defensive-coding-guide/en-US/snippets/Features-TLS-Client-NSS-Connect.xml

<?xml version='1.0' encoding='utf-8' ?>
<!DOCTYPE programlisting PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
]>
<!-- Automatically generated file.  Do not edit. -->
<programlisting language="C">
// Wrap the POSIX file descriptor.  This is an internal NSPR
// function, but it is very unlikely to change.
PRFileDesc* nspr = PR_ImportTCPSocket(sockfd);
sockfd = -1; // Has been taken over by NSPR.

// Add the SSL layer.
{
  PRFileDesc *model = PR_NewTCPSocket();
  PRFileDesc *newfd = SSL_ImportFD(NULL, model);
  if (newfd == NULL) {
    const PRErrorCode err = PR_GetError();
    fprintf(stderr, "error: NSPR error code %d: %s\n",
	      err, PR_ErrorToName(err));
    exit(1);
  }
  model = newfd;
  newfd = NULL;
  if (SSL_OptionSet(model, SSL_ENABLE_SSL2, PR_FALSE) != SECSuccess) {
    const PRErrorCode err = PR_GetError();
    fprintf(stderr, "error: set SSL_ENABLE_SSL2 error %d: %s\n",
	      err, PR_ErrorToName(err));
    exit(1);
  }
  if (SSL_OptionSet(model, SSL_V2_COMPATIBLE_HELLO, PR_FALSE) != SECSuccess) {
    const PRErrorCode err = PR_GetError();
    fprintf(stderr, "error: set SSL_V2_COMPATIBLE_HELLO error %d: %s\n",
	      err, PR_ErrorToName(err));
    exit(1);
  }
  if (SSL_OptionSet(model, SSL_ENABLE_DEFLATE, PR_FALSE) != SECSuccess) {
    const PRErrorCode err = PR_GetError();
    fprintf(stderr, "error: set SSL_ENABLE_DEFLATE error %d: %s\n",
	      err, PR_ErrorToName(err));
    exit(1);
  }

  // Allow overriding invalid certificate.
  if (SSL_BadCertHook(model, bad_certificate, (char *)host) != SECSuccess) {
    const PRErrorCode err = PR_GetError();
    fprintf(stderr, "error: SSL_BadCertHook error %d: %s\n",
	      err, PR_ErrorToName(err));
    exit(1);
  }

  newfd = SSL_ImportFD(model, nspr);
  if (newfd == NULL) {
    const PRErrorCode err = PR_GetError();
    fprintf(stderr, "error: SSL_ImportFD error %d: %s\n",
	      err, PR_ErrorToName(err));
    exit(1);
  }
  nspr = newfd;
  PR_Close(model);
}

// Perform the handshake.
if (SSL_ResetHandshake(nspr, PR_FALSE) != SECSuccess) {
  const PRErrorCode err = PR_GetError();
  fprintf(stderr, "error: SSL_ResetHandshake error %d: %s\n",
	    err, PR_ErrorToName(err));
  exit(1);
}
if (SSL_SetURL(nspr, host) != SECSuccess) {
  const PRErrorCode err = PR_GetError();
  fprintf(stderr, "error: SSL_SetURL error %d: %s\n",
	    err, PR_ErrorToName(err));
  exit(1);
}
if (SSL_ForceHandshake(nspr) != SECSuccess) {
  const PRErrorCode err = PR_GetError();
  fprintf(stderr, "error: SSL_ForceHandshake error %d: %s\n",
	    err, PR_ErrorToName(err));
  exit(1);
}
</programlisting>