24.6. Data Definitions for libssl3

This section defines global identifiers and their values that are associated with interfaces contained in libssl3. These definitions are organized into groups that correspond to system headers. This convention is used as a convenience for the reader, and does not imply the existence of these headers, or their content. Where an interface is defined as requiring a particular system header file all of the data definitions for that system header file presented here shall be in effect.

This section gives data definitions to promote binary application portability, not to repeat source interface definitions available elsewhere. System providers and application developers should use this ABI to supplement - not to replace - source interface definition specifications.

This specification uses the ISO C (1999) C Language as the reference programming language, and data definitions are specified in ISO C format. The C language is used here as a convenient notation. Using a C language description of these data objects does not preclude their use by other programming languages.

24.6.1. nss3/ecl-exp.h


#define __ecl_exp_h_
#define ECCurve_SECG_CHAR2_163R2	ECCurve_NIST_B163
#define ECCurve_SECG_CHAR2_233R1	ECCurve_NIST_B233
#define ECCurve_WTLS_11	ECCurve_NIST_B233
#define ECCurve_SECG_CHAR2_283R1	ECCurve_NIST_B283
#define ECCurve_SECG_CHAR2_409R1	ECCurve_NIST_B409
#define ECCurve_SECG_CHAR2_571R1	ECCurve_NIST_B571
#define ECCurve_SECG_CHAR2_163K1	ECCurve_NIST_K163
#define ECCurve_WTLS_3	ECCurve_NIST_K163
#define ECCurve_SECG_CHAR2_233K1	ECCurve_NIST_K233
#define ECCurve_WTLS_10	ECCurve_NIST_K233
#define ECCurve_SECG_CHAR2_283K1	ECCurve_NIST_K283
#define ECCurve_SECG_CHAR2_409K1	ECCurve_NIST_K409
#define ECCurve_SECG_CHAR2_571K1	ECCurve_NIST_K571
#define ECCurve_SECG_PRIME_192R1	ECCurve_NIST_P192
#define ECCurve_X9_62_PRIME_192V1	ECCurve_NIST_P192
#define ECCurve_SECG_PRIME_224R1	ECCurve_NIST_P224
#define ECCurve_WTLS_12	ECCurve_NIST_P224
#define ECCurve_SECG_PRIME_256R1	ECCurve_NIST_P256
#define ECCurve_X9_62_PRIME_256V1	ECCurve_NIST_P256
#define ECCurve_SECG_PRIME_384R1	ECCurve_NIST_P384
#define ECCurve_SECG_PRIME_521R1	ECCurve_NIST_P521
#define ECCurve_WTLS_4	ECCurve_SECG_CHAR2_113R1
#define ECCurve_WTLS_6	ECCurve_SECG_PRIME_112R1
#define ECCurve_WTLS_7	ECCurve_SECG_PRIME_160R1
#define ECCurve_WTLS_5	ECCurve_X9_62_CHAR2_PNB163V1

