pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:134:   //! export cipher suites.   //!   //! @[long_rsa] is a 1024-bit RSA key to be used for the RSA_EXPORT1024   //! suites from draft-ietf-tls-56-bit-ciphersuites-01.txt.   //!   //! They have associated counters @[short_rsa_counter] and @[long_rsa_counter],   //! which are decremented each time the keys are used.   //!   //! When the counters reach zero, the corresponding RSA key is cleared,   //! and a new generated on demand at which time the counter is reset. - Crypto.RSA long_rsa; - Crypto.RSA short_rsa; + Crypto.RSA.State long_rsa; + Crypto.RSA.State short_rsa;      //! Counters for export RSA keys.   int long_rsa_counter;   int short_rsa_counter;      //! Used to generate random cookies for the hello-message. If we use   //! the RSA keyexchange method, and this is a server, this random   //! number generator is not used for generating the master_secret. By   //! default set to @[Crypto.Random.random_string].   function(int(0..):string(8bit)) random = Crypto.Random.random_string;
pike.git/lib/modules/SSL.pmod/Context.pike:706:   //!   //! On a server these are used in the normal initial handshake,   //! while on a client they are only used if a server requests   //! client certificate authentication.   //!   //! @param key   //! Private key matching the first certificate in @[certs].   //!   //! Supported key types are currently:   //! @mixed - //! @type Crypto.RSA + //! @type Crypto.RSA.State   //! Rivest-Shamir-Adelman. - //! @type Crypto.DSA + //! @type Crypto.DSA.State   //! Digital Signing Algorithm.   //! @type Crypto.ECC.Curve.ECDSA   //! Elliptic Curve Digital Signing Algorithm.   //! @endmixed   //!   //! This key MUST match the public key in the first certificate   //! in @[certs].   //!   //! @param certs   //! A chain of X509.v1 or X509.v3 certificates, with the local
pike.git/lib/modules/SSL.pmod/Context.pike:737:   //!   //! @param cp   //! An alternative is to send an initialized @[CertificatePair].   //!   //! @throws   //! The function performs various validations of the @[key]   //! and @[certs], and throws errors if the validation fails.   //!   //! @seealso   //! @[find_cert()] - void add_cert(Crypto.Sign key, array(string(8bit)) certs, + void add_cert(Crypto.Sign.State key, array(string(8bit)) certs,    array(string(8bit))|void extra_name_globs)   {    CertificatePair cp = CertificatePair(key, certs, extra_name_globs);    add_cert(cp);   }   variant void add_cert(CertificatePair cp)   {    void add(string what, mapping(string:array(CertificatePair)) to)    {    if( !to[what] )
pike.git/lib/modules/SSL.pmod/Context.pike:893:    if (s->identity)    m_delete (session_cache, s->identity);    /* There's no need to remove the id from the active_sessions queue */   }         //   // --- Compat code below   //    - protected Crypto.RSA compat_rsa; + protected Crypto.RSA.State compat_rsa;   protected array(string(8bit)) compat_certificates;      //! The servers default private RSA key.   //!   //! Compatibility, don't use.   //!   //! @deprecated find_cert   //!   //! @seealso   //! @[`certificates], @[find_cert()] - __deprecated__ Crypto.RSA `rsa() + __deprecated__ Crypto.RSA.State `rsa()   {    return compat_rsa;   }      //! Set the servers default private RSA key.   //!   //! Compatibility, don't use.   //!   //! @deprecated add_cert   //!   //! @seealso   //! @[`certificates=], @[add_cert()] - __deprecated__ void `rsa=(Crypto.RSA k) + __deprecated__ void `rsa=(Crypto.RSA.State k)   {    compat_rsa = k;    if (k && compat_certificates) {    catch {    add_cert(k, compat_certificates);    };    }   }      //! The server's certificate, or a chain of X509.v3 certificates, with
pike.git/lib/modules/SSL.pmod/Context.pike:969:   }      //! The clients RSA private key.   //!   //! Compatibility, don't use.   //!   //! @deprecated find_cert   //!   //! @seealso   //! @[`certificates], @[find_cert()] - __deprecated__ Crypto.RSA `client_rsa() + __deprecated__ Crypto.RSA.State `client_rsa()   {    return compat_rsa;   }      //! Set the clients default private RSA key.   //!   //! Compatibility, don't use.   //!   //! @deprecated add_cert   //!   //! @seealso   //! @[`client_certificates=], @[add_cert()] - __deprecated__ void `client_rsa=(Crypto.RSA k) + __deprecated__ void `client_rsa=(Crypto.RSA.State k)   {    compat_rsa = k;    if (k && compat_certificates) {    catch {    add_cert(k, compat_certificates);    };    }   }      //! The client's certificate, or a chain of X509.v3 certificates, with
pike.git/lib/modules/SSL.pmod/Context.pike:1030:    foreach(certs, array(string(8bit)) chain) {    catch {    add_cert(compat_rsa, chain);    };    }    }   }      //! Compatibility.   //! @deprecated find_cert - __deprecated__ Crypto.DSA `dsa() + __deprecated__ Crypto.DSA.State `dsa()   {    return UNDEFINED;   }      //! Compatibility.   //! @deprecated add_cert - __deprecated__ void `dsa=(Crypto.DSA k) + __deprecated__ void `dsa=(Crypto.DSA.State k)   {    error("The old DSA API is not supported anymore.\n");   }      //! Set @[preferred_suites] to RSA based methods.   //!   //! @param min_keylength   //! Minimum acceptable key length in bits.   //!   //! @seealso