1/* $NetBSD$ */ 2 3/*++ 4/* NAME 5/* tls_level 3 6/* SUMMARY 7/* TLS security level conversion 8/* SYNOPSIS 9/* #include <tls.h> 10/* 11/* int tls_level_lookup(name) 12/* const char *name; 13/* 14/* const char *str_tls_level(level) 15/* int level; 16/* DESCRIPTION 17/* The macros in this module convert TLS levels from symbolic 18/* name to internal form and vice versa. The macros are safe 19/* because they evaluate their arguments only once. 20/* 21/* tls_level_lookup() converts a TLS level from symbolic name 22/* to internal form. When an unknown level is specified, 23/* tls_level_lookup() logs no warning, and returns TLS_LEV_INVALID. 24/* 25/* str_tls_level() converts a TLS level from internal form to 26/* symbolic name. The result is a null pointer for an unknown 27/* level. 28/* SEE ALSO 29/* name_code(3) name to number mapping 30/* LICENSE 31/* .ad 32/* .fi 33/* The Secure Mailer license must be distributed with this software. 34/* AUTHOR(S) 35/* Wietse Venema 36/* IBM T.J. Watson Research 37/* P.O. Box 704 38/* Yorktown Heights, NY 10598, USA 39/* 40/* Victor Duchovni 41/* Morgan Stanley 42/*--*/ 43 44/* System library. */ 45 46#include <sys_defs.h> 47 48/* Utility library. */ 49 50#include <name_code.h> 51 52/* TLS library. */ 53 54#include <tls.h> 55 56/* Application-specific. */ 57 58 /* 59 * Order is critical: 60 * 61 * Levels > "encrypt" are expected to match a peer certificate. 62 * 63 * Levels >= "verify" are expected to require a valid CA trust-chain 64 * 65 * This forces "fingerprint" between "encrypt" and "verify". 66 */ 67const NAME_CODE tls_level_table[] = { 68 "none", TLS_LEV_NONE, 69 "may", TLS_LEV_MAY, 70 "encrypt", TLS_LEV_ENCRYPT, 71 "fingerprint", TLS_LEV_FPRINT, 72 "verify", TLS_LEV_VERIFY, 73 "secure", TLS_LEV_SECURE, 74 0, TLS_LEV_INVALID, 75}; 76