enum ECField {
    ECField_GFp = 0,
    ECField_GF2m = 1
};
typedef struct ECCurveParamsStr {
    char *text;
    enum ECField field;
    unsigned int size;
    char *irr;
    char *curvea;
    char *curveb;
    char *genx;
    char *geny;
    char *order;
    int cofactor;
} ECCurveParams;
enum ECCurveName {
    ECCurve_noName = 0,
    ECCurve_NIST_P192 = 1,
    ECCurve_NIST_P224 = 2,
    ECCurve_NIST_P256 = 3,
    ECCurve_NIST_P384 = 4,
    ECCurve_NIST_P521 = 5,
    ECCurve_NIST_K163 = 6,
    ECCurve_NIST_B163 = 7,
    ECCurve_NIST_K233 = 8,
    ECCurve_NIST_B233 = 9,
    ECCurve_NIST_K283 = 10,
    ECCurve_NIST_B283 = 11,
    ECCurve_NIST_K409 = 12,
    ECCurve_NIST_B409 = 13,
    ECCurve_NIST_K571 = 14,
    ECCurve_NIST_B571 = 15,
    ECCurve_X9_62_PRIME_192V2 = 16,
    ECCurve_X9_62_PRIME_192V3 = 17,
    ECCurve_X9_62_PRIME_239V1 = 18,
    ECCurve_X9_62_PRIME_239V2 = 19,
    ECCurve_X9_62_PRIME_239V3 = 20,
    ECCurve_X9_62_CHAR2_PNB163V1 = 21,
    ECCurve_X9_62_CHAR2_PNB163V2 = 22,
    ECCurve_X9_62_CHAR2_PNB163V3 = 23,
    ECCurve_X9_62_CHAR2_PNB176V1 = 24,
    ECCurve_X9_62_CHAR2_TNB191V1 = 25,
    ECCurve_X9_62_CHAR2_TNB191V2 = 26,
    ECCurve_X9_62_CHAR2_TNB191V3 = 27,
    ECCurve_X9_62_CHAR2_PNB208W1 = 28,
    ECCurve_X9_62_CHAR2_TNB239V1 = 29,
    ECCurve_X9_62_CHAR2_TNB239V2 = 30,
    ECCurve_X9_62_CHAR2_TNB239V3 = 31,
    ECCurve_X9_62_CHAR2_PNB272W1 = 32,
    ECCurve_X9_62_CHAR2_PNB304W1 = 33,
    ECCurve_X9_62_CHAR2_TNB359V1 = 34,
    ECCurve_X9_62_CHAR2_PNB368W1 = 35,
    ECCurve_X9_62_CHAR2_TNB431R1 = 36,
    ECCurve_SECG_PRIME_112R1 = 37,
    ECCurve_SECG_PRIME_112R2 = 38,
    ECCurve_SECG_PRIME_128R1 = 39,
    ECCurve_SECG_PRIME_128R2 = 40,
    ECCurve_SECG_PRIME_160K1 = 41,
    ECCurve_SECG_PRIME_160R1 = 42,
    ECCurve_SECG_PRIME_160R2 = 43,
    ECCurve_SECG_PRIME_192K1 = 44,
    ECCurve_SECG_PRIME_224K1 = 45,
    ECCurve_SECG_PRIME_256K1 = 46,
    ECCurve_SECG_CHAR2_113R1 = 47,
    ECCurve_SECG_CHAR2_113R2 = 48,
    ECCurve_SECG_CHAR2_131R1 = 49,
    ECCurve_SECG_CHAR2_131R2 = 50,
    ECCurve_SECG_CHAR2_163R1 = 51,
    ECCurve_SECG_CHAR2_193R1 = 52,
    ECCurve_SECG_CHAR2_193R2 = 53,
    ECCurve_SECG_CHAR2_239K1 = 54,
    ECCurve_WTLS_1 = 55,
    ECCurve_WTLS_8 = 56,
    ECCurve_WTLS_9 = 57,
    ECCurve_pastLastCurve = 58
};

24.6.2. nss3/ssl.h


#define __ssl_h_
#define SSL_IS_SSL2_CIPHER(which)	(((which) & 0xfff0) == 0xff00)
#define SSL_REQUIRE_NEVER	((PRBool)0)
#define SSL_REQUIRE_ALWAYS	((PRBool)1)
#define SSL_REQUIRE_FIRST_HANDSHAKE	((PRBool)2)
#define SSL_REQUIRE_NO_ERROR	((PRBool)3)
#define SSL_SECURITY_STATUS_NOOPT	-1
#define SSL_NOT_ALLOWED	0
#define SSL_SECURITY_STATUS_OFF	0
#define SSL_ALLOWED	1
#define SSL_SECURITY	1
#define SSL_SECURITY_STATUS_ON_HIGH	1
#define SSL_REQUIRE_CERTIFICATE	10
#define SSL_ENABLE_FDX	11
#define SSL_V2_COMPATIBLE_HELLO	12
#define SSL_ENABLE_TLS	13
#define SSL_ROLLBACK_DETECTION	14
#define SSL_NO_STEP_DOWN	15
#define SSL_BYPASS_PKCS11	16
#define SSL_NO_LOCKS	17
#define SSL_RESTRICTED	2
#define SSL_SECURITY_STATUS_ON_LOW	2
#define SSL_SOCKS	2
#define SSL_REQUEST_CERTIFICATE	3
#define SSL_HANDSHAKE_AS_CLIENT	5
#define SSL_HANDSHAKE_AS_SERVER	6
#define SSL_ENABLE_SSL2	7
#define SSL_ENABLE_SSL3	8
#define SSL_NO_CACHE	9
#define SSL_ENV_VAR_NAME	"SSL_INHERITANCE"

