pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:232:    // during the handshake.    return 0;    }       return 1;   }      //! Selects an apropriate certificate, authentication method   //! and cipher suite for the parameters provided by the client.   //! - //! @param context - //! The server context. + //! @param certs + //! The list of @[CertificatePair]s that are applicable to the + //! @[server_name] of this session.   //!   //! @param client_suites   //! The set of cipher suites that the client claims to support.   //!   //! @param version   //! The SSL protocol version to use.   //!   //! Typical client extensions that also are used:   //! @dl   //! @item @[signature_algorithms]   //! The set of signature algorithm tuples that   //! the client claims to support. - //! - //! @item @[server_name] - //! Server Name Indication extension from the client. - //! May be @expr{0@} (zero) if the client hasn't sent any SNI. +    //! @enddl - int select_cipher_suite(object context, + int select_cipher_suite(array(CertificatePair) certs,    array(int) cipher_suites,    ProtocolVersion version)   {    if (!sizeof(cipher_suites)) return 0;    -  // First we need to check what certificate candidates we have. -  array(CertificatePair) certs = -  ([function(string(8bit): array(CertificatePair))] -  context->find_cert_domain)( server_name ); -  +     SSL3_DEBUG_MSG("Candidate certificates: %O\n", certs);       // Find the set of key exchange algorithms supported by the client.    int ke_mask = 0;    foreach(cipher_suites, int suite) {    if (CIPHER_SUITES[suite]) {    ke_mask |= 1 << [int](CIPHER_SUITES[suite][0]);    }    }