kssladm_create.c revision 164c0dd6f561db19bdaf1d0b7f2a8dec44355b69
c28749e97052f09388969427adf7df641cdcdc22kais * CDDL HEADER START
c28749e97052f09388969427adf7df641cdcdc22kais * The contents of this file are subject to the terms of the
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * Common Development and Distribution License (the "License").
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * You may not use this file except in compliance with the License.
c28749e97052f09388969427adf7df641cdcdc22kais * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c28749e97052f09388969427adf7df641cdcdc22kais * See the License for the specific language governing permissions
c28749e97052f09388969427adf7df641cdcdc22kais * and limitations under the License.
c28749e97052f09388969427adf7df641cdcdc22kais * When distributing Covered Code, include this CDDL HEADER in each
c28749e97052f09388969427adf7df641cdcdc22kais * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c28749e97052f09388969427adf7df641cdcdc22kais * If applicable, add the following below this CDDL HEADER, with the
c28749e97052f09388969427adf7df641cdcdc22kais * fields enclosed by brackets "[]" replaced with your own identifying
c28749e97052f09388969427adf7df641cdcdc22kais * information: Portions Copyright [yyyy] [name of copyright owner]
c28749e97052f09388969427adf7df641cdcdc22kais * CDDL HEADER END
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
c28749e97052f09388969427adf7df641cdcdc22kais * Use is subject to license terms.
c28749e97052f09388969427adf7df641cdcdc22kais#pragma ident "%Z%%M% %I% %E% SMI"
c28749e97052f09388969427adf7df641cdcdc22kais " -f pkcs11 [-d softtoken_directory] -T <token_label>"
c28749e97052f09388969427adf7df641cdcdc22kais " -C <certificate_label> -x <proxy_port>"
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna " [-h <ca_certchain_file>]"
c28749e97052f09388969427adf7df641cdcdc22kais " [options] [<server_address>] [<server_port>]\n");
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna " -f pkcs12 -i <cert_and_key_pk12file> -x <proxy_port>"
c28749e97052f09388969427adf7df641cdcdc22kais " [options] [<server_address>] [<server_port>]\n");
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna " -f pem -i <cert_and_key_pemfile> -x <proxy_port>"
c28749e97052f09388969427adf7df641cdcdc22kais " [options] [<server_address>] [<server_port>]\n");
c28749e97052f09388969427adf7df641cdcdc22kais "\t[-c <ciphersuites>]\n"
c28749e97052f09388969427adf7df641cdcdc22kais "\t[-p <password_file>]\n"
c28749e97052f09388969427adf7df641cdcdc22kais "\t[-t <ssl_session_cache_timeout>]\n"
c28749e97052f09388969427adf7df641cdcdc22kais "\t[-z <ssl_session_cache_size>]\n"
c28749e97052f09388969427adf7df641cdcdc22kais "\t[-v]\n");
c28749e97052f09388969427adf7df641cdcdc22kaisget_cert_val(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE cert_obj, int *len)
c28749e97052f09388969427adf7df641cdcdc22kais /* the certs ... */
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
c28749e97052f09388969427adf7df641cdcdc22kais * Everything is allocated in one single contiguous buffer.
c28749e97052f09388969427adf7df641cdcdc22kais * The layout is the following:
c28749e97052f09388969427adf7df641cdcdc22kais * . the kssl_params_t structure
c28749e97052f09388969427adf7df641cdcdc22kais * . the array of key attribute structs, (value of ck_attrs)
c28749e97052f09388969427adf7df641cdcdc22kais * . the key attributes values (values of ck_attrs[i].ck_value);
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * . the array of sizes of the certificates, (referred to as sc_sizes[])
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * . the certificates values (referred to as sc_certs[])
c28749e97052f09388969427adf7df641cdcdc22kais * The address of the certs and key attributes values are offsets
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * from the beginning of the big buffer. sc_sizes_offset points
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * to sc_sizes[0] and sc_certs_offset points to sc_certs[0].
c28749e97052f09388969427adf7df641cdcdc22kaispkcs11_to_kssl(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE privkey_obj,
c28749e97052f09388969427adf7df641cdcdc22kais /* the certs ... */
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
c28749e97052f09388969427adf7df641cdcdc22kais /* Get the sizes */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna bufsize += cert_size + MAX_CHAIN_LENGTH * sizeof (uint32_t);
c28749e97052f09388969427adf7df641cdcdc22kais /* and the required key attributes */
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetAttributeValue(sess, privkey_obj, privkey_attrs,
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get private key object attributes. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais for (i = 0; i < REQ_ATTR_CNT; i++) {
c28749e97052f09388969427adf7df641cdcdc22kais * Get the optional key attributes. The return values could be
c28749e97052f09388969427adf7df641cdcdc22kais * CKR_ATTRIBUTE_TYPE_INVALID with ulValueLen set to -1 OR
c28749e97052f09388969427adf7df641cdcdc22kais * CKR_OK with ulValueLen set to 0. The latter is done by
c28749e97052f09388969427adf7df641cdcdc22kais * soft token and seems dubious.
