/*++ /* NAME /* tls_level 3 /* SUMMARY /* TLS security level conversion /* SYNOPSIS /* #include <tls.h> /* /* int tls_level_lookup(name) /* const char *name; /* /* const char *str_tls_level(level) /* int level; /* DESCRIPTION /* The macros in this module convert TLS levels from symbolic /* name to internal form and vice versa. The macros are safe /* because they evaluate their arguments only once. /* /* tls_level_lookup() converts a TLS level from symbolic name /* to internal form. When an unknown level is specified, /* tls_level_lookup() logs no warning, and returns TLS_LEV_INVALID. /* /* str_tls_level() converts a TLS level from internal form to /* symbolic name. The result is a null pointer for an unknown /* level. /* SEE ALSO /* name_code(3) name to number mapping /* LICENSE /* .ad /* .fi /* The Secure Mailer license must be distributed with this software. /* AUTHOR(S) /* Wietse Venema /* IBM T.J. Watson Research /* P.O. Box 704 /* Yorktown Heights, NY 10598, USA /* /* Victor Duchovni /* Morgan Stanley /*--*/ /* System library. */ #include <sys_defs.h> /* Utility library. */ #include <name_code.h> /* TLS library. */ #include <tls.h> /* Application-specific. */ /* * Order is critical: * * Levels > "encrypt" are expected to match a peer certificate. * * Levels >= "verify" are expected to require a valid CA trust-chain * * This forces "fingerprint" between "encrypt" and "verify". */ const NAME_CODE tls_level_table[] = { "none", TLS_LEV_NONE, "may", TLS_LEV_MAY, "encrypt", TLS_LEV_ENCRYPT, "fingerprint", TLS_LEV_FPRINT, "verify", TLS_LEV_VERIFY, "secure", TLS_LEV_SECURE, 0, TLS_LEV_INVALID, };