// Unless connecting in anonymous mode the server has to have a set of // CertificatePair certificate chains to sign its handshake with. // These are stored in the cert_chains_domain mapping, where they are // retrieved based on domain the client is connecting to. // // If the server sends a certificate request the client has to respond // with a certificate matching the requested issuer der. These are // stored in the cert_chains_issuer mapping. //
// FIXME: Currently only one client certificate per der issuer is
// supported. If multiple are added a random one will be selected,
// which later may fail when verified against supported certificate
// types, hash/signature algorithms.
// The client/server potentially has a set of trusted issuers // certificate (root certificates) that are used to validate the // server/client sent certificate. These are stored in a cache from // subject der to Verifier object. FIXME: Should use key identifier. //! Policy for client authentication. One of //! @[SSL.Constants.AUTHLEVEL_none], @[SSL.Constants.AUTHLEVEL_ask] //! and @[SSL.Constants.AUTHLEVEL_require]. int auth_level;