ssltyp.html 编辑

  • This page is part of the SSL Reference that we are migrating into the format described in the MDN Style Guide. If you are inclined to help with this migration, your help would be very much appreciated.

Selected SSL Types and Structures

 


Chapter 3 Selected SSL Types and Structures

This chapter describes some of the most important types and structures used with the functions described in the rest of this document, and how to manage the memory used for them. Additional types are described with the functions that use them or in the header files.

Types and Structures
Managing SECItem Memory

 

Types and Structures

These types and structures are described here:

CERTCertDBHandle
CERTCertificate
PK11SlotInfo
SECItem
SECKEYPrivateKey
SECStatus

Additional types used by a single function only are described with the function's entry in each chapter. Some of these functions also use types defined by NSPR and described in the NSPR Reference.

<a name="> Many of the structures presented here (CERTCertDBHandle, CERTCertificate, PK11SlotInfo, and SECKEYPrivateKey) are opaque--that is, they are types defined as structures (for example, CERTCertDBHandleStr) that may change in future releases of Network Security Services. As long as you use the form shown here, your code will not need revision.

CERTCertDBHandle

An opaque handle structure for open certificate databases.

 

Syntax
#include <certt.h>
typedef struct CERTCertDBHandleStr CERTCertDBHandle;

CERTCertificate

An opaque X.509 certificate object.

Syntax
#include <certt.h>
typedef struct CERTCertificateStr CERTCertificate;
Description

Certificate structures are shared objects. When an application makes a copy of a particular certificate structure that already exists in memory, SSL makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy. When you call CERT_DestroyCertificate, the function decrements the reference count and, if the reference count reaches zero as a result, frees the memory. The use of the word "destroy" in function names or in the description of a function often implies reference counting.

Never alter the contents of a certificate structure. If you attempt to do so, the change affects all the shallow copies of that structure and can cause severe problems.

PK11SlotInfo

An opaque structure representing a physical or logical PKCS #11 slot.

Syntax
#include <pk11expt.h>

typedef struct PK11SlotInfoStr PK11SlotInfo;

SECItem

A structure that points to other structures.

Syntax
#include <seccomon.h>
#include <prtypes.h>
#include <secport.h>
typedef enum {
    siBuffer,
    siClearDataBuffer,
    siCipherDataBuffer,
    siDERCertBuffer,
    siEncodedCertBuffer,
    siDERNameBuffer,
    siEncodedNameBuffer,
    siAsciiNameString,
    siAsciiString,
    siDEROID
} SECItemType;
typedef struct SECItemStr SECItem;
struct SECItemStr {
    SECItemType type;
    unsigned char *data;
    unsigned int len;
};
Description

A SECItem structure can be used to associate your own data with an SSL socket.

To free a structure pointed to by a SECItem, and, if desired, the SECItem structure itself, use one the functions SECItem_FreeItem or SECItem_ZfreeItem.

SECKEYPrivateKey

An opaque, generic key structure.

Syntax
#include <keyt.h>
typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
Description

Key structures are not shared objects. When an application makes a copy of a particular key structure that already exists in memory, SSL makes a deep copy--that is, it makes a whole new copy of that object. When you call SECKEY_DestroyPrivateKey, the function both frees the memory and sets all the bits to zero.

Never alter the contents of a key structure. Treat the structure as read only.

SECStatus

The return value for many SSL functions.

Syntax
#include <seccomon.h>
typedef enum {
    SECWouldBlock = -2,
    SECFailure = -1,
    SECSuccess = 0
} SECStatus;
Enumerators

The enum includes the following enumerators:

SECWouldBlock

Reserved for internal use.

SECFailure

The operation failed. To find out why, call PR_GetError.

SECSuccess

The operation succeeded. In this case the value returned by PR_GetError is meaningless.

 

Managing SECItem Memory

These functions are available for managing the memory associated with SECItem structures and the structures to which they point.

SECItem_FreeItem
SECItem_ZfreeItem

SECItem_FreeItem

Frees the memory associated with a SECItem structure.

Syntax
#include <prtypes.h> 
SECStatus SECItem_FreeItem (
   SECItem *item,
   PRBool freeItem)
Parameter

This function has the following parameter:

item

A pointer to a SECItemstructure.

freeItem

When PR_FALSE, free only the structure pointed to. Otherwise, free both the structure pointed to and the SECItem structure itself.

Returns

The function returns one of these values:

Description

This function frees the memory associated with the structure to which the specified item points, when that structure is no longer used. When freeItem is not PR_FALSE, also frees the item structure itself.

 

SECItem_ZfreeItem

Zeroes and frees the memory associated with a SECItem structure.

Syntax
#include <prtypes.h> 
SECStatus SECItem_ZfreeItem (
   SECItem *item,
   PRBool freeItem)
Parameter

This function has the following parameter:

item

A pointer to a SECItemstructure.

freeItem

When PR_FALSE, free only the structure pointed to. Otherwise, free both the structure pointed to and the SECItem structure itself.

Returns

The function returns one of these values:

Description

This function is similar to SECItem_FreeItem, except that it overwrites the structures to be freed with zeroes before it frees them. Zeros and frees the memory associated with the structure to which the specified item points, when that structure is no longer used. When freeItem is not PR_FALSE, also zeroes and frees the item structure itself.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:44 次

字数:14543

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文