pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:163:   //!   //! Only used with TLS 1.2 and later.   //!   //! Defaults to all combinations supported by Pike except for MD5.   //!   //! This list is typically filtered by @[get_signature_algorithms()]   //! to get rid of combinations not supported by the runtime.   //!   //! @note   //! According to RFC 5246 7.4.2 all certificates needs to be signed - //! by any of the supported signature algorithms. This trivially - //! means that any combinaton that doesn't have a PKCS identifier - //! isn't allowed. + //! by any of the supported signature algorithms. To be forward + //! compatible this list needs to be limited to the combinations + //! that have existing PKCS identifiers.   //!   //! @seealso   //! @[get_signature_algorithms()]   array(array(int)) signature_algorithms = ({   #if constant(Crypto.SHA512)   #if constant(Crypto.ECC.Curve)    ({ HASH_sha512, SIGNATURE_ecdsa }),   #endif    ({ HASH_sha512, SIGNATURE_rsa }),   #endif