From 5b304e5f209e46bce97db12691d8658b62b670b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 28 Nov 2006 03:41:55 +0000
Subject: [PATCH] Need better code in the DH parameter rejection case, add
 comment to that effect.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19165 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 691bb2544..1d7207237 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -305,8 +305,10 @@ get_dh_param(krb5_context context,
     ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits, 
 			    &dhparam.p, &dhparam.g, &dhparam.q, moduli,
 			    &client_params->dh_group_name);
-    if (ret)
+    if (ret) {
+	/* XXX send back proposal of better group */
 	goto out;
+    }
 
     dh = DH_new();
     if (dh == NULL) {