pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:311:    certs = [array(CertificatePair)]    filter(certs, is_supported_cert, ke_mask, h_max, version, ecc_curves);       if( version<PROTOCOL_TLS_1_2 && sizeof(certs)>1 )    {    // GNU-TLS doesn't like eg SHA being used with SHA256 certs.    // FIXME: Can this be made more narrow?    array(CertificatePair) c = [array(CertificatePair)]    filter(certs, lambda(CertificatePair cp)    { +  int scheme = cp->sign_algs[0]; +  if ((scheme & HASH_MASK) == HASH_intrinsic) return 1;    Crypto.Hash hash = [object(Crypto.Hash)]    HASH_lookup[cp->sign_algs[0] & HASH_MASK];    return hash->digest_size() <= h_max;    });    // Don't clear out the entire list though, as that makes all peers    // fail.    if( sizeof(c) )    certs = c;    }