pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:367:    }       if (version >= PROTOCOL_TLS_1_3) {    // TLS 1.3 and later only support ephemeral keyexchanges.    ke_mask &= ((1<<KE_dhe_dss)|(1<<KE_dhe_rsa)|(1<<KE_dh_anon)|    (1<<KE_ecdhe_ecdsa)|(1<<KE_ecdhe_rsa)|(1<<KE_ecdh_anon));    }       // Given the set of certs, filter the set of client_suites,    // to find the best. -  cipher_suites = -  filter(cipher_suites, is_supported_suite, ke_mask, version); +  int suite = -1; +  foreach(cipher_suites, int s) +  if( is_supported_suite(s, ke_mask, version) ) { +  suite = s; +  break; +  }    -  if (!sizeof(cipher_suites)) { +  if (suite==-1) {    SSL3_DEBUG_MSG("No suites left after certificate filtering.\n");    return 0;    }    -  SSL3_DEBUG_MSG("intersection:\n%s\n", -  fmt_cipher_suites(cipher_suites)); +  SSL3_DEBUG_MSG("selected suite:\n%s\n", fmt_cipher_suite(cipher_suites));    -  int suite = cipher_suites[0]; -  +     int ke_method = [int]CIPHER_SUITES[suite][0];       SSL3_DEBUG_MSG("Selecting server key and certificate.\n");       int max_hash_size = 512;       // Now we can select the actual cert to use.    if ( !KE_Anonymous[ke_method] ) {    CertificatePair cert;