pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:263:      // Verify that a certificate chain is acceptable   private array(Standards.X509.TBSCertificate)    verify_certificate_chain(array(string) certs)   {    // If we're not requiring the certificate, and we don't provide one,    // that should be okay.    if((context->auth_level < AUTHLEVEL_require) && !sizeof(certs))    return ({});    +  // If we are not verifying the certificates, we only need to decode +  // the leaf certificate for its public key. +  if(context->auth_level == AUTHLEVEL_none) +  return ({ Standards.X509.decode_certificate(certs[0]) }); +     // A lack of certificates when we reqiure and must verify the    // certificates is probably a failure.    if(!sizeof(certs))    return 0;       // See if the issuer of the certificate is acceptable. This means    // the issuer of the certificate must be one of the authorities.    // NOTE: This code is only relevant when acting as a server dealing    // with client certificates.    if(sizeof(context->authorities_cache))