pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:770:   // The client/server potentially has a set of trusted issuers   // certificates (root certificates) that are used to validate the   // server/client sent certificate. These are stored in trusted_issuers   // and in a cache from subject der to Verifier object. FIXME: Should   // use key identifier.      //! Policy for client authentication. One of   //! @[SSL.Constants.AUTHLEVEL_none],   //! @[SSL.Constants.AUTHLEVEL_verify], @[SSL.Constants.AUTHLEVEL_ask]   //! and @[SSL.Constants.AUTHLEVEL_require]. + //! + //! Defaults to SSL.Constants.AUTHLEVEL_none.   int auth_level;      //! Array of authorities that are accepted for client certificates.   //! The server will only accept connections from clients whose   //! certificate is signed by one of these authorities. The string is a   //! DER-encoded certificate, which typically must be decoded using   //! @[MIME.decode_base64] or @[Standards.PEM.Messages] first.   //!   //! Note that it is presumed that the issuer will also be trusted by   //! the server. See @[trusted_issuers] for details on specifying   //! trusted issuers.   //!   //! If empty, the server will accept any client certificate whose   //! issuer is trusted by the server.   void set_authorities(array(string) a)   {    authorities = a;    update_authorities();   }    - //! When set, require the chain to be known, even if the root is self - //! signed. - //! - //! Note that if set, and certificates are set to be verified, trusted - //! issuers must be provided, or no connections will be accepted. - int require_trust=0; -  +    //! Get the list of allowed authorities. See @[set_authorities].   array(string) get_authorities()   {    return authorities;   }      protected array(string) authorities = ({});   array(string(8bit)) authorities_cache = ({});      //! Sets the list of trusted certificate issuers.
pike.git/lib/modules/SSL.pmod/Context.pike:1148:    auth_level = AUTHLEVEL_none;    else if(auth_level < AUTHLEVEL_verify)    auth_level = AUTHLEVEL_verify;   }      __deprecated__ int `verify_certificates()   {    return auth_level >= AUTHLEVEL_verify;   }    + //! @decl int require_trust + //! + //! When set, require the chain to be known, even if the root is self + //! signed. + //! + //! Note that if set, and certificates are set to be verified, trusted + //! issuers must be provided, or no connections will be accepted. + //! + //! @deprecated auth_level +  + __deprecated__ void `require_trust=(int i) + { +  if(i) +  auth_level = AUTHLEVEL_require; +  else if(auth_level > AUTHLEVEL_verify) +  auth_level = AUTHLEVEL_verify; + } +  + __deprecated__ int `require_trust() + { +  return auth_level >= AUTHLEVEL_require; + } +    //! @decl int(0..1) encrypt_then_mac   //!   //! Attempt to enable encrypt-then-mac mode. Defaults to @expr{1@}.   //!   //! @deprecated extensions      __deprecated__ void `encrypt_then_mac=(int(0..1) i)   {    extensions[EXTENSION_encrypt_then_mac] = !!i;   }      __deprecated__ int(0..1) `encrypt_then_mac()   {    return !!extensions[EXTENSION_encrypt_then_mac];   }