typedef SECStatus(*SSLAuthCertificate) (void *, PRFileDesc *, PRBool,
					PRBool);
typedef SECStatus(*SSLGetClientAuthData) (void *, PRFileDesc *,
					  CERTDistNames *,
					  CERTCertificate * *,
					  SECKEYPrivateKey * *);
typedef SECStatus(*SSLBadCertHandler) (void *, PRFileDesc *);
typedef void (*SSLHandshakeCallback) (PRFileDesc *, void *);
extern SECStatus NSS_CmpCertChainWCANames(CERTCertificate * cert,
					  CERTDistNames * caNames);
extern SSLKEAType NSS_FindCertKEAType(CERTCertificate * cert);
extern SECStatus NSS_GetClientAuthData(void *arg, PRFileDesc * socket,
				       struct CERTDistNamesStr *caNames,
				       struct CERTCertificateStr
				       **pRetCert,
				       struct SECKEYPrivateKeyStr
				       **pRetKey);
extern SECStatus SSL_AuthCertificate(void *arg, PRFileDesc * fd,
				     PRBool checkSig, PRBool isServer);
extern SECStatus SSL_AuthCertificateHook(PRFileDesc * fd,
					 SSLAuthCertificate f, void *arg);
extern SECStatus SSL_BadCertHook(PRFileDesc * fd, SSLBadCertHandler f,
				 void *arg);
extern SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 * policy);
extern SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
extern SECStatus SSL_CipherPrefGet(PRFileDesc * fd, PRInt32 cipher,
				   PRBool * enabled);
extern SECStatus SSL_CipherPrefGetDefault(PRInt32 cipher,
					  PRBool * enabled);
extern SECStatus SSL_CipherPrefSet(PRFileDesc * fd, PRInt32 cipher,
				   PRBool enabled);
extern SECStatus SSL_CipherPrefSetDefault(PRInt32 cipher, PRBool enabled);
extern void SSL_ClearSessionCache(void);
extern SECStatus SSL_ConfigMPServerSIDCache(int maxCacheEntries,
					    PRUint32 timeout,
					    PRUint32 ssl3_timeout,
					    const char *directory);
extern SECStatus SSL_ConfigSecureServer(PRFileDesc * fd,
					CERTCertificate * cert,
					SECKEYPrivateKey * key,
					SSLKEAType kea);
extern SECStatus SSL_ConfigServerSessionIDCache(int maxCacheEntries,
						PRUint32 timeout,
						PRUint32 ssl3_timeout,
						const char *directory);
extern int SSL_DataPending(PRFileDesc * fd);
extern SECStatus SSL_ForceHandshake(PRFileDesc * fd);
extern SECStatus SSL_GetClientAuthDataHook(PRFileDesc * fd,
					   SSLGetClientAuthData f,
					   void *a);
extern SECItem *SSL_GetSessionID(PRFileDesc * fd);
extern SECStatus SSL_HandshakeCallback(PRFileDesc * fd,
				       SSLHandshakeCallback cb,
				       void *client_data);
extern PRFileDesc *SSL_ImportFD(PRFileDesc * model, PRFileDesc * fd);
extern SECStatus SSL_InheritMPServerSIDCache(const char *envString);
extern SECStatus SSL_InvalidateSession(PRFileDesc * fd);
extern SECStatus SSL_OptionGet(PRFileDesc * fd, PRInt32 option,
			       PRBool * on);
extern SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool * on);
extern SECStatus SSL_OptionSet(PRFileDesc * fd, PRInt32 option, PRBool on);
extern SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
extern CERTCertificate *SSL_PeerCertificate(PRFileDesc * fd);
extern SECStatus SSL_ReHandshake(PRFileDesc * fd, PRBool flushCache);
extern SECStatus SSL_ResetHandshake(PRFileDesc * fd, PRBool asServer);
extern void *SSL_RevealPinArg(PRFileDesc * socket);
extern char *SSL_RevealURL(PRFileDesc * socket);
extern SECStatus SSL_SecurityStatus(PRFileDesc * fd, int *on,
				    char **cipher, int *keySize,
				    int *secretKeySize, char **issuer,
				    char **subject);
extern SECStatus SSL_SetPKCS11PinArg(PRFileDesc * fd, void *a);
extern SECStatus SSL_SetSockPeerID(PRFileDesc * fd, const char *peerID);
extern SECStatus SSL_SetURL(PRFileDesc * fd, const char *url);

