pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:303:    return 0;    }    }       // Decode the chain, verify each certificate and verify that the    // chain is unbroken.    mapping result = ([]);    catch {    result = Standards.X509.verify_certificate_chain(certs,    context->trusted_issuers_cache, -  context->require_trust); +  context->auth_level >= AUTHLEVEL_require);    };       if (session->server_name && sizeof([array](result->certificates || ({})))) {    array(Standards.X509.TBSCertificate) certs =    [array(Standards.X509.TBSCertificate)](result->certificates);    Standards.X509.TBSCertificate cert = certs[-1];    array(string) globs = Standards.PKCS.Certificate.    decode_distinguished_name(cert->subject)->commonName - ({ 0 });    if (cert->ext_subjectAltName_dNSName) {    globs += cert->ext_subjectAltName_dNSName;