Add comment that the anchors in the signed data really should be the

trust anchors of the client. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19241 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-12-06 10:42:41 +00:00
parent 6dbdfd41fc
commit 65d743807c
1 changed files with 2 additions and 0 deletions
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -775,6 +775,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
 					NULL,
 					cert,
 					client_params->peer,
+					/* XXX should be the clients anchors */
 					kdc_identity->anchors,
 					kdc_identity->certpool,
 					&signed_data);
@@ -888,6 +889,7 @@ pk_mk_pa_reply_dh(krb5_context context,
 					NULL,
 					cert,
 					client_params->peer,
+					/* XXX should be the clients anchors */
 					kdc_identity->anchors,
 					kdc_identity->certpool,
 					&signed_data);