Roxen.git / server / base_server / global_variables.pike

version» Context lines:

Roxen.git/server/base_server/global_variables.pike:19:   {    store( "Variables", variables, 0, 0 );   }      // The following three functions are used to hide variables when they   // are not used. This makes the user-interface clearer and quite a lot   // less clobbered.      private int(0..1) cache_disabled_p() { return !query("cache"); }   private int(0..1) ident_disabled_p() { return [int(0..1)]query("default_ident"); } - #if efun(syslog) + #if constant(syslog)   private int(0..1) syslog_disabled() { return query("LogA")!="syslog"; }   #endif      protected void cdt_changed (Variable.Variable v);   void slow_req_count_changed();   void slow_req_timeout_changed();   void slow_be_timeout_changed();      #ifdef SNMP_AGENT   private int(0..1) snmp_disabled() { return !query("snmp_agent"); }
Roxen.git/server/base_server/global_variables.pike:219:    defvar( "ssl_key_file",    o->KeyFileVariable    ( "", 0, LOCALE(88, "SSL key file"),    LOCALE(89, "The SSL key file to use. If the path is "    "relative, it will first be searched for "    "relative to %s, and if not found there "    "relative to %s. "    "You do not have to specify a key "    "file, leave this field empty to use the "    "certificate file only."))); +  + #if constant(SSL.ServerConnection) +  // Pike 8.0 and later has much more advanced support for SSL/TLS. +  +  defvar( "ssl_password", +  Variable.String("", 0, LOCALE(0, "SSL decryption password"), +  LOCALE(0, "Optional password to decrypt the " +  "SSL key file(s)."))); +  +  // 112 bits is the maximum strength to still retain the +  // DES-3 suites, which are required in the TLS standards. +  defvar("ssl_key_bits", +  Variable.Int(112, 0, +  LOCALE(0, "Cipher suite minimum key strength"), +  LOCALE(0, +  "<p>The minimum number of bits to secure " +  "connections.</p>\n" +  "<p>Common ciphers (subject to availability) " +  "in order of bits:\n" +  "<dl>\n" +  "<dt>40</dt>\n" +  "<dd>Export DES (aka DES-40)</dd>\n" +  "<dd>Export RC4 (aka RC4-40)</dd>\n" +  "<dt>56</dt>\n" +  "<dd>DES</dd>\n" +  "<dt>112</dt>\n" +  "<dd>3-DES (Note that this cipher is the " +  "minimum required cipher in many versions " +  "of TLS)</dd>\n" +  "<dt>128</dt>\n" +  "<dd>AES-128</dd>\n" +  "<dd>Camellia-128</dd>\n" +  "<dd>RC4</dd>\n" +  "<dt>256</dt>\n" +  "<dd>AES-256</dd>\n" +  "<dd>Camellia-256</dd>\n" +  "</dl>\n" +  "</p>\n")))->set_range(0, Variable.no_limit); +  +  defvar("ssl_suite_filter", +  Variable.IntChoice(0, +  ([ +  0: "Default", +  4: "Ephemeral key exchanges only", +  8: "Suite B (relaxed)", +  12: "Suite B (ephemeral only)", +  14: "Suite B (transitional)", +  15: "Suite B (strict)", +  ]), +  0, +  LOCALE(0, "Additional suite filtering"), +  LOCALE(0, "<p>Selects an additional cipher suite " +  "policy.</p>" +  "<p>The supported filter modes are:\n" +  "<dl>\n" +  "<dt>Default</dt>\n" +  "<dd>Use the default cipher suite selection " +  "policy, and allow all cipher suites that " +  "have sufficient strength.</dd>\n" +  "<dt>Ephemeral key exchanges only</dt>\n" +  "<dd>Only allow cipher suites that use a " +  "key exchange with ephemeral keys (aka " +  "\"Perfect Forward Security\"). Ie " +  "either ECDHE or DHE.</dd>\n" +  "<dt>Suite B (relaxed)</dt>\n" +  "<dd>Same as <b>Default</b>, but prefer the " +  "suites specified in <b>Suite B</b>.</dd>\n" +  "<dt>Suite B (ephemeral only)</dt>\n" +  "<dd>Same as <b>Ephemeral key exchanges " +  "only</b>, but prefer the suites specified " +  "in <b>Suite B</b>.</dd>\n" +  "<dt>Suite B (transitional)</dt>\n" +  "<dd>Support only the suites specified by " +  "RFCs 5430 and 6460.</dd>\n" +  "<dt>Suite B (strict)</dt>\n" +  "<dd>Support only the suites specified by " +  "RFC 6460.</dt>\n" +  "</dl>\n" +  "</p>\n" +  "<p>Note: Full Suite B operation is not " +  "supported in all configurations.</p>\n" +  "<p>Note: For full Suite B compliance a " +  "suitable certificate must also be " +  "used.</p>"))); +  +  defvar("ssl_min_version", +  Variable.IntChoice(SSL.Constants.PROTOCOL_SSL_3_0, +  ([ +  SSL.Constants.PROTOCOL_SSL_3_0: +  "SSL 3.0", +  SSL.Constants.PROTOCOL_TLS_1_0: +  "TLS 1.0 (aka SSL 3.1)", +  SSL.Constants.PROTOCOL_TLS_1_1: +  "TLS 1.1", +  SSL.Constants.PROTOCOL_TLS_1_2: +  "TLS 1.2", +  ]), +  0, +  LOCALE(0, "Minimum supported version of SSL/TLS"), +  LOCALE(0, "<p>Reject clients that want to use a " +  "version of SSL/TLS lower than the selected " +  "version.</p>\n"))); + #endif /* SSL.ServerConnection */   }         // Get the current domain. This is not as easy as one could think.   string get_domain(int|void l)   {    string s = "nowhere";    string t;       // FIXME: NT support.
Roxen.git/server/base_server/global_variables.pike:544:    -> add_changed_callback( lambda(Variable.Text s) {    roxenp()->initiate_supports();    cache.cache_expire("supports");    } );       defvar("audit", 0, LOCALE(136, "Logging: Audit trail"),    TYPE_FLAG,    LOCALE(137, "If Audit trail is set to Yes, all changes of uid will be "    "logged in the Event log."));    - #if efun(syslog) + #if constant(syslog)    defvar("LogA", "file", LOCALE(138, "Logging: Debug log method"),    TYPE_STRING_LIST|VAR_MORE,    LOCALE(139, "What method to use for the debug log, default is file, "    "but "    "syslog is also available. When using file, the output is really"    " sent to stdout and stderr, but this is handled by the "    "start script."),    ({ "file", "syslog" }));       defvar("LogSP", 1, LOCALE(140, "Logging: Log PID"),
Roxen.git/server/base_server/global_variables.pike:590: Inside #if efun(syslog)
   "All: Everything<br />"),    ({ "Fatal", "Errors", "Warnings", "Debug", "All" }),    syslog_disabled);       defvar("LogNA", "Roxen", LOCALE(148, "Logging: Log as"),    TYPE_STRING,    LOCALE(149, "When syslog is used, this will be the identification "    "of the Roxen daemon. The entered value will be appended to "    "all logs."),    0, syslog_disabled); - #endif // efun(syslog) + #endif // constant(syslog)       v = Variable.Flag (0, 0,    LOCALE(534, "Logging: Dump threads by file polling"),    LOCALE(535, #"\   <p>This option can be used to produce dumps of all the threads in the   debug log in situations where the Administration Interface doesn't   respond.</p>      <p>It works by checking for a file called \"<i>&lt;config   name&gt;</i>.dump_threads\" in the same directory as the debug log.