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetAttributeValue(sess, privkey_obj, privkey_opt_attrs,
c28749e97052f09388969427adf7df641cdcdc22kais if (rv != CKR_OK && rv != CKR_ATTRIBUTE_TYPE_INVALID) {
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get private key object attributes. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais for (i = 0; i < OPT_ATTR_CNT; i++) {
c28749e97052f09388969427adf7df641cdcdc22kais /* Structure copy */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna /* Add 4-byte cushion as sc_sizes[0] needs 32-bit aligment */
c28749e97052f09388969427adf7df641cdcdc22kais /* Now the big memory allocation */
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot allocate memory for the kssl_params "
c28749e97052f09388969427adf7df641cdcdc22kais "and values\n");
c28749e97052f09388969427adf7df641cdcdc22kais /* LINTED */
c28749e97052f09388969427adf7df641cdcdc22kais /* the keys attributes structs array */
c28749e97052f09388969427adf7df641cdcdc22kais /* then the attributes values */
c28749e97052f09388969427adf7df641cdcdc22kais for (i = 0; i < attr_cnt; i++) {
c28749e97052f09388969427adf7df641cdcdc22kais * We assume the attribute types in the kernel are
c28749e97052f09388969427adf7df641cdcdc22kais * the same as the PKCS #11 values.
c28749e97052f09388969427adf7df641cdcdc22kais kssl_attrs[i].ka_value_offset = buf - (char *)kssl_params;
c28749e97052f09388969427adf7df641cdcdc22kais kssl_attrs[i].ka_value_len = privkey_attrs[i].ulValueLen;
c28749e97052f09388969427adf7df641cdcdc22kais /* then the key attributes values */
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetAttributeValue(sess, privkey_obj, privkey_attrs, attr_cnt);
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get private key object attributes."
c28749e97052f09388969427adf7df641cdcdc22kais bcopy(kssl_attrs, ((char *)kssl_params) + key->ks_attrs_offset,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna buf = (char *)P2ROUNDUP((uintptr_t)buf, sizeof (uint32_t));
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna kssl_params->kssl_certs.sc_sizes_offset = buf - (char *)kssl_params;
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna /* now the certs values */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna kssl_params->kssl_certs.sc_certs_offset = buf - (char *)kssl_params;
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna rv = C_GetAttributeValue(sess, cert_obj, cert_attrs, 1);
c28749e97052f09388969427adf7df641cdcdc22kaisload_from_pkcs11(const char *token_label, const char *password_file,
c28749e97052f09388969427adf7df641cdcdc22kais {CKA_TOKEN, &true, sizeof (true)},
c28749e97052f09388969427adf7df641cdcdc22kais static CK_OBJECT_CLASS privkey_class = CKO_PRIVATE_KEY;
c28749e97052f09388969427adf7df641cdcdc22kais {CKA_TOKEN, &true, sizeof (true)},
c28749e97052f09388969427adf7df641cdcdc22kais CK_ULONG privkey_tmpl_count = 4, privkey_obj_count = 1;
c28749e97052f09388969427adf7df641cdcdc22kais char token_label_padded[sizeof (token_info.label) + 1];
c28749e97052f09388969427adf7df641cdcdc22kais (void) snprintf(token_label_padded, sizeof (token_label_padded),
c28749e97052f09388969427adf7df641cdcdc22kais if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) {
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot initialize PKCS#11. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais /* Get slot count */
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get PKCS#11 slot list. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get PKCS#11 slot list. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais /* Search the token that matches the label */
c28749e97052f09388969427adf7df641cdcdc22kais while (slotcnt > 0) {
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetTokenInfo(pk11_slots[--slotcnt], &token_info);
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "no matching PKCS#11 token found\n");
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_OpenSession(slot, CKF_SERIAL_SESSION, NULL_PTR, NULL_PTR,
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "Cannot open session. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_FindObjectsInit(sess, cert_tmpl, cert_tmpl_count);
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna "Cannot initialize cert search."
c28749e97052f09388969427adf7df641cdcdc22kais (certname == NULL ? 1 : max_num_cert), &cert_obj_count);
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot retrieve cert object. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais /* Who cares if this fails! */
c28749e97052f09388969427adf7df641cdcdc22kais (void) printf("found %ld certificates\n", cert_obj_count);
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "\"%s\" not found.\n", certname);
c28749e97052f09388969427adf7df641cdcdc22kais /* Get the modulus value from the certificate */
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get certificate data for \"%s\".\n", certname);
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get Modulus in certificate \"%s\".\n", certname);
c28749e97052f09388969427adf7df641cdcdc22kais /* Now get the private key */
c28749e97052f09388969427adf7df641cdcdc22kais /* Gotta authenticate first if login is required. */
c28749e97052f09388969427adf7df641cdcdc22kais if (ulPinLen == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_Login(sess, CKU_USER, (CK_UTF8CHAR_PTR)passphrase,
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_FindObjectsInit(sess, privkey_tmpl, privkey_tmpl_count);
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "Cannot intialize private key search."
