pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:584:      // Unless connecting in anonymous mode the server has to have a set of   // CertificatePair certificate chains to sign its handshake with.   // These are stored in the cert_chains_domain mapping, where they are   // retrieved based on domain the client is connecting to.   //   // If the server sends a certificate request the client has to respond   // with a certificate matching the requested issuer der. These are   // stored in the cert_chains_issuer mapping.   // + // FIXME: Currently only one client certificate per der issuer is + // supported. If multiple are added a random one will be selected, + // which later may fail when verified against supported certificate + // types, hash/signature algorithms. + //   // The client/server potentially has a set of trusted issuers   // certificate (root certificates) that are used to validate the   // server/client sent certificate. These are stored in a cache from   // subject der to Verifier object. FIXME: Should use key identifier.      //! Policy for client authentication. One of   //! @[SSL.Constants.AUTHLEVEL_none], @[SSL.Constants.AUTHLEVEL_ask]   //! and @[SSL.Constants.AUTHLEVEL_require].   int auth_level;