From 65d743807c33d7aae95ecd466966a9b0f545a7e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 6 Dec 2006 10:42:41 +0000
Subject: [PATCH] Add comment that the anchors in the signed data really should
 be the trust anchors of the client.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19241 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 1d7207237..bb19cadef 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -775,6 +775,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
 					NULL,
 					cert,
 					client_params->peer,
+					/* XXX should be the clients anchors */
 					kdc_identity->anchors,
 					kdc_identity->certpool,
 					&signed_data);
@@ -888,6 +889,7 @@ pk_mk_pa_reply_dh(krb5_context context,
 					NULL,
 					cert,
 					client_params->peer,
+					/* XXX should be the clients anchors */
 					kdc_identity->anchors,
 					kdc_identity->certpool,
 					&signed_data);