pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:338:    // Don't clear out the entire list though, as that makes all peers    // fail.    if( sizeof(c) )    certs = c;    }       SSL3_DEBUG_MSG("Client supported certificates: %O\n", certs);       // Find the set of key exchange algorithms supported by    // the remaining certs. -  ke_mask = (1<<KE_null)|(1<<KE_dh_anon) +  ke_mask = (1<<KE_null)|(1<<KE_dh_anon)|(1<<KE_psk)|(1<<KE_dhe_psk)   #if constant(Crypto.ECC.Curve)    |(1<<KE_ecdh_anon)   #endif    ;    if (version >= PROTOCOL_TLS_1_2) {    ke_mask = `|(ke_mask, @certs->ke_mask_invariant);    } else {    ke_mask = `|(ke_mask, @certs->ke_mask);    }   
pike.git/lib/modules/SSL.pmod/Session.pike:385:    if( is_supported_suite(s, ke_mask, version) ) {    suite = s;    break;    }       if (suite==-1) {    SSL3_DEBUG_MSG("No suites left after certificate filtering.\n");    return 0;    }    -  SSL3_DEBUG_MSG("selected suite:\n%s\n", fmt_cipher_suite(cipher_suites)); +  SSL3_DEBUG_MSG("selected suite:\n%s\n", fmt_cipher_suite(suite));       int ke_method = [int]CIPHER_SUITES[suite][0];       SSL3_DEBUG_MSG("Selecting server key and certificate.\n");       int max_hash_size = 512;       // Now we can select the actual cert to use.    if ( !KE_Anonymous[ke_method] ) {    CertificatePair cert;