From 23105c3230c4ad7d3e89397000936c2246071d0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 23 Nov 2006 18:15:10 +0000 Subject: [PATCH] x git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19099 ec53bebd-3082-4978-b11e-865c3cabbd6b --- ChangeLog | 8 +++++++- lib/hx509/ChangeLog | 16 +++++++++++++++- tests/ChangeLog | 6 +++++- 3 files changed, 27 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 71c316164..41f409437 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ -2006-11-21 Love Hörnquist Åstrand +2006-11-23 Love Hörnquist Åstrand + * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users + certs in the pool to make sure a path is returned, without this + proxy certificates wont work. + +2006-11-21 Love Hörnquist Åstrand + * kdc/config.c: Make all pkinit options prefixed with pkinit_ * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from diff --git a/lib/hx509/ChangeLog b/lib/hx509/ChangeLog index 9ee46eb57..7919037ea 100644 --- a/lib/hx509/ChangeLog +++ b/lib/hx509/ChangeLog @@ -1,5 +1,19 @@ -2006-11-16 Love Hörnquist Åstrand +2006-11-23 Love Hörnquist Åstrand + * cert.c (_hx509_calculate_path): allow to calculate optimistic + path when we don't know the trust anchors, just follow the chain + upward until we no longer find a parent or we hit the max limit. + + * cms.c (hx509_cms_create_signed_1): provide a best effort path to + the trust anchors to be stored in the SignedData packet, if find + parents until trust anchor or max length. + + * data: regen + + * data/gen-req.sh: Build pk-init proxy cert. + +2006-11-16 Love Hörnquist Åstrand + * error.c (hx509_get_error_string): Put ", " between strings in error message. diff --git a/tests/ChangeLog b/tests/ChangeLog index 14921c258..2f7539123 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,5 +1,9 @@ -2006-11-19 Love Hörnquist Åstrand +2006-11-23 Love Hörnquist Åstrand + * kdc/check-kdc.in: Test proxy cert. + +2006-11-19 Love Hörnquist Åstrand + * kdc/krb5.conf.in: revert the enable-pkinit change, and make it consistant with all other other enable- options