Roxen.git / server / base_server / global_variables.pike

version» Context lines:

Roxen.git/server/base_server/global_variables.pike:207:    defvar("set_cookie_only_once", 1,    LOCALE(76, "Logging: Set ID cookies only once"),    TYPE_FLAG,    LOCALE(77, "If set to Yes, Roxen will attempt to set unique browser "    "ID cookies only upon receiving the first request (and "    "again after some minutes). Thus, if the user doesn't allow "    "the cookie to be set, she won't be bothered with "    "multiple requests."),0, do_set_cookie( o ));   }    + protected int hide_if_empty(RequestID id, Variable.Variable var) + { +  return var->query() == ""; + } +    void set_up_ssl_variables( Protocol o )   {    function(DEFVAR) defvar = o->defvar;       defvar( "ssl_cert_file",    o->CertificateListVariable    ( ({ "demo_certificate.pem" }), 0, -  LOCALE(86, "SSL certificate file"), -  LOCALE(87, "The SSL certificate file(s) to use. " -  "If a path is relative, it will first be " +  LOCALE(86, "SSL certificate file(s)"), +  LOCALE(87, "<p>The SSL certificate file(s) to use.</p>\n" +  "<p>This is a list of certificates, " +  "intermediate and root certificates, and " +  "corresponding private key files in any order.</p>\n" +  "<p>If a path is relative, it will first be "    "searched for relative to %s, " -  "and if not found there relative to %s. "))); +  "and if not found there relative to %s.</p>\n")));       defvar( "ssl_key_file",    o->KeyFileVariable    ( "", 0, LOCALE(88, "SSL key file"),    LOCALE(89, "The SSL key file to use. If the path is "    "relative, it will first be searched for "    "relative to %s, and if not found there "    "relative to %s. "    "You do not have to specify a key "    "file, leave this field empty to use the " -  "certificate file only."))); +  "certificate file only. " +  "This field is obsolete, since the same setting " +  "can be done in <b>SSL certificate file(s)</b>.")))-> +  set_invisibility_check_callback(hide_if_empty);      #if constant(SSL.ServerConnection)    // Pike 8.0 and later has much more advanced support for SSL/TLS.       defvar( "ssl_password",    Variable.String("", 0, LOCALE(0, "SSL decryption password"),    LOCALE(0, "Optional password to decrypt the "    "SSL key file(s).")));       // 112 bits is the maximum strength to still retain the
Roxen.git/server/base_server/global_variables.pike:273: Inside #if constant(SSL.ServerConnection)
   "minimum required cipher in many versions "    "of TLS)</dd>\n"    "<dt>128</dt>\n"    "<dd>AES-128</dd>\n"    "<dd>Camellia-128</dd>\n"    "<dt>256</dt>\n"    "<dd>AES-256</dd>\n"    "<dd>Camellia-256</dd>\n"    "<dd>ChaCha20</dd>\n"    "</dl>\n" -  "</p>\n")))->set_range(0, Variable.no_limit); +  "</p>\n" +  "<p>Cipher strengths lower than 112 bits are " +  "<b>NOT</b> recommended, and there are RFCs that " +  "prohibit the use of all those suites.</p>\n")))-> +  set_range(0, Variable.no_limit);       defvar("ssl_suite_filter",    Variable.IntChoice(0,    ([    0: "Default",    4: "Ephemeral key exchanges only",    8: "Suite B (relaxed)",    12: "Suite B (ephemeral only)",    14: "Suite B (transitional)",    15: "Suite B (strict)",
Roxen.git/server/base_server/global_variables.pike:335: Inside #if constant(SSL.Constants.PROTOCOL_TLS_MAX)
   SSL.Constants.PROTOCOL_SSL_3_0:    "SSL 3.0",    SSL.Constants.PROTOCOL_TLS_1_0:    "TLS 1.0 (aka SSL 3.1)",   #if constant(SSL.Constants.PROTOCOL_TLS_1_2)    SSL.Constants.PROTOCOL_TLS_1_1:    "TLS 1.1",    SSL.Constants.PROTOCOL_TLS_1_2:    "TLS 1.2",   #endif + #if constant(SSL.Constants.PROTOCOL_TLS_1_3) +  SSL.Constants.PROTOCOL_TLS_1_3: +  "TLS 1.3", + #endif    ]),    0,    LOCALE(0, "Minimum supported version of SSL/TLS"),    LOCALE(0, "<p>Reject clients that want to use a "    "version of SSL/TLS lower than the selected " -  "version.</p>\n"))); +  "version.</p>\n" +  "<p>Note: SSL 3.0 has been deprecated " +  "in RFC 7568.</p>\n")));   #endif /* SSL.Constants.PROTOCOL_TLS_MAX */   }         // Get the current domain. This is not as easy as one could think.   string get_domain(int|void l)   {    string s = "nowhere";    string t;