Roxen.git / server / base_server / global_variables.pike

version» Context lines:

Roxen.git/server/base_server/global_variables.pike:209:    TYPE_FLAG,    LOCALE(77, "If set to Yes, Roxen will attempt to set unique browser "    "ID cookies only upon receiving the first request (and "    "again after some minutes). Thus, if the user doesn't allow "    "the cookie to be set, she won't be bothered with "    "multiple requests."),0, do_set_cookie( o ));   }      protected int hide_if_empty(RequestID id, Variable.Variable var)   { -  return var->query() == ""; +  return !sizeof(var->query());   }      void set_up_ssl_variables( Protocol o )   {    function(DEFVAR) defvar = o->defvar;    -  +  defvar( "ssl_keys", o->CertificateKeyChoiceVariable +  (VAR_NO_DEFAULT, +  LOCALE(0, "SSL/TLS Certificate(s)"), +  LOCALE(0, "<p>The TLS certificate(s) to use.</p>\n" +  "<p>Certificate and key files matching the " +  "<b>Global Variables/Settings/Certificate and " +  "Private Key Globs</b> setting " +  "are automatically imported and valid " +  "combinations are listed above.</p>\n" +  "<p>At least one certificate must be selected.</p>\n" +  "<p>The Server Name Indication (SNI) extension sent by the " +  "TLS client will be used to choose a specific certificate " +  "for the connection from the set selected here.</p>\n" +  ))); +  + #if 1 +  // Old-style SSL Certificate variables. +  // FIXME: Keep these around for at least a few major versions (10 years?).    defvar( "ssl_cert_file",    o->CertificateListVariable -  ( ({ "demo_certificate.pem" }), 0, +  ( ({ "demo_certificate.pem" }), VAR_INVISIBLE,    LOCALE(86, "SSL certificate file(s)"),    LOCALE(87, "<p>The SSL certificate file(s) to use.</p>\n"    "<p>This is a list of certificates, "    "intermediate and root certificates, and "    "corresponding private key files in any order.</p>\n"    "<p>If a path is relative, it will first be "    "searched for relative to %s, "    "and if not found there relative to %s.</p>\n")));       defvar( "ssl_key_file",    o->KeyFileVariable -  ( "", 0, LOCALE(88, "SSL key file"), +  ( "", VAR_INVISIBLE, LOCALE(88, "SSL key file"),    LOCALE(89, "The SSL key file to use. If the path is "    "relative, it will first be searched for "    "relative to %s, and if not found there "    "relative to %s. "    "You do not have to specify a key "    "file, leave this field empty to use the "    "certificate file only. "    "This field is obsolete, since the same setting " -  "can be done in <b>SSL certificate file(s)</b>.")))-> -  set_invisibility_check_callback(hide_if_empty); +  "can be done in <b>SSL certificate file(s)</b>."))); + #endif      #if constant(SSL.Constants.CIPHER_aead)    // NB: This constant was added a few days after get_suites() in Pike 8.0,    // and a single day after get_suites() in the backport to Pike 7.8.       // Pike 8.0 or recent Pike 7.8.    // They have SSL.[Cc]ontext()->get_suites().       // 112 bits is the minimum strength to still retain the    // DES-3 suites, which are required in the TLS standards.
Roxen.git/server/base_server/global_variables.pike:295: Inside #if constant(SSL.Constants.CIPHER_aead)
   "<p>Cipher strengths lower than 112 bits are "    "<b>NOT</b> recommended, and there are RFCs that "    "prohibit the use of all those suites.</p>\n")))->    set_range(0, Variable.no_limit);   #endif      #if constant(SSL.ServerConnection)    // Pike 8.0 and later has much more advanced support for SSL/TLS.       defvar( "ssl_password", -  Variable.String("", 0, LOCALE(1082, "SSL decryption password"), +  Variable.String("", VAR_INVISIBLE, +  LOCALE(1082, "SSL decryption password"),    LOCALE(1083, "Optional password to decrypt the "    "SSL key file(s).")));       defvar("ssl_suite_filter",    Variable.IntChoice(0,    ([    0: "Default",    4: "Ephemeral key exchanges only",    8: "Suite B (relaxed)",    12: "Suite B (ephemeral only)",
Roxen.git/server/base_server/global_variables.pike:675:    "it gives better security."));       defvar("ModuleDirs", ({ "$LOCALDIR/modules/", "modules/" }),    LOCALE(132, "Module directories"),    TYPE_DIR_LIST,    LOCALE(133, "This is a list of directories where Roxen should look "    "for modules. Can be relative paths, from the "    "directory you started Roxen. "    "The directories are searched in order for modules."));    +  defvar("CertGlobs", ({ "*.pem", "certs/*.pem" }), +  LOCALE(0, "Certificate and Private Key Globs"), +  TYPE_STRING_LIST, +  LOCALE(0, "<p>This is a list of globs for which corresponding files " +  "will automatically be imported into the certificate " +  "database on server start.</p>\n" +  "<p>It may be left empty, in which case any certificates " +  "to use will need to be added by hand.</p>\n")) +  ->set_changed_callback(lambda() { +  roxenp()->background_run(0, roxenp()->scan_certs); +  }); +     defvar("Supports",    Variable.Text( "#include <etc/supports>\n",    VAR_MORE, LOCALE(134, "Client supports regexps"),    LOCALE(135, "What do the different clients support?\n<br />"    "The default information is normally fetched from the file "    "server/etc/supports in your Roxen directory.") ) )    -> add_changed_callback( lambda(Variable.Text s) {    roxenp()->initiate_supports();    cache.cache_expire("supports");    } );