pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:69:   int max_packet_size = PACKET_MAX_SIZE;      //! Indicates that the packet HMACs should be truncated   //! to the first 10 bytes (80 bits). Cf RFC 3546 3.5.   int(0..1) truncated_hmac;      /*    * Extensions provided by the peer.    */    - //! RFC 4366 3.1 (SNI) - array(string(8bit)) server_names; + //! RFC 6066 3.1 (SNI) + string(8bit) server_name;      //! The set of <hash, signature> combinations supported by the other end.   //!   //! Only used with TLS 1.2 and later.   //!   //! Defaults to the settings from RFC 5246 7.4.1.4.1.   array(array(int)) signature_algorithms = ({    // RFC 5246 7.4.1.4.1:    // Note: this is a change from TLS 1.1 where there are no explicit    // rules, but as a practical matter one can assume that the peer
pike.git/lib/modules/SSL.pmod/Session.pike:244:   //!   //! @param version   //! The SSL protocol version to use.   //!   //! Typical client extensions that also are used:   //! @dl   //! @item @[signature_algorithms]   //! The set of signature algorithm tuples that   //! the client claims to support.   //! - //! @item @[server_names] + //! @item @[server_name]   //! Server Name Indication extension from the client.   //! May be @expr{0@} (zero) if the client hasn't sent any SNI.   //! @enddl   int select_cipher_suite(object context,    array(int) cipher_suites,    ProtocolVersion version)   {    if (!sizeof(cipher_suites)) return 0;       // First we need to check what certificate candidates we have.    array(CertificatePair) certs =    ([function(array(string(8bit)): array(CertificatePair))] -  context->find_cert)(server_names); +  context->find_cert)( server_name && ({ server_name }) );       SSL3_DEBUG_MSG("Candidate certificates: %O\n", certs);       // Find the set of key exchange algorithms supported by the client.    int ke_mask = 0;    foreach(cipher_suites, int suite) {    if (CIPHER_SUITES[suite]) {    ke_mask |= 1 << [int](CIPHER_SUITES[suite][0]);    }    }