[16713] in Kerberos-V5-bugs
[krbdev.mit.edu #8984] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Feb 17 15:44:49 2021
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-85662-1613594677-440.8984-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8984":;
Date: Wed, 17 Feb 2021 15:44:37 -0500
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8984 >
Load certs when checking pkinit_identities values
Move the crypto_load_certs() probe from pkinit_identity_initialize()
to process_option_identity(). This will attempt to load a certificate
for each pkinit_identities value, and if the certificate load fails to
move to the next line.
For PKCS11, return an error if pkinit_open_session() fails, but do not
fail in pkinit_open_session() just because identity prompts are
deferred.
[ghudson@mit.edu: added test case; moved cert probe to
process_option_identity(); rewrote commit message]
(cherry picked from commit 13ae08e70a05768d4f65978ce1a8d4e16fec0d35)
https://github.com/krb5/krb5/commit/2a3a4088ecafea68d0a91a48c4abc3c11cdf59d8
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 2a3a4088ecafea68d0a91a48c4abc3c11cdf59d8
Branch: krb5-1.19
doc/admin/conf_files/krb5_conf.rst | 7 ++--
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 10 ++----
src/plugins/preauth/pkinit/pkinit_identity.c | 30 ++++++++++----------
src/tests/t_pkinit.py | 7 ++++
4 files changed, 29 insertions(+), 25 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
