From 145960cda96b4e3ed10c8013608d42549c97d0ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Thu, 30 Mar 2006 03:12:06 +0000
Subject: [PATCH] Add pool of certificates to help certificate path building
 for clients sending incomplete path in the signedData.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16856 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kuser/kinit.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kuser/kinit.c b/kuser/kinit.c
index 3b6cfdc50..43e637ed0 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -70,6 +70,7 @@ int convert_524		= 0;
 int fcache_version;
 char *pk_user_id	= NULL;
 char *pk_x509_anchors	= NULL;
+char **pk_x509_pool	= NULL;
 
 
 static char *krb4_cc_name;
@@ -464,6 +465,7 @@ get_new_tickets(krb5_context context,
 						 principal,
 						 pk_user_id,
 						 pk_x509_anchors,
+						 pk_x509_pool,
 						 0,
 						 NULL,
 						 NULL,
@@ -800,6 +802,12 @@ main (int argc, char **argv)
 				krb5_principal_get_realm(context, principal), 
 				"afslog", TRUE, &do_afslog);
 
+    /* XXX implement krb5_appdefault_strings  */
+    pk_x509_pool = krb5_config_get_strings(context, NULL,
+					   "appdefaults", 
+					   "pkinit-pool", 
+					   NULL);
+
     if (pk_x509_anchors == NULL)
 	krb5_appdefault_string(context, "kinit",
 			       krb5_principal_get_realm(context, principal),