24.6.3. nss3/sslerr.h


#define __SSL_ERR_H_
#define IS_SSL_ERROR(code)	 \
	(((code) >= SSL_ERROR_BASE) && ((code) < SSL_ERROR_LIMIT))
#define SSL_ERROR_BASE	(-0x3000)
#define SSL_ERROR_LIMIT	(SSL_ERROR_BASE + 1000)

typedef enum {
    SSL_ERROR_EXPORT_ONLY_SERVER = (SSL_ERROR_BASE + 0),
    SSL_ERROR_US_ONLY_SERVER = (SSL_ERROR_BASE + 1),
    SSL_ERROR_NO_CYPHER_OVERLAP = (SSL_ERROR_BASE + 2),
    SSL_ERROR_NO_CERTIFICATE = (SSL_ERROR_BASE + 3),
    SSL_ERROR_BAD_CERTIFICATE = (SSL_ERROR_BASE + 4),
    SSL_ERROR_BAD_CLIENT = (SSL_ERROR_BASE + 6),
    SSL_ERROR_BAD_SERVER = (SSL_ERROR_BASE + 7),
    SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE = (SSL_ERROR_BASE + 8),
    SSL_ERROR_UNSUPPORTED_VERSION = (SSL_ERROR_BASE + 9),
    SSL_ERROR_WRONG_CERTIFICATE = (SSL_ERROR_BASE + 11),
    SSL_ERROR_BAD_CERT_DOMAIN = (SSL_ERROR_BASE + 12),
    SSL_ERROR_POST_WARNING = (SSL_ERROR_BASE + 13),
    SSL_ERROR_SSL2_DISABLED = (SSL_ERROR_BASE + 14),
    SSL_ERROR_BAD_MAC_READ = (SSL_ERROR_BASE + 15),
    SSL_ERROR_BAD_MAC_ALERT = (SSL_ERROR_BASE + 16),
    SSL_ERROR_BAD_CERT_ALERT = (SSL_ERROR_BASE + 17),
    SSL_ERROR_REVOKED_CERT_ALERT = (SSL_ERROR_BASE + 18),
    SSL_ERROR_EXPIRED_CERT_ALERT = (SSL_ERROR_BASE + 19),
    SSL_ERROR_SSL_DISABLED = (SSL_ERROR_BASE + 20),
    SSL_ERROR_FORTEZZA_PQG = (SSL_ERROR_BASE + 21),
    SSL_ERROR_UNKNOWN_CIPHER_SUITE = (SSL_ERROR_BASE + 22),
    SSL_ERROR_NO_CIPHERS_SUPPORTED = (SSL_ERROR_BASE + 23),
    SSL_ERROR_BAD_BLOCK_PADDING = (SSL_ERROR_BASE + 24),
    SSL_ERROR_RX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 25),
    SSL_ERROR_TX_RECORD_TOO_LONG = (SSL_ERROR_BASE + 26),
    SSL_ERROR_RX_MALFORMED_HELLO_REQUEST = (SSL_ERROR_BASE + 27),
    SSL_ERROR_RX_MALFORMED_CLIENT_HELLO = (SSL_ERROR_BASE + 28),
    SSL_ERROR_RX_MALFORMED_SERVER_HELLO = (SSL_ERROR_BASE + 29),
    SSL_ERROR_RX_MALFORMED_CERTIFICATE = (SSL_ERROR_BASE + 30),
    SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 31),
    SSL_ERROR_RX_MALFORMED_CERT_REQUEST = (SSL_ERROR_BASE + 32),
    SSL_ERROR_RX_MALFORMED_HELLO_DONE = (SSL_ERROR_BASE + 33),
    SSL_ERROR_RX_MALFORMED_CERT_VERIFY = (SSL_ERROR_BASE + 34),
    SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 35),
    SSL_ERROR_RX_MALFORMED_FINISHED = (SSL_ERROR_BASE + 36),
    SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER = (SSL_ERROR_BASE + 37),
    SSL_ERROR_RX_MALFORMED_ALERT = (SSL_ERROR_BASE + 38),
    SSL_ERROR_RX_MALFORMED_HANDSHAKE = (SSL_ERROR_BASE + 39),
    SSL_ERROR_RX_MALFORMED_APPLICATION_DATA = (SSL_ERROR_BASE + 40),
    SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST = (SSL_ERROR_BASE + 41),
    SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO = (SSL_ERROR_BASE + 42),
    SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO = (SSL_ERROR_BASE + 43),
    SSL_ERROR_RX_UNEXPECTED_CERTIFICATE = (SSL_ERROR_BASE + 44),
    SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH = (SSL_ERROR_BASE + 45),
    SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST = (SSL_ERROR_BASE + 46),
    SSL_ERROR_RX_UNEXPECTED_HELLO_DONE = (SSL_ERROR_BASE + 47),
    SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY = (SSL_ERROR_BASE + 48),
    SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH = (SSL_ERROR_BASE + 49),
    SSL_ERROR_RX_UNEXPECTED_FINISHED = (SSL_ERROR_BASE + 50),
    SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER = (SSL_ERROR_BASE + 51),
    SSL_ERROR_RX_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 52),
    SSL_ERROR_RX_UNEXPECTED_HANDSHAKE = (SSL_ERROR_BASE + 53),
    SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA = (SSL_ERROR_BASE + 54),
