pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:36:   //! deriving the actual keys.   string(8bit) master_secret;      //! Information about the certificate in use by the peer, such as   //! issuing authority, and verification status.   mapping cert_data;      //! Negotiated protocol version.   ProtocolVersion version;    - //! the peer certificate chain + //! The peer certificate chain   array(string(8bit)) peer_certificate_chain;    - //! our certificate chain + //! Our certificate chain   array(string(8bit)) certificate_chain;      //! Our private key.   Crypto.Sign.State private_key;      //! The peer's public key (from the certificate).   Crypto.Sign.State peer_public_key;      //! The max fragment size requested by the client.   int max_packet_size = PACKET_MAX_SIZE;
pike.git/lib/modules/SSL.pmod/Session.pike:363:   #endif    ;    if (version >= PROTOCOL_TLS_1_2) {    ke_mask = `|(ke_mask, @certs->ke_mask_invariant);    } else {    ke_mask = `|(ke_mask, @certs->ke_mask);    }      #if constant(Crypto.ECC.Curve)    if (!sizeof(ecc_curves) || ecc_point_format==-1) { -  // Client and server have no common curves, so remove ECC from KE -  // mask. +  // The client may claim to support ECC, but hasn't sent the +  // required extension or any curves that we support, so +  // remove ECC from KE mask.    ke_mask &= ~KE_ecc_mask;    }   #endif       if (!sizeof(ffdhe_groups)) {    // The client doesn't support the same set of Finite Field    // Diffie-Hellman groups as we do, so filter DHE.    ke_mask &= ~((1<<KE_dhe_dss)|(1<<KE_dhe_rsa)|    (1<<KE_dh_anon)|(1<<KE_dhe_psk));    }