pike.git / lib / modules / SSL.pmod / Session.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Session.pike:6:   //! choice of encryption algorithms and a "master secret" created by   //! keyexchange with a client. Each connection can either do a full key   //! exchange to established a new session, or reuse a previously   //! established session. That is why we have the session abstraction and   //! the session cache. Each session is used by one or more connections, in   //! sequence or simultaneously.   //!   //! It is also possible to change to a new session in the middle of a   //! connection.    - import .Constants; + import "."; + import Constants;   protected constant Struct = ADT.struct; - #define State .State +       #ifdef SSL3_DEBUG   #define SSL3_DEBUG_MSG(X ...) werror(X)   #else /*! SSL3_DEBUG */   #define SSL3_DEBUG_MSG(X ...)   #endif /* SSL3_DEBUG */      //! Identifies the session to the server   string(0..255) identity;      //! Always COMPRESSION_null.   int compression_algorithm;      //! Constant defining a choice of keyexchange, encryption and mac   //! algorithm.   int cipher_suite;      //! Information about the encryption method derived from the   //! cipher_suite. - .Cipher.CipherSpec cipher_spec; + Cipher.CipherSpec cipher_spec;      //! Key exchange method, also derived from the cipher_suite.   int ke_method;      //! Key exchange factory, derived from @[ke_method]. - program(.Cipher.KeyExchange) ke_factory; + program(Cipher.KeyExchange) ke_factory;      //! 48 byte secret shared between the client and the server. Used for   //! deriving the actual keys.   string(0..255) master_secret;      //! information about the certificate in use by the peer, such as issuing authority, and verification status.   mapping cert_data;      //! Negotiated protocol version.   ProtocolVersion version;
pike.git/lib/modules/SSL.pmod/Session.pike:130:   #endif /* Crypto.ECC.Curve */      //! Heartbeat mode.   HeartBeatModeType heartbeat_mode = HEARTBEAT_MODE_disabled;      //! Indicates if this session has the required server certificate keys   //! set. No means that no or the wrong type of certificate was sent   //! from the server.   int(0..1) has_required_certificates()   { -  if (!peer_public_key) return (cipher_spec->sign == .Cipher.anon_sign); +  if (!peer_public_key) return (cipher_spec->sign == Cipher.anon_sign);    return 1;   }      //! Used to filter certificates not supported by the peer.   //!   //! @param cp   //! Candidate @[CertificatePair].   //!   //! @param version   //! Negotiated version of SSL.
pike.git/lib/modules/SSL.pmod/Session.pike:375:   //!   //! @param version   //! The SSL protocol version to use.   //!   //! @param signature_algorithms   //! The set of signature algorithms tuples that the client claims to support.   int set_cipher_suite(int suite, ProtocolVersion|int version,    array(array(int)) signature_algorithms,    int max_hash_size)   { -  array res = .Cipher.lookup(suite, version, signature_algorithms, +  array res = Cipher.lookup(suite, version, signature_algorithms,    truncated_hmac?512:max_hash_size);    if (!res) return 0;    cipher_suite = suite;    ke_method = [int]res[0];    switch(ke_method) {    case KE_null: -  ke_factory = .Cipher.KeyExchangeNULL; +  ke_factory = Cipher.KeyExchangeNULL;    break;    case KE_rsa:    case KE_rsa_fips: -  ke_factory = .Cipher.KeyExchangeRSA; +  ke_factory = Cipher.KeyExchangeRSA;    break;    case KE_dh_dss:    case KE_dh_rsa: -  ke_factory = .Cipher.KeyExchangeDH; +  ke_factory = Cipher.KeyExchangeDH;    break;    case KE_dh_anon:    case KE_dhe_rsa:    case KE_dhe_dss: -  ke_factory = .Cipher.KeyExchangeDHE; +  ke_factory = Cipher.KeyExchangeDHE;    break;   #if constant(SSL.Cipher.KeyExchangeECDHE)    case KE_ecdhe_rsa:    case KE_ecdhe_ecdsa:    case KE_ecdh_anon: -  ke_factory = .Cipher.KeyExchangeECDHE; +  ke_factory = Cipher.KeyExchangeECDHE;    break;    case KE_ecdh_rsa:    case KE_ecdh_ecdsa: -  ke_factory = .Cipher.KeyExchangeECDH; +  ke_factory = Cipher.KeyExchangeECDH;    break;   #endif    default:    error("set_cipher_suite: Unsupported key exchange method: %d\n",    ke_method);    break;    }    -  cipher_spec = [object(.Cipher.CipherSpec)]res[1]; +  cipher_spec = [object(Cipher.CipherSpec)]res[1];   #ifdef SSL3_DEBUG    werror("SSL.session: cipher_spec %O\n",    mkmapping(indices(cipher_spec), values(cipher_spec)));   #endif    return 1;   }      //! Sets the compression method. Currently only @[COMPRESSION_null] is   //! supported.   void set_compression_method(int compr)