    SSL_ERROR_RX_UNKNOWN_RECORD_TYPE = (SSL_ERROR_BASE + 55),
    SSL_ERROR_RX_UNKNOWN_HANDSHAKE = (SSL_ERROR_BASE + 56),
    SSL_ERROR_RX_UNKNOWN_ALERT = (SSL_ERROR_BASE + 57),
    SSL_ERROR_CLOSE_NOTIFY_ALERT = (SSL_ERROR_BASE + 58),
    SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT = (SSL_ERROR_BASE + 59),
    SSL_ERROR_DECOMPRESSION_FAILURE_ALERT = (SSL_ERROR_BASE + 60),
    SSL_ERROR_HANDSHAKE_FAILURE_ALERT = (SSL_ERROR_BASE + 61),
    SSL_ERROR_ILLEGAL_PARAMETER_ALERT = (SSL_ERROR_BASE + 62),
    SSL_ERROR_UNSUPPORTED_CERT_ALERT = (SSL_ERROR_BASE + 63),
    SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT = (SSL_ERROR_BASE + 64),
    SSL_ERROR_GENERATE_RANDOM_FAILURE = (SSL_ERROR_BASE + 65),
    SSL_ERROR_SIGN_HASHES_FAILURE = (SSL_ERROR_BASE + 66),
    SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE = (SSL_ERROR_BASE + 67),
    SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 68),
    SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE = (SSL_ERROR_BASE + 69),
    SSL_ERROR_ENCRYPTION_FAILURE = (SSL_ERROR_BASE + 70),
    SSL_ERROR_DECRYPTION_FAILURE = (SSL_ERROR_BASE + 71),
    SSL_ERROR_SOCKET_WRITE_FAILURE = (SSL_ERROR_BASE + 72),
    SSL_ERROR_MD5_DIGEST_FAILURE = (SSL_ERROR_BASE + 73),
    SSL_ERROR_SHA_DIGEST_FAILURE = (SSL_ERROR_BASE + 74),
    SSL_ERROR_MAC_COMPUTATION_FAILURE = (SSL_ERROR_BASE + 75),
    SSL_ERROR_SYM_KEY_CONTEXT_FAILURE = (SSL_ERROR_BASE + 76),
    SSL_ERROR_SYM_KEY_UNWRAP_FAILURE = (SSL_ERROR_BASE + 77),
    SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED = (SSL_ERROR_BASE + 78),
    SSL_ERROR_IV_PARAM_FAILURE = (SSL_ERROR_BASE + 79),
    SSL_ERROR_INIT_CIPHER_SUITE_FAILURE = (SSL_ERROR_BASE + 80),
    SSL_ERROR_SESSION_KEY_GEN_FAILURE = (SSL_ERROR_BASE + 81),
    SSL_ERROR_NO_SERVER_KEY_FOR_ALG = (SSL_ERROR_BASE + 82),
    SSL_ERROR_TOKEN_INSERTION_REMOVAL = (SSL_ERROR_BASE + 83),
    SSL_ERROR_TOKEN_SLOT_NOT_FOUND = (SSL_ERROR_BASE + 84),
    SSL_ERROR_NO_COMPRESSION_OVERLAP = (SSL_ERROR_BASE + 85),
    SSL_ERROR_HANDSHAKE_NOT_COMPLETED = (SSL_ERROR_BASE + 86),
    SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE = (SSL_ERROR_BASE + 87),
    SSL_ERROR_CERT_KEA_MISMATCH = (SSL_ERROR_BASE + 88),
    SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA = (SSL_ERROR_BASE + 89),
    SSL_ERROR_SESSION_NOT_FOUND = (SSL_ERROR_BASE + 90),
    SSL_ERROR_DECRYPTION_FAILED_ALERT = (SSL_ERROR_BASE + 91),
    SSL_ERROR_RECORD_OVERFLOW_ALERT = (SSL_ERROR_BASE + 92),
    SSL_ERROR_UNKNOWN_CA_ALERT = (SSL_ERROR_BASE + 93),
    SSL_ERROR_ACCESS_DENIED_ALERT = (SSL_ERROR_BASE + 94),
    SSL_ERROR_DECODE_ERROR_ALERT = (SSL_ERROR_BASE + 95),
    SSL_ERROR_DECRYPT_ERROR_ALERT = (SSL_ERROR_BASE + 96),
    SSL_ERROR_EXPORT_RESTRICTION_ALERT = (SSL_ERROR_BASE + 97),
    SSL_ERROR_PROTOCOL_VERSION_ALERT = (SSL_ERROR_BASE + 98),
    SSL_ERROR_INSUFFICIENT_SECURITY_ALERT = (SSL_ERROR_BASE + 99),
    SSL_ERROR_INTERNAL_ERROR_ALERT = (SSL_ERROR_BASE + 100),
    SSL_ERROR_USER_CANCELED_ALERT = (SSL_ERROR_BASE + 101),
    SSL_ERROR_NO_RENEGOTIATION_ALERT = (SSL_ERROR_BASE + 102),
    SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED = (SSL_ERROR_BASE + 103),
    SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT = (SSL_ERROR_BASE + 104),
    SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT = (SSL_ERROR_BASE + 105),
    SSL_ERROR_UNRECOGNIZED_NAME_ALERT = (SSL_ERROR_BASE + 106),
    SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT = (SSL_ERROR_BASE + 107),
    SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT = (SSL_ERROR_BASE + 108)
} SSLErrorCodes;