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_FindObjects(sess, &privkey_obj, 1, &privkey_obj_count);
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "Cannot retrieve private key object "
c28749e97052f09388969427adf7df641cdcdc22kais /* Who cares if this fails! */
c28749e97052f09388969427adf7df641cdcdc22kais (void) printf("found %ld private keys\n", privkey_obj_count);
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_GetAttributeValue(sess, privkey_obj, privkey_attrs, 1);
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot get private key object attributes."
c28749e97052f09388969427adf7df641cdcdc22kais /* Now wrap the key, then unwrap it */
c28749e97052f09388969427adf7df641cdcdc22kais 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16};
c28749e97052f09388969427adf7df641cdcdc22kais 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
c28749e97052f09388969427adf7df641cdcdc22kais CK_MECHANISM aes_cbc_pad_mech = {CKM_AES_CBC_PAD, aes_param, 16};
c28749e97052f09388969427adf7df641cdcdc22kais {CKA_TOKEN, &false, sizeof (false)},
c28749e97052f09388969427adf7df641cdcdc22kais {CKA_SENSITIVE, &false, sizeof (false)},
c28749e97052f09388969427adf7df641cdcdc22kais {CKA_PRIVATE, &false, sizeof (false)}
c28749e97052f09388969427adf7df641cdcdc22kais rv = SUNW_C_KeyToObject(sess, CKM_AES_CBC_PAD, aes_key_val, 16,
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot create wrapping key. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais /* get the size of the wrapped key */
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_WrapKey(sess, &aes_cbc_pad_mech, aes_key_obj, privkey_obj,
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "Cannot get key size. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais wrapped_privkey = malloc(wrapped_privkey_len * sizeof (CK_BYTE));
c28749e97052f09388969427adf7df641cdcdc22kais /* do the actual key wrapping */
c28749e97052f09388969427adf7df641cdcdc22kais rv = C_WrapKey(sess, &aes_cbc_pad_mech, aes_key_obj, privkey_obj,
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "Cannot wrap private key. error = %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais "wrapped blob length: %ld\n",
c28749e97052f09388969427adf7df641cdcdc22kais (void) printf("session private key successfully unwrapped\n");
c28749e97052f09388969427adf7df641cdcdc22kais return (pkcs11_to_kssl(sess, sess_privkey_obj, cert_obj, bufsize));
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * See the comments for pkcs11_to_kssl() for the layout of the
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * returned buffer.
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishnaopenssl_to_kssl(RSA *rsa, int ncerts, uchar_t *cert_bufs[], int *cert_sizes,
c28749e97052f09388969427adf7df641cdcdc22kais kssl_object_attribute_t kssl_tmpl_attrs[MAX_ATTR_CNT] = {
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna for (i = 0; i < ncerts; i++)
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna bufsize += (tcsize + MAX_CHAIN_LENGTH * sizeof (uint32_t));
c28749e97052f09388969427adf7df641cdcdc22kais /* and the key attributes */
c28749e97052f09388969427adf7df641cdcdc22kais "missing required attributes in private key.\n");
c28749e97052f09388969427adf7df641cdcdc22kais for (i = 0; i < MAX_ATTR_CNT; i++) {
c28749e97052f09388969427adf7df641cdcdc22kais kssl_attrs[attr_cnt].ka_type = kssl_tmpl_attrs[i].ka_type;
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna /* Add 4-byte cushion as sc_sizes[0] needs 32-bit aligment */
c28749e97052f09388969427adf7df641cdcdc22kais /* Now the big memory allocation */
c28749e97052f09388969427adf7df641cdcdc22kais "Cannot allocate memory for the kssl_params "
c28749e97052f09388969427adf7df641cdcdc22kais "and values\n");
c28749e97052f09388969427adf7df641cdcdc22kais /* LINTED */
c28749e97052f09388969427adf7df641cdcdc22kais /* the keys attributes structs array */
c28749e97052f09388969427adf7df641cdcdc22kais /* then the key attributes values */
c28749e97052f09388969427adf7df641cdcdc22kais for (i = 0; i < MAX_ATTR_CNT; i++) {
c28749e97052f09388969427adf7df641cdcdc22kais (void) BN_bn2bin(priv_key_bignums[i], (unsigned char *)buf);
c28749e97052f09388969427adf7df641cdcdc22kais bcopy(kssl_attrs, ((char *)kssl_params) + key->ks_attrs_offset,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna buf = (char *)P2ROUNDUP((uintptr_t)buf, sizeof (uint32_t));
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna kssl_params->kssl_certs.sc_sizes_offset = buf - (char *)kssl_params;
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna kssl_params->kssl_certs.sc_certs_offset = buf - (char *)kssl_params;
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna /* now the certs values */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna for (i = 0; i < ncerts; i++) {
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishnaadd_cacerts(kssl_params_t *old_params, const char *cacert_chain_file,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna cert_bufs = PEM_get_rsa_key_certs(cacert_chain_file,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna (void) printf("%d certificates read successfully\n", ncerts);
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna for (i = 0; i < ncerts; i++)
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * Get a bigger structure and update the
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna * fields to account for the additional certs.
