pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:145:   }      Packet change_cipher_packet()   {    expect_change_cipher++;    return Packet(version, PACKET_change_cipher_spec, "\001");   }      string(8bit) hash_messages(string(8bit) sender, int|void len)   { -  if(version == PROTOCOL_SSL_3_0) { +  switch( version ) +  { +  case PROTOCOL_SSL_3_0: +  {    string(8bit) data = (string(8bit))handshake_messages + sender;    return .Cipher.MACmd5(session->master_secret)->hash(data) +    .Cipher.MACsha(session->master_secret)->hash(data);    } -  else if(version <= PROTOCOL_TLS_1_1) { +  case PROTOCOL_TLS_1_0: +  case PROTOCOL_TLS_1_1:    return session->cipher_spec->prf(session->master_secret, sender,    Crypto.MD5.hash(handshake_messages)+    Crypto.SHA1.hash(handshake_messages),    len || 12); -  } +  case PROTOCOL_TLS_1_2: +  default:    return session->cipher_spec->prf(session->master_secret, sender,    session->cipher_spec->hash    ->hash(handshake_messages),    len || 12);    } -  + }      Packet certificate_packet(array(string(8bit)) certificates)   {    return handshake_packet(HANDSHAKE_certificate,    Buffer()->add_string_array(certificates, 3, 3));   }      Packet certificate_verify_packet(string(8bit)|void signature_context)   {    SSL3_DEBUG_MSG("SSL.Connection: CERTIFICATE_VERIFY\n"
pike.git/lib/modules/SSL.pmod/Connection.pike:420:      //! Initialize the connection state.   //!   //! @param ctx   //! The context for the connection.   protected void create(Context ctx)   {    current_read_state = State(this);    current_write_state = State(this);    -  version = ctx->max_version; +  version = min([int]max(@ctx->supported_versions), PROTOCOL_TLS_1_2);    context = ctx;   }      //! Remove cyclic references as best we can.   void shutdown()   {    current_read_state = current_write_state = UNDEFINED;    pending_read_state = pending_write_state = ({});    ke = UNDEFINED;    alert_callback = UNDEFINED;