oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

return up kdc_cert from signing operation so that OSCP can do the right thing. cid#55

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24130 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-12-11 05:04:50 +00:00
parent bb8485b49c
commit 9c92a36dd8
1 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
kdc/pkinit.c
View File

@@ -685,7 +685,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
const KDC_REQ *req,
const krb5_data *req_buffer,
krb5_keyblock *reply_key,
ContentInfo *content_info)
ContentInfo *content_info,
hx509_cert *kdc_cert)
{
const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
krb5_error_code ret;
@@ -696,6 +697,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
krb5_data_zero(&buf);
krb5_data_zero(&signed_data);
*kdc_cert = NULL;
/*
* If the message client is a win2k-type but it send pa data
* 09-binding it expects a IETF (checksum) reply so there can be
@@ -809,7 +812,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
client_params->client_anchors,
kdc_identity->certpool,
&signed_data);
hx509_cert_free(cert);
*kdc_cert = cert;
}
krb5_data_free(&buf);
@@ -840,6 +843,11 @@ pk_mk_pa_reply_enckey(krb5_context context,
oid_id_pkcs7_envelopedData(),
content_info);
out:
if (ret && *kdc_cert) {
hx509_cert_free(*kdc_cert);
*kdc_cert = NULL;
}
krb5_data_free(&buf);
krb5_data_free(&signed_data);
return ret;
@@ -1027,7 +1035,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
req,
req_buffer,
&client_params->reply_key,
&info);
&info,
&kdc_cert);
if (ret) {
free_PA_PK_AS_REP(&rep);
goto out;
@@ -1121,7 +1130,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
req,
req_buffer,
&client_params->reply_key,
&info);
&info,
&kdc_cert);
if (ret) {
free_PA_PK_AS_REP_Win2k(&rep);
goto out;