Remove Kerberos support from libssl

Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-12 10:27:53 +01:00
parent 5561419a60
commit 55a9a16f1c
31 changed files with 839 additions and 4406 deletions
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -526,16 +526,12 @@ int dtls1_accept(SSL *s)
                    * RFC 2246):
                    */
                   ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
-                    /*
-                     * ... except when the application insists on
-                     * verification (against the specs, but s3_clnt.c accepts
-                     * this for SSL 3)
-                     */
-                    !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
                   /*
-                    * never request cert in Kerberos ciphersuites
+                    * ... except when the application insists on
+                    * verification (against the specs, but s3_clnt.c accepts
+                    * this for SSL 3)
                    */
-                   (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)
+                   !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
                   /*
                    * With normal PSK Certificates and Certificate Requests
                    * are omitted