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna /* Put the cert_sizes starting from sc_sizes[1] */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna /* Put the cert_bufs starting from sc_certs[1] */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna /* now the certs values */
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna for (i = 0; i < ncerts; i++) {
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna for (i = 0; i < ncerts; i++)
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishnaload_from_pem(const char *filename, const char *password_file, int *paramsize)
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna cert_bufs = PEM_get_rsa_key_certs(filename, (char *)password_file,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna if (rsa == NULL || cert_bufs == NULL || ncerts == 0) {
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna (void) printf("%d certificates read successfully\n", ncerts);
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna kssl_params = openssl_to_kssl(rsa, ncerts, cert_bufs,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna for (i = 0; i < ncerts; i++)
c28749e97052f09388969427adf7df641cdcdc22kaisload_from_pkcs12(const char *filename, const char *password_file,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna cert_bufs = PKCS12_get_rsa_key_certs(filename, password_file, &rsa,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna (void) printf("%d certificates read successfully\n", ncerts);
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna kssl_params = openssl_to_kssl(rsa, ncerts, cert_bufs,
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna for (i = 0; i < ncerts; i++)
c28749e97052f09388969427adf7df641cdcdc22kaisparse_and_set_addr(char *server_address, char *server_port,
c28749e97052f09388969427adf7df641cdcdc22kais return (-1);
c28749e97052f09388969427adf7df641cdcdc22kais "Error: Unknown host: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais return (-1);
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "Error: Invalid Port value: %s\n",
c28749e97052f09388969427adf7df641cdcdc22kais return (-1);
c28749e97052f09388969427adf7df641cdcdc22kais return (0);
c28749e97052f09388969427adf7df641cdcdc22kais * The order of the ciphers is important. It is used as the
c28749e97052f09388969427adf7df641cdcdc22kais * default order (when -c is not specified).
c28749e97052f09388969427adf7df641cdcdc22kais const char *suite;
c28749e97052f09388969427adf7df641cdcdc22kais {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA, B_FALSE},
c28749e97052f09388969427adf7df641cdcdc22kais {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5, B_FALSE},
c28749e97052f09388969427adf7df641cdcdc22kais {"rsa_3des_ede_cbc_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA, B_FALSE},
c28749e97052f09388969427adf7df641cdcdc22kais {"rsa_des_cbc_sha", SSL_RSA_WITH_DES_CBC_SHA, B_FALSE},
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna while ((c = getopt(argc, argv, "vT:d:f:h:i:p:c:C:t:x:z:")) != -1) {
c28749e97052f09388969427adf7df641cdcdc22kais switch (c) {
c28749e97052f09388969427adf7df641cdcdc22kais if (pcnt == 0) {
c28749e97052f09388969427adf7df641cdcdc22kais if (parse_and_set_addr(addr, port, &server_addr) < 0) {
c28749e97052f09388969427adf7df641cdcdc22kais inet_ntoa(server_addr.sin_addr), server_addr.sin_port);
c28749e97052f09388969427adf7df641cdcdc22kais "SOFTTOKEN_DIR=%s\n",
c28749e97052f09388969427adf7df641cdcdc22kais (void) fprintf(stderr, "Unsupported cert format: %s\n", format);
c28749e97052f09388969427adf7df641cdcdc22kais if (check_suites(suites, kssl_params->kssl_suites) != 0)
164c0dd6f561db19bdaf1d0b7f2a8dec44355b69krishna kssl_params = add_cacerts(kssl_params, cacert_chain_file,
c28749e97052f09388969427adf7df641cdcdc22kais if (kssl_send_command((char *)kssl_params, KSSL_ADD_ENTRY) < 0) {