83 lines
2.6 KiB
Text
83 lines
2.6 KiB
Text
# AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
# Translators:
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: Defensive Coding Guide\n"
|
|
"POT-Creation-Date: 2013-03-12T03:19:44\n"
|
|
"PO-Revision-Date: 2013-03-19 15:33+0000\n"
|
|
"Last-Translator: Automatically generated\n"
|
|
"Language-Team: Tibetan <trans-bo@lists.fedoraproject.org>\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
"Language: bo\n"
|
|
"Plural-Forms: nplurals=1; plural=0;\n"
|
|
|
|
#. Tag: programlisting
|
|
#, no-c-format
|
|
msgid ""
|
|
"\n"
|
|
"PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);\n"
|
|
"NSSInitContext *const ctx =\n"
|
|
" NSS_InitContext(\"sql:/etc/pki/nssdb\", \"\", \"\", \"\", NULL,\n"
|
|
"\t\t NSS_INIT_READONLY | NSS_INIT_PK11RELOAD);\n"
|
|
"if (ctx == NULL) {\n"
|
|
" const PRErrorCode err = PR_GetError();\n"
|
|
" fprintf(stderr, \"error: NSPR error code %d: %s\n"
|
|
"\",\n"
|
|
"\t err, PR_ErrorToName(err));\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"\n"
|
|
"// Ciphers to enable.\n"
|
|
"static const PRUint16 good_ciphers[] = {\n"
|
|
" TLS_RSA_WITH_AES_128_CBC_SHA,\n"
|
|
" TLS_RSA_WITH_AES_256_CBC_SHA,\n"
|
|
" SSL_RSA_WITH_3DES_EDE_CBC_SHA,\n"
|
|
" SSL_NULL_WITH_NULL_NULL // sentinel\n"
|
|
"};\n"
|
|
"\n"
|
|
"// Check if the current policy allows any strong ciphers. If it\n"
|
|
"// doesn't, switch to the \"domestic\" (unrestricted) policy. This is\n"
|
|
"// not thread-safe and has global impact. Consequently, we only do\n"
|
|
"// it if absolutely necessary.\n"
|
|
"int found_good_cipher = 0;\n"
|
|
"for (const PRUint16 *p = good_ciphers; *p != SSL_NULL_WITH_NULL_NULL;\n"
|
|
" ++p) {\n"
|
|
" PRInt32 policy;\n"
|
|
" if (SSL_CipherPolicyGet(*p, &policy) != SECSuccess) {\n"
|
|
" const PRErrorCode err = PR_GetError();\n"
|
|
" fprintf(stderr, \"error: policy for cipher %u: error %d: %s\n"
|
|
"\",\n"
|
|
"\t (unsigned)*p, err, PR_ErrorToName(err));\n"
|
|
" exit(1);\n"
|
|
" }\n"
|
|
" if (policy == SSL_ALLOWED) {\n"
|
|
" fprintf(stderr, \"info: found cipher %x\n"
|
|
"\", (unsigned)*p);\n"
|
|
" found_good_cipher = 1;\n"
|
|
" break;\n"
|
|
" }\n"
|
|
"}\n"
|
|
"if (!found_good_cipher) {\n"
|
|
" if (NSS_SetDomesticPolicy() != SECSuccess) {\n"
|
|
" const PRErrorCode err = PR_GetError();\n"
|
|
" fprintf(stderr, \"error: NSS_SetDomesticPolicy: error %d: %s\n"
|
|
"\",\n"
|
|
"\t err, PR_ErrorToName(err));\n"
|
|
" exit(1);\n"
|
|
" }\n"
|
|
"}\n"
|
|
"\n"
|
|
"// Initialize the trusted certificate store.\n"
|
|
"char module_name[] = \"library=libnssckbi.so name=\\\"Root Certs\\\"\";\n"
|
|
"SECMODModule *module = SECMOD_LoadUserModule(module_name, NULL, PR_FALSE);\n"
|
|
"if (module == NULL || !module->loaded) {\n"
|
|
" const PRErrorCode err = PR_GetError();\n"
|
|
" fprintf(stderr, \"error: NSPR error code %d: %s\n"
|
|
"\",\n"
|
|
"\t err, PR_ErrorToName(err));\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
msgstr ""
|