make kerberos work with OPENSSL_NO_SSL_INTERN
This commit is contained in:
Dr. Stephen Henson
parent
b0188c4f07
commit
4f7a2ab8b1
@ -539,6 +539,9 @@ int MAIN(int argc, char **argv)
|
||||
{
|
||||
unsigned int off=0, clr=0;
|
||||
SSL *con=NULL;
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
KSSL_CTX *kctx;
|
||||
#endif
|
||||
int s,k,width,state=0;
|
||||
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
|
||||
int cbuf_len,cbuf_off;
|
||||
@ -1212,9 +1215,10 @@ bad:
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
if (con && (kctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
|
||||
SSL_set0_kssl_ctx(con, kctx);
|
||||
kssl_ctx_setstring(kctx, KSSL_SERVER, host);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
/* SSL_set_cipher_list(con,"RC4-MD5"); */
|
||||
|
||||
@ -1943,6 +1943,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
unsigned long l;
|
||||
SSL *con=NULL;
|
||||
BIO *sbio;
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
KSSL_CTX *kctx;
|
||||
#endif
|
||||
struct timeval timeout;
|
||||
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
|
||||
struct timeval tv;
|
||||
@ -1983,12 +1986,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
if ((kctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
|
||||
KRB5SVC);
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
|
||||
KRB5KEYTAB);
|
||||
SSL_set0_kssl_ctx(con, kctx);
|
||||
kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
|
||||
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if(context)
|
||||
@ -2341,6 +2343,9 @@ static int init_ssl_connection(SSL *con)
|
||||
const unsigned char *next_proto_neg;
|
||||
unsigned next_proto_neg_len;
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
char *client_princ;
|
||||
#endif
|
||||
|
||||
if ((i=SSL_accept(con)) <= 0)
|
||||
{
|
||||
@ -2394,10 +2399,11 @@ static int init_ssl_connection(SSL *con)
|
||||
TLS1_FLAGS_TLS_PADDING_BUG)
|
||||
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if (con->kssl_ctx->client_princ != NULL)
|
||||
client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
|
||||
if (client_princ != NULL)
|
||||
{
|
||||
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
|
||||
con->kssl_ctx->client_princ);
|
||||
client_princ);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
|
||||
@ -2449,6 +2455,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
SSL *con;
|
||||
const SSL_CIPHER *c;
|
||||
BIO *io,*ssl_bio,*sbio;
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
KSSL_CTX *kctx;
|
||||
#endif
|
||||
|
||||
buf=OPENSSL_malloc(bufsize);
|
||||
if (buf == NULL) return(0);
|
||||
@ -2480,10 +2489,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
||||
}
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
|
||||
if ((kctx = kssl_ctx_new()) != NULL)
|
||||
{
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
|
||||
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
|
||||
kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
|
||||
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
|
||||
}
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
if(context) SSL_set_session_id_context(con, context,
|
||||
|
||||
16
ssl/kssl.c
16
ssl/kssl.c
@ -2191,6 +2191,22 @@ krb5_error_code kssl_build_principal_2(
|
||||
return ENOMEM;
|
||||
}
|
||||
|
||||
void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
|
||||
{
|
||||
s->kssl_ctx = kctx;
|
||||
}
|
||||
|
||||
KSSL_CTX * SSL_get0_kssl_ctx(SSL *s)
|
||||
{
|
||||
return s->kssl_ctx;
|
||||
}
|
||||
|
||||
char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
|
||||
{
|
||||
if (kctx)
|
||||
return kctx->client_princ;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#else /* !OPENSSL_NO_KRB5 */
|
||||
|
||||
|
||||
@ -172,6 +172,10 @@ krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
|
||||
krb5_timestamp *atimep, KSSL_ERR *kssl_err);
|
||||
unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
|
||||
|
||||
void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
|
||||
KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
|
||||
char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user