return up kdc_cert from signing operation so that OSCP can do the right thing. cid#55
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24130 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
18
kdc/pkinit.c
18
kdc/pkinit.c
@@ -685,7 +685,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
|||||||
const KDC_REQ *req,
|
const KDC_REQ *req,
|
||||||
const krb5_data *req_buffer,
|
const krb5_data *req_buffer,
|
||||||
krb5_keyblock *reply_key,
|
krb5_keyblock *reply_key,
|
||||||
ContentInfo *content_info)
|
ContentInfo *content_info,
|
||||||
|
hx509_cert *kdc_cert)
|
||||||
{
|
{
|
||||||
const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
|
const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
@@ -696,6 +697,8 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
|||||||
krb5_data_zero(&buf);
|
krb5_data_zero(&buf);
|
||||||
krb5_data_zero(&signed_data);
|
krb5_data_zero(&signed_data);
|
||||||
|
|
||||||
|
*kdc_cert = NULL;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If the message client is a win2k-type but it send pa data
|
* If the message client is a win2k-type but it send pa data
|
||||||
* 09-binding it expects a IETF (checksum) reply so there can be
|
* 09-binding it expects a IETF (checksum) reply so there can be
|
||||||
@@ -809,7 +812,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
|||||||
client_params->client_anchors,
|
client_params->client_anchors,
|
||||||
kdc_identity->certpool,
|
kdc_identity->certpool,
|
||||||
&signed_data);
|
&signed_data);
|
||||||
hx509_cert_free(cert);
|
*kdc_cert = cert;
|
||||||
}
|
}
|
||||||
|
|
||||||
krb5_data_free(&buf);
|
krb5_data_free(&buf);
|
||||||
@@ -840,6 +843,11 @@ pk_mk_pa_reply_enckey(krb5_context context,
|
|||||||
oid_id_pkcs7_envelopedData(),
|
oid_id_pkcs7_envelopedData(),
|
||||||
content_info);
|
content_info);
|
||||||
out:
|
out:
|
||||||
|
if (ret && *kdc_cert) {
|
||||||
|
hx509_cert_free(*kdc_cert);
|
||||||
|
*kdc_cert = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
krb5_data_free(&buf);
|
krb5_data_free(&buf);
|
||||||
krb5_data_free(&signed_data);
|
krb5_data_free(&signed_data);
|
||||||
return ret;
|
return ret;
|
||||||
@@ -1027,7 +1035,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
|||||||
req,
|
req,
|
||||||
req_buffer,
|
req_buffer,
|
||||||
&client_params->reply_key,
|
&client_params->reply_key,
|
||||||
&info);
|
&info,
|
||||||
|
&kdc_cert);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
free_PA_PK_AS_REP(&rep);
|
free_PA_PK_AS_REP(&rep);
|
||||||
goto out;
|
goto out;
|
||||||
@@ -1121,7 +1130,8 @@ _kdc_pk_mk_pa_reply(krb5_context context,
|
|||||||
req,
|
req,
|
||||||
req_buffer,
|
req_buffer,
|
||||||
&client_params->reply_key,
|
&client_params->reply_key,
|
||||||
&info);
|
&info,
|
||||||
|
&kdc_cert);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
free_PA_PK_AS_REP_Win2k(&rep);
|
free_PA_PK_AS_REP_Win2k(&rep);
|
||||||
goto out;
|
goto out;
|
||||||
|
|||||||
Reference in New Issue
Block a user