[16709] in Kerberos-V5-bugs
[krbdev.mit.edu #8984] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu Feb 11 13:08:31 2021
From: "Greg Hudson via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-112956-1613066886-1046.8984-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8984":;
Date: Thu, 11 Feb 2021 13:08:06 -0500
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Thu Feb 11 13:08:06 2021: Request 8984 was acted upon.
Transaction: Ticket created by ghudson@mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson@mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8984 >
Load certs when checking pkinit_identities values
Move the crypto_load_certs() probe from pkinit_identity_initialize()
to process_option_identity(). This will attempt to load a certificate
for each pkinit_identities value, and if the certificate load fails to
move to the next line.
For PKCS11, return an error if pkinit_open_session() fails, but do not
fail in pkinit_open_session() just because identity prompts are
deferred.
[ghudson@mit.edu: added test case; moved cert probe to
process_option_identity(); rewrote commit message]
https://github.com/krb5/krb5/commit/13ae08e70a05768d4f65978ce1a8d4e16fec0d35
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 13ae08e70a05768d4f65978ce1a8d4e16fec0d35
Branch: master
doc/admin/conf_files/krb5_conf.rst | 7 ++--
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 10 ++----
src/plugins/preauth/pkinit/pkinit_identity.c | 30 ++++++++++----------
src/tests/t_pkinit.py | 7 ++++
4 files changed, 29 insertions(+), 25 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
