"Nelson B. Bolyard" wrote:
>
> Inadequacies of SSL_SecurityStatus:
>
> 7. Returns a malloced ASCII string to identify the symmetric cipher used.
>
> - These strings are not localized (although it's not clear how to localize
> TLAs like RC2 and DES).
These strings don't need to be translated. They are morally equivalent
to the SSL3CipherAlgorithm enumeration constants in your proposal below.
But I agree that it's better to return numeric values as it saves a
malloc call and a free call (by the caller).
> Proposed new function and structure.
>
> The newly proposed function returns all info in a caller-supplied structure.
> The caller does not have to free any memory allocated by the function.
> No strings are returned. All values are numeric. Translating the returned
> numbers into strings is the responsibility of the calling application.
>
> typedef enum {
> ssl_calg_null = 0,
> ssl_calg_rc4 = 1,
> ssl_calg_rc2 = 2,
> ssl_calg_des = 3,
> cssl_alg_3des = 4,
> ssl_calg_idea = 5,
> ssl_calg_fortezza = 6, /* skipjack */
> ssl_calg_aes = 7 /* coming soon */
> } SSL3CipherAlgorithm;
>
> typedef struct SSLChannelInfoStr {
> PRUint16 version;
> PRUint16 cipherSuite;
> SSL3SignType authAlgorithm;
> PRUint32 authKeyBits;
> SSLKEAType keaType;
> PRUint32 keaKeyBits;
> SSL3CipherAlgorithm bulkCipher;
> PRUint16 effectiveKeyBits;
> SSL3MACAlgorithm macAlgorithm;
> PRUint16 macBits;
> } SSLChannelInfo;
>
> extern SECStatus SSL_GetChannelInfo(PRFileDesc *fd, SSLChannelInfo *info);
> Comments? Questions?
Should we make the interface flexible enough so that we can add
new members to the SSLChannelInfo structure in a future version?
Wan-Teh
