pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:312:    filter(certs, is_supported_cert, ke_mask, h_max, version, ecc_curves);       if( version<PROTOCOL_TLS_1_2 && sizeof(certs)>1 )    {    // GNU-TLS doesn't like eg SHA being used with SHA256 certs.    // FIXME: Can this be made more narrow?    array(CertificatePair) c = [array(CertificatePair)]    filter(certs, lambda(CertificatePair cp)    {    Crypto.Hash hash = [object(Crypto.Hash)] -  HASH_lookup[cp->sign_algs[0][0]]; +  HASH_lookup[cp->sign_algs[0] & HASH_MASK];    return hash->digest_size() <= h_max;    });    // Don't clear out the entire list though, as that makes all peers    // fail.    if( sizeof(c) )    certs = c;    }       SSL3_DEBUG_MSG("Client supported certificates: %O\n", certs);    return certs;