pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:157:   //! Attempt to enable encrypt-then-mac mode.   int encrypt_then_mac = 1;      //! Cipher suites we want to support, in order of preference, best   //! first.   array(int) preferred_suites;      //! Supported elliptical curve cipher curves in order of preference.   array(int) ecc_curves = reverse(sort(indices(ECC_CURVES)));    + //! Supported DH groups for DHE key exchanges, in order of preference. + //! Defaults to MODP Group 24 (2048/256 bits) from RFC 5114 section + //! 2.3. + array(Crypto.DH.Parameters) dh_groups = ({ +  Crypto.DH.MODPGroup24, // MODP Group 24 (2048/256 bits). + }); +  +    //! The set of <hash, signature> combinations to use by us.   //!   //! Only used with TLS 1.2 and later.   //!   //! Defaults to all combinations supported by Pike except for MD5.   //!   //! This list is typically filtered by @[get_signature_algorithms()]   //! to get rid of combinations not supported by the runtime.   //!   //! @note
pike.git/lib/modules/SSL.pmod/Context.pike:219:   array(array(int)) get_signature_algorithms(array(array(int))|void signature_algorithms)   {    if (!signature_algorithms) {    signature_algorithms = this_program::signature_algorithms;    }      #if constant(Crypto.ECC.Curve) && constant(Crypto.SHA512) && \    constant(Crypto.SHA384) && constant(Crypto.SHA224)    return signature_algorithms;   #else -  return filter(signature_algorithms, +  return [array(array(int))] +  filter(signature_algorithms,    lambda(array(int) pair) {    [int hash, int sign] = pair;   #if !constant(Crypto.ECC.Curve)    if (sign == SIGNATURE_ecdsa) return 0;   #endif    if ((<   #if !constant(Crypto.SHA512)    HASH_sha512,   #endif   #if !constant(Crypto.SHA384)
pike.git/lib/modules/SSL.pmod/Context.pike:743:   //! and @[certs], and throws errors if the validation fails.   //!   //! @seealso   //! @[find_cert()]   void add_cert(Crypto.Sign.State key, array(string(8bit)) certs,    array(string(8bit))|void extra_name_globs)   {    CertificatePair cp = CertificatePair(key, certs, extra_name_globs);    add_cert(cp);   } + variant void add_cert(string(8bit) key, array(string(8bit)) certs, +  array(string(8bit))|void extra_name_globs) + { +  Crypto.Sign.State _key = Standards.PKCS.RSA.parse_private_key(key) || +  Standards.PKCS.DSA.parse_private_key(key) || + #if constant(Crypto.ECC.Curve) +  Standards.PKCS.ECDSA.parse_private_key(key) || + #endif +  0; +  add_cert(_key, certs, extra_name_globs); + }   variant void add_cert(CertificatePair cp)   {    void add(string what, mapping(string:array(CertificatePair)) to)    {    if( !to[what] )    to[what] = ({cp});    else    to[what] = sort( to[what]+({cp}) );    };