[37207] in Kerberos
Re: [EXTERNAL] Re: Heimdahl Kerberos on MacOSX 10.9.5 using pkinit
daemon@ATHENA.MIT.EDU (Glenn Machin)
Tue Aug 25 10:47:06 2015
To: Greg Hudson <ghudson@mit.edu>
From: Glenn Machin <gmachin@sandia.gov>
Message-ID: <55DC7FCE.4030509@sandia.gov>
Date: Tue, 25 Aug 2015 08:46:38 -0600
MIME-Version: 1.0
In-Reply-To: <55DC7E95.6080307@mit.edu>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On the RHEL6 system which has this problem its using OpenSSL 1.0.1e.
Since you indicated OpenSSL 1.0.1f might have the bug fixed, I am going
to build the openssl source for OpenSSL 1.0.1f and link it into our MIT
Kerberos build and see if that fixes the problem. I will let you know
what I find.
Glenn
On 8/25/15 8:41 AM, Greg Hudson wrote:
> On 08/25/2015 12:50 AM, Glenn Machin wrote:
>> Looks like it is an openssl issue, apparently fixed in version 1.0.1f
>> . Seems I asked a similar question then and found this on the
>> krb5-bugs list -
>> http://mailman.mit.edu/pipermail/krb5-bugs/2011-January/008510.html
> Thanks for finding this; I remembered that too, but couldn't find the
> details.
>
> After I sent my last response, I was able to produce the "wrong tag"
> error with your packet by disabling the use of CMS functions and forcing
> the use of PKCS7 functions instead. But it doesn't quite match the
> "nested asn1 error" you are seeing, so I'm not sure it's the same thing.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
