pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:55:   //! Our private key.   Crypto.Sign.State private_key;      //! The peer's public key (from the certificate).   Crypto.Sign.State peer_public_key;      //! The max fragment size requested by the client.   int max_packet_size = PACKET_MAX_SIZE;      //! Indicates that the packet HMACs should be truncated - //! to the first 10 bytes (80 bits). Cf @rfc{3546@} 3.5. + //! to the first 10 bytes (80 bits). Cf @rfc{3546:3.5@}.   int(0..1) truncated_hmac;      //! Indicates that the connection uses the Extended Master Secret method   //! of deriving the master secret.   //!   //! This setting is only relevant for TLS 1.2 and earlier.   int(0..1) extended_master_secret;      protected void create(string(8bit)|void id)   {    identity = id;   }      /*    * Extensions provided by the peer.    */    - //! @rfc{6066@} 3.1 (SNI) + //! @rfc{6066:3.1@} (SNI)   string(8bit) server_name;      //! The set of <hash, signature> combinations supported by the peer.   //!   //! Only used with TLS 1.2 and later.   //! - //! Defaults to the settings from @rfc{5246@} 7.4.1.4.1. + //! Defaults to the settings from @rfc{5246:7.4.1.4.1@}.   array(array(int)) signature_algorithms = ({    // RFC 5246 7.4.1.4.1:    // Note: this is a change from TLS 1.1 where there are no explicit    // rules, but as a practical matter one can assume that the peer    // supports MD5 and SHA-1.    ({ HASH_sha, SIGNATURE_rsa }),    ({ HASH_sha, SIGNATURE_dsa }),    ({ HASH_sha, SIGNATURE_ecdsa }),   });