From 7298e49a3ffc6891b6970beb6d366aa5579cca50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 21 Apr 2004 15:21:05 +0000 Subject: [PATCH] use the first proposed enable enctype git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13739 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/pkinit.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 17968470c..5098c135c 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -904,6 +904,7 @@ pk_mk_pa_reply(krb5_context context, void *buf; size_t len, size; krb5_enctype enctype; + int i; if (!enable_pkinit) { krb5_clear_error_string(context); @@ -913,15 +914,19 @@ pk_mk_pa_reply(krb5_context context, memset(&rep, 0, sizeof(rep)); if (req->req_body.etype.len < 1) { + } + + /* XXX select best/allowed enctype */ + for (i = 0; i < req->req_body.etype.len; i++) + if (krb5_enctype_valid(context, req->req_body.etype.val[i]) == 0) + break; + if (req->req_body.etype.len <= i) { ret = KRB5KRB_ERR_GENERIC; krb5_set_error_string(context, "No valid enctype available from client"); goto out; - } - - /* XXX select best/allowed enctype */ - enctype = req->req_body.etype.val[0]; - enctype = ETYPE_DES3_CBC_SHA1; + } + enctype = req->req_body.etype.val[i]; if (client_params->dh == NULL) { rep.element = choice_PA_PK_AS_REP_encKeyPack;