24.6.4. nss3/sslproto.h


#define __sslproto_h_
#define SSL_MT_ERROR	0
#define SSL_NULL_WITH_NULL_NULL	0x0000
#define SSL_PE_NO_CYPHERS	0x0001
#define SSL_RSA_WITH_NULL_MD5	0x0001
#define SSL_LIBRARY_VERSION_2	0x0002
#define SSL_PE_NO_CERTIFICATE	0x0002
#define SSL_RSA_WITH_NULL_SHA	0x0002
#define SSL_RSA_EXPORT_WITH_RC4_40_MD5	0x0003
#define SSL_PE_BAD_CERTIFICATE	0x0004
#define SSL_RSA_WITH_RC4_128_MD5	0x0004
#define SSL_RSA_WITH_RC4_128_SHA	0x0005
#define SSL_PE_UNSUPPORTED_CERTIFICATE_TYPE	0x0006
#define SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5	0x0006
#define SSL_RSA_WITH_IDEA_CBC_SHA	0x0007
#define SSL_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0008
#define SSL_RSA_WITH_DES_CBC_SHA	0x0009
#define SSL_RSA_WITH_3DES_EDE_CBC_SHA	0x000a
#define SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA	0x000b
#define SSL_DH_DSS_WITH_DES_CBC_SHA	0x000c
#define SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA	0x000d
#define SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA	0x000e
#define SSL_DH_RSA_WITH_DES_CBC_SHA	0x000f
#define SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA	0x0010
#define SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA	0x0011
#define SSL_DHE_DSS_WITH_DES_CBC_SHA	0x0012
#define SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA	0x0013
#define SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA	0x0014
#define SSL_DHE_RSA_WITH_DES_CBC_SHA	0x0015
#define SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA	0x0016
#define SSL_DH_ANON_EXPORT_WITH_RC4_40_MD5	0x0017
#define SSL_DH_ANON_WITH_RC4_128_MD5	0x0018
#define SSL_DH_ANON_EXPORT_WITH_DES40_CBC_SHA	0x0019
#define SSL_DH_ANON_WITH_DES_CBC_SHA	0x001a
#define SSL_DH_ANON_WITH_3DES_EDE_CBC_SHA	0x001b
#define SSL_FORTEZZA_DMS_WITH_NULL_SHA	0x001c
#define SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA	0x001d
#define SSL_FORTEZZA_DMS_WITH_RC4_128_SHA	0x001e
#define TLS_RSA_WITH_AES_128_CBC_SHA	0x002F
#define TLS_DH_DSS_WITH_AES_128_CBC_SHA	0x0030
#define TLS_DH_RSA_WITH_AES_128_CBC_SHA	0x0031
#define TLS_DHE_DSS_WITH_AES_128_CBC_SHA	0x0032
#define TLS_DHE_RSA_WITH_AES_128_CBC_SHA	0x0033
#define TLS_DH_ANON_WITH_AES_128_CBC_SHA	0x0034
#define TLS_RSA_WITH_AES_256_CBC_SHA	0x0035
#define TLS_DH_DSS_WITH_AES_256_CBC_SHA	0x0036
#define TLS_DH_RSA_WITH_AES_256_CBC_SHA	0x0037
#define TLS_DHE_DSS_WITH_AES_256_CBC_SHA	0x0038
#define TLS_DHE_RSA_WITH_AES_256_CBC_SHA	0x0039
#define TLS_DH_ANON_WITH_AES_256_CBC_SHA	0x003A
#define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA	0x0062
#define TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x0063
#define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA	0x0064
#define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x0065
