pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:694:   // If the server sends a certificate request the client has to respond   // with a certificate matching the requested issuer der. These are   // stored in the cert_chains_issuer mapping.   //   // FIXME: Currently only one client certificate per der issuer is   // supported. If multiple are added a random one will be selected,   // which later may fail when verified against supported certificate   // types, hash/signature algorithms.   //   // The client/server potentially has a set of trusted issuers - // certificate (root certificates) that are used to validate the - // server/client sent certificate. These are stored in a cache from - // subject der to Verifier object. FIXME: Should use key identifier. + // certificates (root certificates) that are used to validate the + // server/client sent certificate. These are stored in trusted_issuers + // and in a cache from subject der to Verifier object. FIXME: Should + // use key identifier.      //! Policy for client authentication. One of   //! @[SSL.Constants.AUTHLEVEL_none], @[SSL.Constants.AUTHLEVEL_ask]   //! and @[SSL.Constants.AUTHLEVEL_require].   int auth_level;      //! Array of authorities that are accepted for client certificates.   //! The server will only accept connections from clients whose   //! certificate is signed by one of these authorities. The string is a   //! DER-encoded certificate, which typically must be decoded using