Roxen.git / server / base_server / roxen.pike

version» Context lines:

Roxen.git/server/base_server/roxen.pike:2493:    array args = ({ARGS}); \    if (sizeof (args)) msg = sprintf (msg, @args); \    report_error ("TLS port %s: %s", get_url(), msg); \    (VAR)->add_warning (msg); \    cert_err_unbind(); \    cert_failure = 1; \    return; \    } while (0)      #if constant(SSL.Constants.PROTOCOL_TLS_MAX) -  protected void set_version() +  protected void set_version(SSLContext|void ctx)    { -  +  if (!ctx) ctx = this_program::ctx;    ctx->min_version = query("ssl_min_version");    }   #endif    -  protected void filter_preferred_suites() +  protected void filter_preferred_suites(SSLContext|void ctx)    { -  +  if (!ctx) ctx = this_program::ctx;   #if constant(SSL.ServerConnection)    int mode = query("ssl_suite_filter");    int bits = query("ssl_key_bits");       array(int) suites = ({});       if ((mode & 8) && !ctx->configure_suite_b) {    // FIXME: Warn: Suite B suites not available.    mode &= ~8;    }
Roxen.git/server/base_server/roxen.pike:2530: Inside #if constant(SSL.ServerConnection)
   // Transitional mode.    ctx->configure_suite_b(bits, 1);    break;    default:    ctx->configure_suite_b(bits);    break;    }    suites = ctx->preferred_suites;       if (ctx->min_version < query("ssl_min_version")) { -  set_version(); +  set_version(ctx);    }    } else {    suites = ctx->get_suites(bits, 1);       // Make sure the min version is restored in case we've    // switched from Suite B. -  set_version(); +  set_version(ctx);    }    if (mode & 4) {    // Ephemeral suites only.    suites = filter(suites,    lambda(int suite) {    return (<    SSL.Constants.KE_dhe_dss,    SSL.Constants.KE_dhe_rsa,    SSL.Constants.KE_ecdhe_ecdsa,    SSL.Constants.KE_ecdhe_rsa,
Roxen.git/server/base_server/roxen.pike:2626:    report_error ("TLS port %s: %s", get_url(),    LOC_M(63,"No certificates found.\n"));    cert_err_unbind();    cert_failure = 1;    return;    }    }       // FIXME: Only do this if there are certs loaded?    // We must reset the set of certificates. -  // NB: Race condition here where the new SSLContext is -  // live before it has been configured completely. -  ctx = SSLContext(); -  set_version(); -  filter_preferred_suites(); +  SSLContext ctx = SSLContext(); +  ctx->random = Crypto.Random.random_string; +  set_version(ctx); +  filter_preferred_suites(ctx);       foreach(keypairs, int keypair_id) {    array(Crypto.Sign.State|array(string)) keypair =    CertDB.get_keypair(keypair_id);    if (!keypair) continue;       [Crypto.Sign.State private_key, array(string) certs] = keypair;    ctx->add_cert(private_key, certs, ({ name, "*" }));    }   
Roxen.git/server/base_server/roxen.pike:2654: Inside #if 0
   CERT_ERROR(Certificates,    LOC_M(71,"No matching keys and certificates found.\n"));    report_error ("TLS port %s: %s", get_url(),    LOC_M(71,"No matching keys and certificates found.\n"));    cert_err_unbind();    cert_failure = 1;    return;    }   #endif    +  this_program::ctx = ctx; +     if (!bound) {    bind (ignore_eaddrinuse);    if (old_cert_failure && bound)    report_notice (LOC_M(64, "TLS port %s opened.\n"), get_url());    if (!bound)    report_notice("Failed to bind port %s.\n", get_url());    }    }       class CertificateKeyChoiceVariable
Roxen.git/server/base_server/roxen.pike:2937:    {    ctx->random = Crypto.Random.random_string;       set_up_ssl_variables( this_object() );       // NB: setup() calls restore() which initializes the variables    // created above.    ::setup(pn, i);      #if constant(SSL.Constants.PROTOCOL_TLS_MAX) -  set_version(); +  set_version(ctx);   #endif    -  filter_preferred_suites(); +  filter_preferred_suites(ctx);       certificates_changed (0, ignore_eaddrinuse);       // Install the change callbacks here to avoid duplicate calls    // above.    // FIXME: Both variables ought to be updated on save before the    // changed callback is called. Currently you can get warnings    // that the files don't match if you update both variables    // at the same time.    getvar ("ssl_keys")->set_changed_callback(certificates_changed);