#define TLS_DHE_DSS_WITH_RC4_128_SHA	0x0066
#define SSL_AT_MD5_WITH_RSA_ENCRYPTION	0x01
#define SSL_CK_RC4_128_WITH_MD5	0x01
#define SSL_CT_X509_CERTIFICATE	0x01
#define SSL_CK_RC4_128_EXPORT40_WITH_MD5	0x02
#define SSL_CK_RC2_128_CBC_WITH_MD5	0x03
#define SSL_LIBRARY_VERSION_3_0	0x0300
#define SSL_LIBRARY_VERSION_3_1_TLS	0x0301
#define SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5	0x04
#define SSL_CK_IDEA_128_CBC_WITH_MD5	0x05
#define SSL_CK_DES_64_CBC_WITH_MD5	0x06
#define SSL_CK_DES_192_EDE3_CBC_WITH_MD5	0x07
#define TLS_ECDH_ECDSA_WITH_NULL_SHA	0xC001
#define TLS_ECDH_ECDSA_WITH_RC4_128_SHA	0xC002
#define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC003
#define TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA	0xC004
#define TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA	0xC005
#define TLS_ECDHE_ECDSA_WITH_NULL_SHA	0xC006
#define TLS_ECDHE_ECDSA_WITH_RC4_128_SHA	0xC007
#define TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA	0xC008
#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA	0xC009
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA	0xC00A
#define TLS_ECDH_RSA_WITH_NULL_SHA	0xC00B
#define TLS_ECDH_RSA_WITH_RC4_128_SHA	0xC00C
#define TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA	0xC00D
#define TLS_ECDH_RSA_WITH_AES_128_CBC_SHA	0xC00E
#define TLS_ECDH_RSA_WITH_AES_256_CBC_SHA	0xC00F
#define TLS_ECDHE_RSA_WITH_NULL_SHA	0xC010
#define TLS_ECDHE_RSA_WITH_RC4_128_SHA	0xC011
#define TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA	0xC012
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	0xC013
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	0xC014
#define TLS_ECDH_anon_WITH_NULL_SHA	0xC015
#define TLS_ECDH_anon_WITH_RC4_128_SHA	0xC016
#define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA	0xC017
#define TLS_ECDH_anon_WITH_AES_128_CBC_SHA	0xC018
#define TLS_ECDH_anon_WITH_AES_256_CBC_SHA	0xC019
#define SSL_RSA_FIPS_WITH_DES_CBC_SHA	0xfefe
#define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	0xfeff
#define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0
#define SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA	0xffe1
#define SSL_HL_CLIENT_FINISHED_HBYTES	1
#define SSL_HL_SERVER_FINISHED_HBYTES	1
#define SSL_HL_SERVER_VERIFY_HBYTES	1
#define SSL_MT_CLIENT_HELLO	1
#define SSL_HL_CLIENT_MASTER_KEY_HBYTES	10
#define SSL_HL_SERVER_HELLO_HBYTES	11
#define SSL_HL_REQUEST_CERTIFICATE_HBYTES	2
#define SSL_MT_CLIENT_MASTER_KEY	2
#define SSL_HL_ERROR_HBYTES	3
#define SSL_MT_CLIENT_FINISHED	3
#define SSL_MT_SERVER_HELLO	4
#define SSL_MT_SERVER_VERIFY	5
#define SSL_HL_CLIENT_CERTIFICATE_HBYTES	6
#define SSL_MT_SERVER_FINISHED	6
#define SSL_MT_REQUEST_CERTIFICATE	7
#define SSL_MT_CLIENT_CERTIFICATE	8
#define SSL_HL_CLIENT_HELLO_HBYTES	9

