x

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19099 ec53bebd-3082-4978-b11e-865c3cabbd6b

ChangeLog

@@ -1,5 +1,11 @@
-2006-11-21  Love H<>rnquist <20>strand  <lha@it.su.se>
+2006-11-23  Love H<>rnquist <20>strand  <lha@it.su.se>
 
+	* lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users
+	certs in the pool to make sure a path is returned, without this
+	proxy certificates wont work.
+	
+2006-11-21  Love H<>rnquist <20>strand  <lha@it.su.se>
+	
 	* kdc/config.c: Make all pkinit options prefixed with pkinit_
 
 	* lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from

lib/hx509/ChangeLog

@@ -1,5 +1,19 @@
-2006-11-16  Love H<>rnquist <20>strand  <lha@it.su.se>
+2006-11-23  Love H<>rnquist <20>strand  <lha@it.su.se>
 
+	* cert.c (_hx509_calculate_path): allow to calculate optimistic
+	path when we don't know the trust anchors, just follow the chain
+	upward until we no longer find a parent or we hit the max limit.
+
+	* cms.c (hx509_cms_create_signed_1): provide a best effort path to
+	the trust anchors to be stored in the SignedData packet, if find
+	parents until trust anchor or max length.
+
+	* data: regen
+
+	* data/gen-req.sh: Build pk-init proxy cert.
+	
+2006-11-16  Love H<>rnquist <20>strand  <lha@it.su.se>
+	
 	* error.c (hx509_get_error_string): Put ", " between strings in
 	error message.
 	

tests/ChangeLog

@@ -1,5 +1,9 @@
-2006-11-19  Love H<>rnquist <20>strand  <lha@it.su.se>
+2006-11-23  Love H<>rnquist <20>strand  <lha@it.su.se>
 
+	* kdc/check-kdc.in: Test proxy cert.
+	
+2006-11-19  Love H<>rnquist <20>strand  <lha@it.su.se>
+	
 	* kdc/krb5.conf.in: revert the enable-pkinit change, and make it
 	consistant with all other other enable- options