @@
+34sTZJtr20k=
--- a/mozilla/security/nss/cmd/bltest/tests/rc4/ciphertext1
+++ b/mozilla/security/nss/cmd/bltest/tests/rc4/ciphertext1
@@ -0,0 +1 @@
+34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M=
--- a/mozilla/security/nss/cmd/bltest/tests/rc4/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc4/key0
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/rc4/key1
+++ b/mozilla/security/nss/cmd/bltest/tests/rc4/key1
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/rc4/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/rc4/numtests
@@ -0,0 +1 @@
+2
--- a/mozilla/security/nss/cmd/bltest/tests/rc4/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc4/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/rc4/plaintext1
+++ b/mozilla/security/nss/cmd/bltest/tests/rc4/plaintext1
@@ -0,0 +1 @@
+Mozilla!Mozilla!Mozilla!Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/ciphertext0
@@ -0,0 +1 @@
+qsv4Fn2J6d0=
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/iv0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/iv0
@@ -0,0 +1 @@
+12345678
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/key0
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/params0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/params0
@@ -0,0 +1,2 @@
+rounds=10
+wordsize=4
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_cbc/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/ciphertext0
@@ -0,0 +1 @@
+4ZKK/1v5Ohc=
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/key0
@@ -0,0 +1 @@
+zyxwvuts
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/params0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/params0
@@ -0,0 +1,2 @@
+rounds=10
+wordsize=4
--- a/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rc5_ecb/plaintext0
@@ -0,0 +1 @@
+Mozilla!
--- a/mozilla/security/nss/cmd/bltest/tests/rsa/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rsa/ciphertext0
@@ -0,0 +1 @@
+qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as=
--- a/mozilla/security/nss/cmd/bltest/tests/rsa/key0
+++ b/mozilla/security/nss/cmd/bltest/tests/rsa/key0
@@ -0,0 +1,4 @@
+AAAAAAAAACC5lyu2K2ro8YGnvOCKaL1sFX1HEIblIVbuMXsa8oeFSwAAAAERAAAA
+IBXVjKwFG6LvPG4WOIjBBzmxGNpkQwDs3W5qZcXVzqahAAAAEOEOH/WnhZCJyM39
+oNfhf18AAAAQ0xvmxqXXs3L62xxogUl9lQAAABAaeiHgqkvy4wiQtG1Gkv/tAAAA
+EMaw2TNu6SFdKFXAYluQdjEAAAAQi0u+IlgKCt/hatGAsTrfzQ==
--- a/mozilla/security/nss/cmd/bltest/tests/rsa/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/rsa/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/rsa/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/rsa/plaintext0
@@ -0,0 +1 @@
+512bitsforRSAPublicKeyEncryption
--- a/mozilla/security/nss/cmd/bltest/tests/sha1/ciphertext0
+++ b/mozilla/security/nss/cmd/bltest/tests/sha1/ciphertext0
@@ -0,0 +1 @@
+cDSMAygXMPIJZC5bntZ4ZhecQ9g=
--- a/mozilla/security/nss/cmd/bltest/tests/sha1/numtests
+++ b/mozilla/security/nss/cmd/bltest/tests/sha1/numtests
@@ -0,0 +1 @@
+1
--- a/mozilla/security/nss/cmd/bltest/tests/sha1/plaintext0
+++ b/mozilla/security/nss/cmd/bltest/tests/sha1/plaintext0
@@ -0,0 +1 @@
+A cage went in search of a bird.
--- a/mozilla/security/nss/cmd/btoa/Makefile
+++ b/mozilla/security/nss/cmd/btoa/Makefile
@@ -0,0 +1,75 @@
+#! gmake
+# 
+# The contents of this file are subject to the Mozilla Public
+# License Version 1.1 (the "License"); you may not use this file
+# except in compliance with the License. You may obtain a copy of
+# the License at http://www.mozilla.org/MPL/
+# 
+# Software distributed under the License is distributed on an "AS
+# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# rights and limitations under the License.
+# 
+# The Original Code is the Netscape security libraries.
+# 
+# The Initial Developer of the Original Code is Netscape
+# Communications Corporation.  Portions created by Netscape are 
+# Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+# Rights Reserved.
+# 
+# Contributor(s):
+# 
+# Alternatively, the contents of this file may be used under the
+# terms of the GNU General Public License Version 2 or later (the
+# "GPL"), in which case the provisions of the GPL are applicable 
+# instead of those above.  If you wish to allow use of your 
+# version of this file only under the terms of the GPL and not to
+# allow others to use your version of this file under the MPL,
+# indicate your decision by deleting the provisions above and
+# replace them with the notice and other provisions required by
+# the GPL.  If you do not delete the provisions above, a recipient
+# may use your version of this file under either the MPL or the
+# GPL.