24.6.5. nss3/sslt.h


#define __sslt_h_

typedef enum {
    ssl_kea_null,
    ssl_kea_rsa = 1,
    ssl_kea_dh = 2,
    ssl_kea_fortezza = 3,
    ssl_kea_ecdh = 4,
    ssl_kea_size = 5
} SSLKEAType;
typedef enum {
    ssl_sign_null,
    ssl_sign_rsa = 1,
    ssl_sign_dsa = 2,
    ssl_sign_ecdsa = 3
} SSLSignType;
typedef enum {
    ssl_auth_null,
    ssl_auth_rsa = 1,
    ssl_auth_dsa = 2,
    ssl_auth_kea = 3,
    ssl_auth_ecdsa = 4
} SSLAuthType;
typedef enum {
    ssl_calg_null,
    ssl_calg_rc4 = 1,
    ssl_calg_rc2 = 2,
    ssl_calg_des = 3,
    ssl_calg_3des = 4,
    ssl_calg_idea = 5,
    ssl_calg_fortezza = 6,
    ssl_calg_aes = 7,
    ssl_calg_camellia = 8
} SSLCipherAlgorithm;
typedef enum {
    ssl_mac_null,
    ssl_mac_md5 = 1,
    ssl_mac_sha = 2,
    ssl_hmac_md5 = 3,
    ssl_hmac_sha = 4
} SSLMACAlgorithm;
typedef struct SSLChannelInfoStr {
    PRUint32 length;
    PRUint16 protocolVersion;
    PRUint16 cipherSuite;
    PRUint32 authKeyBits;
    PRUint32 keaKeyBits;
    PRUint32 creationTime;
    PRUint32 lastAccessTime;
    PRUint32 expirationTime;
    PRUint32 sessionIDLength;
    PRUint8 sessionID[31];
} SSLChannelInfo;
typedef struct SSLCipherSuiteInfoStr {
    PRUint16 length;
    PRUint16 cipherSuite;
    const char *cipherSuiteName;
    const char *authAlgorithmName;
    SSLAuthType authAlgorithm;
    const char *keaTypeName;
    SSLKEAType keaType;
    const char *symCipherName;
    SSLCipherAlgorithm symCipher;
    PRUint16 symKeyBits;
    PRUint16 symKeySpace;
    PRUint16 effectiveKeyBits;
    const char *macAlgorithmName;
    SSLMACAlgorithm macAlgorithm;
    PRUint16 macBits;
    PRUintn isFIPS:1;
    PRUintn isExportable:1;
    PRUintn nonStandard:1;
    PRUintn reservedBits:29;
} SSLCipherSuiteInfo;