More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>
His comments are: First, it corrects a problem introduced in the last patch where the kssl_map_enc() would intentionally return NULL for valid ENCTYPE values. This was done to prevent verification of the kerberos 5 authenticator from being performed when Derived Key ciphers were in use. Unfortunately, the authenticator verification routine was not the only place that function was used. And it caused core dumps. Second, it attempt to add to SSL_SESSION the Kerberos 5 Client Principal Name.
This commit is contained in:
@@ -106,6 +106,7 @@ extern "C" {
|
||||
#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
|
||||
#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
|
||||
#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
|
||||
#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
|
||||
|
||||
#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
|
||||
#define SSL_MAX_SID_CTX_LENGTH 32
|
||||
@@ -283,6 +284,11 @@ typedef struct ssl_session_st
|
||||
unsigned int sid_ctx_length;
|
||||
unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
|
||||
|
||||
#ifndef OPENSSL_NO_KRB5
|
||||
unsigned int krb5_client_princ_len;
|
||||
unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
|
||||
#endif /* OPENSSL_NO_KRB5 */
|
||||
|
||||
int not_resumable;
|
||||
|
||||
/* The cert is the certificate used to establish this connection */
|
||||
|
Reference in New Issue
Block a user