pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:259:    // next we must verify the chain to see if the chain is unbroken       mapping result =    Standards.X509.verify_certificate_chain(certs,    context->trusted_issuers_cache,    context->require_trust);       // This data isn't actually used internally.    session->cert_data = result;    -  if(result->verified) -  { -  if (session->server_name) { +  if(result->verified && session->server_name && +  sizeof(result->certificates || ({}))) {    array(Standards.X509.TBSCertificate) certs =    [array(Standards.X509.TBSCertificate)](result->certificates);    Standards.X509.TBSCertificate cert = certs[-1];    array(string) globs = Standards.PKCS.Certificate.    decode_distinguished_name(cert->subject)->commonName - ({ 0 });    if (cert->ext_subjectAltName_dNSName) {    globs += cert->ext_subjectAltName_dNSName;    }    result->verified = glob(map(globs, lower_case),    lower_case(session->server_name));    } -  +     return [int(0..1)](result->verified);   }    -  return 0; - } -  +    //! Do handshake processing. Type is one of HANDSHAKE_*, data is the   //! contents of the packet, and raw is the raw packet received (needed   //! for supporting SSLv2 hello messages).   //!   //! This function returns 0 if handshake is in progress, 1 if handshake   //! is finished, and -1 if a fatal error occurred. It uses the   //! send_packet() function to transmit packets.   int(-1..1) handle_handshake(int type, string(8bit) data, string(8bit) raw);      //! Initialize the connection state.