Roxen.git / server / base_server / roxen.pike

version» Context lines:

Roxen.git/server/base_server/roxen.pike:2325:    protected void create()    {    path = "";    port = default_port;    ip = "0.0.0.0";    }   }      #if constant(SSL.sslfile)    + // Some convenience functions. + #if constant(SSL.Constants.fmt_cipher_suites) + constant fmt_cipher_suite = SSL.Constants.fmt_cipher_suite; + constant fmt_cipher_suites = SSL.Constants.fmt_cipher_suites; + #else + protected mapping(int:string) suite_to_symbol = ([]); +  + string fmt_cipher_suite(int suite) + { +  if (!sizeof(suite_to_symbol)) { +  foreach(indices(SSL.Constants), string id) { +  if (has_prefix(id, "SSL_") || has_prefix(id, "TLS_") || +  has_prefix(id, "SSL2_")) { +  suite_to_symbol[SSL.Constants[id]] = id; +  } +  } +  } +  string res = suite_to_symbol[suite]; +  if (res) return res; +  return suite_to_symbol[suite] = sprintf("unknown(%d)", suite); + } +  + string fmt_cipher_suites(array(int) s) + { +  String.Buffer b = String.Buffer(); +  foreach(s, int c) { +  b->add(sprintf(" %-6d: %s\n", c, fmt_cipher_suite(c))); +  } +  return (string)b; + } + #endif +    class SSLContext {   #if constant(SSL.Context)    inherit SSL.Context;      #if defined(DEBUG) || defined(SSL3_DEBUG)    SSL.Alert alert_factory(SSL.Connection con, int level, int description,    SSL.Constants.ProtocolVersion version,    string|void debug_message)    {    if (description != SSL.Constants.ALERT_close_notify) {
Roxen.git/server/base_server/roxen.pike:2457: Inside #if constant(SSL.ServerConnection)
   lambda(int suite) {    return (<    SSL.Constants.KE_dhe_dss,    SSL.Constants.KE_dhe_rsa,    SSL.Constants.KE_ecdhe_ecdsa,    SSL.Constants.KE_ecdhe_rsa,    >)[(SSL.Constants.CIPHER_SUITES[suite]||({ -1 }))[0]];    });    }    ctx->preferred_suites = suites; + #elif constant(SSL.Constants.CIPHER_aead) +  int bits = query("ssl_key_bits"); +  // NB: The arguments to get_suites() in Pike 7.8 currently differs +  // from the ones in Pike 8.0. +  ctx->preferred_suites = ctx->get_suites(SSL.Constants.SIGNATURE_rsa, bits);   #else   #ifndef ALLOW_WEAK_SSL    // Filter weak and really weak cipher suites.    ctx->preferred_suites -= ({    SSL.Constants.SSL_rsa_with_des_cbc_sha,    SSL.Constants.SSL_dhe_dss_with_des_cbc_sha,    SSL.Constants.SSL_rsa_export_with_rc4_40_md5,    SSL.Constants.TLS_rsa_with_null_sha256,    SSL.Constants.SSL_rsa_with_null_sha,    SSL.Constants.SSL_rsa_with_null_md5,    SSL.Constants.SSL_dhe_dss_export_with_des40_cbc_sha,    SSL.Constants.SSL_null_with_null_null,    });   #endif   #endif /* SSL.ServerConnection */ -  + #ifdef ROXEN_SSL_DEBUG +  report_debug("SSL: Cipher suites enabled for %O:\n" +  "%s\n", +  this_object(), +  fmt_cipher_suites(ctx->preferred_suites)); + #endif    }      #if constant(Standards.X509)    void certificates_changed(Variable.Variable|void ignored,    void|int ignore_eaddrinuse)    {    int old_cert_failure = cert_failure;    cert_failure = 0;       array(string) certificates = ({});