1 /* $NetBSD: tls_level.c,v 1.1.1.1 2009/06/23 10:08:57 tron Exp $ */ 2 3 /*++ 4 /* NAME 5 /* tls_level 3 6 /* SUMMARY 7 /* TLS security level conversion 8 /* SYNOPSIS 9 /* #include <tls.h> 10 /* 11 /* int tls_level_lookup(name) 12 /* const char *name; 13 /* 14 /* const char *str_tls_level(level) 15 /* int level; 16 /* DESCRIPTION 17 /* The macros in this module convert TLS levels from symbolic 18 /* name to internal form and vice versa. The macros are safe 19 /* because they evaluate their arguments only once. 20 /* 21 /* tls_level_lookup() converts a TLS level from symbolic name 22 /* to internal form. When an unknown level is specified, 23 /* tls_level_lookup() logs no warning, and returns TLS_LEV_INVALID. 24 /* 25 /* str_tls_level() converts a TLS level from internal form to 26 /* symbolic name. The result is a null pointer for an unknown 27 /* level. 28 /* SEE ALSO 29 /* name_code(3) name to number mapping 30 /* LICENSE 31 /* .ad 32 /* .fi 33 /* The Secure Mailer license must be distributed with this software. 34 /* AUTHOR(S) 35 /* Wietse Venema 36 /* IBM T.J. Watson Research 37 /* P.O. Box 704 38 /* Yorktown Heights, NY 10598, USA 39 /* 40 /* Victor Duchovni 41 /* Morgan Stanley 42 /*--*/ 43 44 /* System library. */ 45 46 #include <sys_defs.h> 47 48 /* Utility library. */ 49 50 #include <name_code.h> 51 52 /* TLS library. */ 53 54 #include <tls.h> 55 56 /* Application-specific. */ 57 58 /* 59 * Order is critical: 60 * 61 * Levels > "encrypt" are expected to match a peer certificate. 62 * 63 * Levels >= "verify" are expected to require a valid CA trust-chain 64 * 65 * This forces "fingerprint" between "encrypt" and "verify". 66 */ 67 const NAME_CODE tls_level_table[] = { 68 "none", TLS_LEV_NONE, 69 "may", TLS_LEV_MAY, 70 "encrypt", TLS_LEV_ENCRYPT, 71 "fingerprint", TLS_LEV_FPRINT, 72 "verify", TLS_LEV_VERIFY, 73 "secure", TLS_LEV_SECURE, 74 0, TLS_LEV_INVALID, 75 }; 76