Security Preference dialog requirements

The main security preferenc dialog needs to be able to

Necessary security preference dialog actions

Create a temporary SSL_Options object to use while updating the preferences.

  SSL_Options *m_options_manager = g_ssl_api->CreateSecurityManager(TRUE,);
  if(!m_options_manager)
     return OpStatus::ERR;

Protocolflags (checkboxes):

m_options_managerr->Enable_SSL_V3_0
SSL v3.0 protocol-toggle
m_options_manager->Enable_TLS_V1_0
TLS v1.0 protocol-toggle
m_options_manager->Enable_TLS_V1_1
TLS v1.1 protocol-toggle
m_options_manager->Enable_TLS_V1_2
TLS v1.2 protocol-toggle

Other checkboxes:

prefsManager->GetWarnInsecureFormSubmit()
Does the user want to be informed when forms are not submitted of SSL?

Security Password settings (radiobuttons)

m_options_manager->PasswordAging can have these enumerated values:

SSL_ASK_PASSWD_ONCE
Only ask for the security password once
SSL_ASK_PASSWD_EVERY_TIME
Ask for the security password each time it is needed
SSL_ASK_PASSWD_AFTER_TIME
Ask for the security password if it is more than prefsManager->GetSecurityPasswordLifeTime() minutes since the last time it was entered

Saving the Security Preferences

Update the members of m_options_manager listed above with the new values, as well as updating

with the appropriate values. Then call

  g_ssl_api->CommitOptionsManager(m_options_manager);
  if(m_options_manager->dec_reference() <= 0)
	delete m_options_manager;
  m_options_manager = NULL;

Cancel Security Preferences:

  if(m_options_manager->dec_reference() <= 0)
	delete m_options_manager;
  m_options_manager = NULL;

Personal certificate dialog

Creating the personal certificate context:

  SSL_Certificate_DisplayContext *personal_cert_contex = new SSL_Certificate_DisplayContext(IDM_PERSONAL_CERTIFICATES_BUTT);
  personal_cert_contex->SetExternalOptionsManager(m_options_manager);

All the updates to the certificate database in the UI is commited to the security preferences in m_options_manager, which will be committed as described above.

An independent SSL_Options object may be used, but in such cases, the object must be committed and deleted separately.

Independent API's can be used to start a certificate dialog, if this is not desired the StartSecurityCertBrowsing and InitSecurityCertBrowsing APIs defined in the SSL Certificate DisplayContext document can be used.

Authority Certificate dialog

Creating the authority certificate context:

  SSL_Certificate_DisplayContext *authority_cert_contex = new SSL_Certificate_DisplayContext(IDM_SITE_CERTIFICATES_BUTT);
  authority_cert_contex->SetExternalOptionsManager(m_options_manager);

All the updates to the certificate database in the UI is commited to the security preferences in m_options_manager, which will be committed as described above.

An independent SSL_Options object may be used, but in such cases, the object must be committed and deleted separately.

Independent API's can be used to start a certificate dialog, if this is not desired the StartSecurityCertBrowsing and InitSecurityCertBrowsing APIs defined in the SSL Certificate DisplayContext document can be used.

SSL cipher selection dialog

This dialog contains a list of ciphers, described by a textstring (not translated), and an indication for each of whether or not it is enabled.

Retrieving the preferences (pseudo code):

  SSL_ProtocolVersion SSLID_ver;
  const char *label;

  label = "SSL/TLS ciphers");
  SSLID_ver.Set(3,0);
  // Set titlebar text to label

  int i = 0;
  long pos = 0;    
  BOOL selected;

  char tmp[255];  // Textstring                   
  while (m_options_manager->GetCipherName(SSLID_ver, i, tmp, selected))
  {                                                            
    AddStringtoListWithSelectedStatus(tmp,selected) 
    i++;
  }             

Saving the SSL cipher selection (pseudo code):

  Create an array ilist of num elements that contain the *zero-based* indexes
  of the selected ciphers, listed in the same order they were retrieved from m_options_manager.

  m_options_manager->SetCiphers(SSLID_ver, num, ilist);