pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:213:      //! List of advertised protocols using using TLS application level   //! protocol negotiation.   array(string(8bit)) advertised_protocols;      //! The maximum amount of data that is sent in each SSL packet by   //! @[sslfile]. A value between 1 and   //! @[SSL.Constants.PACKET_MAX_SIZE].   int packet_max_size = PACKET_MAX_SIZE;    + // The signature algorithms to use. According to RFC 5246 7.4.2 all + // certificates needs to be signed by any of the supported signature + // algorithms. This trivially means that any combinaton that doesn't + // have a PKCS identifier isn't allowed.   array(array(int)) signature_algorithms = ({   #if constant(Crypto.SHA512)   #if constant(Crypto.ECC.Curve)    ({ HASH_sha512, SIGNATURE_ecdsa }),   #endif -  ({ HASH_sha512, SIGNATURE_dsa }), +     ({ HASH_sha512, SIGNATURE_rsa }),   #endif   #if constant(Crypto.SHA384)   #if constant(Crypto.ECC.Curve)    ({ HASH_sha384, SIGNATURE_ecdsa }),   #endif    ({ HASH_sha384, SIGNATURE_rsa }),   #endif   #if constant(Crypto.ECC.Curve)    ({ HASH_sha256, SIGNATURE_ecdsa }),