+#
+
+#######################################################################
+# (1) Include initial platform-independent assignments (MANDATORY).   #
+#######################################################################
+
+include manifest.mn
+
+#######################################################################
+# (2) Include "global" configuration information. (OPTIONAL)          #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/config.mk
+
+#######################################################################
+# (3) Include "component" configuration information. (OPTIONAL)       #
+#######################################################################
+
+#######################################################################
+# (4) Include "local" platform-dependent assignments (OPTIONAL).      #
+#######################################################################
+
+include ../platlibs.mk
+
+#######################################################################
+# (5) Execute "global" rules. (OPTIONAL)                              #
+#######################################################################
+
+include $(CORE_DEPTH)/coreconf/rules.mk
+
+#######################################################################
+# (6) Execute "component" rules. (OPTIONAL)                           #
+#######################################################################
+
+
+
+#######################################################################
+# (7) Execute "local" rules. (OPTIONAL).                              #
+#######################################################################
+
+
+include ../platrules.mk
+
--- a/mozilla/security/nss/cmd/btoa/btoa.c
+++ b/mozilla/security/nss/cmd/btoa/btoa.c
@@ -0,0 +1,196 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#include "plgetopt.h"
+#include "secutil.h"
+#include "nssb64.h"
+#include <errno.h>
+
+#if defined(XP_WIN) || (defined(__sun) && !defined(SVR4))
+#if !defined(WIN32)
+extern int fread(char *, size_t, size_t, FILE*);
+extern int fwrite(char *, size_t, size_t, FILE*);
+extern int fprintf(FILE *, char *, ...);
+#endif
+#endif
+
+#if defined(WIN32)
+#include "fcntl.h"
+#include "io.h"
+#endif
+
+static PRInt32 
+output_ascii (void *arg, const char *obuf, PRInt32 size)
+{
+    FILE *outFile = arg;
+    int nb;
+
+    nb = fwrite(obuf, 1, size, outFile);
+    if (nb != size) {
+	PORT_SetError(SEC_ERROR_IO);
+	return -1;
+    }
+
+    return nb;
+}
+
+static SECStatus
+encode_file(FILE *outFile, FILE *inFile)
+{
+    NSSBase64Encoder *cx;
+    int nb;
+    SECStatus status = SECFailure;
+    unsigned char ibuf[4096];
+
+    cx = NSSBase64Encoder_Create(output_ascii, outFile);
+    if (!cx) {
+	return -1;
+    }
+
+    for (;;) {
+	if (feof(inFile)) break;
+	nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+	if (nb != sizeof(ibuf)) {
+	    if (nb == 0) {
+		if (ferror(inFile)) {
+		    PORT_SetError(SEC_ERROR_IO);
+		    goto loser;
+		}
+		/* eof */
+		break;
+	    }
+	}
+
+	status = NSSBase64Encoder_Update(cx, ibuf, nb);
+	if (status != SECSuccess) goto loser;
+    }
+
+    status = NSSBase64Encoder_Destroy(cx, PR_FALSE);
+    if (status != SECSuccess)
+	return status;
+
+    /*
+     * Add a trailing CRLF.  Note this must be done *after* the call
+     * to Destroy above (because only then are we sure all data has
+     * been written out).
+     */
+    fwrite("\r\n", 1, 2, outFile);
+    return SECSuccess;
+
+  loser:
+    (void) NSSBase64Encoder_Destroy(cx, PR_TRUE);
+    return status;
+}
+
+static void Usage(char *progName)
+{
+    fprintf(stderr,
+	    "Usage: %s [-i input] [-o output]\n",
+	    progName);
+    fprintf(stderr, "%-20s Define an input file to use (default is stdin)\n",
+	    "-i input");
+    fprintf(stderr, "%-20s Define an output file to use (default is stdout)\n",
+	    "-o output");
+    exit(-1);
+}
+
+int main(int argc, char **argv)
+{
+    char *progName;
+    SECStatus rv;
+    FILE *inFile, *outFile;
+    PLOptState *optstate;
+    PLOptStatus status;
+
+    inFile = 0;
+    outFile = 0;
+    progName = strrchr(argv[0], '/');
+    if (!progName)
+	progName = strrchr(argv[0], '\\');
+    progName = progName ? progName+1 : argv[0];
+
+    /* Parse command line arguments */
+    optstate = PL_CreateOptState(argc, argv, "i:o:");
+    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
+	switch (optstate->option) {
+	  default:
+	    Usage(progName);
+	    break;
+
+	  case 'i':
+	    inFile = fopen(optstate->value, "rb");
+	    if (!inFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for reading\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+
+	  case 'o':
+	    outFile = fopen(optstate->value, "w");
+	    if (!outFile) {
+		fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
+			progName, optstate->value);
+		return -1;
+	    }
+	    break;
+	}
+    }
+    if (status == PL_OPT_BAD)
+	Usage(progName);
+    if (!inFile) {
+#if defined(WIN32)
+	/* If we're going to read binary data from stdin, we must put stdin
+	** into O_BINARY mode or else incoming \r\n's will become \n's.
+	*/
+
+	int smrv = _setmode(_fileno(stdin), _O_BINARY);
+	if (smrv == -1) {
+	    fprintf(stderr,
+	    "%s: Cannot change stdin to binary mode. Use -i option instead.\n",
+	            progName);
+	    return smrv;
+	}
+#endif
+    	inFile = stdin;
+    }
+    if (!outFile) 
+    	outFile = stdout;
+    rv = encode_file(outFile, inFile);
+    if (rv != SECSuccess) {
+	fprintf(stderr, "%s: lossage: error=%d errno=%d\n",
+		progName, PORT_GetError(), errno);
+	return -1;
+    }
+    return 0;
+}
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`fB0bnKWvjT6X5NIkZ5l/Y/DXZ6QNI6j0iPhR/ZERkfj67xRnTWY1cg==`
				`@@ -0,0 +1 @@`
				`63-byte input to MD5 can be a bit tricky, but no problems here.`
				`@@ -0,0 +1 @@`
				`34sTZJtr20nGP6VxS3BIBxxIYm6QGIa1rehFHn51z9M=`
				`@@ -0,0 +1 @@`
				`qPVrXv0y3SC5rY44bIi6GE4Aec8uDpHH7/cCg0FU5as=`