From b3fc06db32f8da0b3e32b78e59c9297928fc000e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Fri, 5 May 2006 07:33:33 +0000
Subject: [PATCH] Catch using hx509 null DH and print a more useful error
 message.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17440 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/pkinit.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c
index 1e25c9e17..112ca4111 100644
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -1836,6 +1836,16 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context,
 
     if ((flags & 2) == 0) {
 	const char *moduli_file;
+	const DH_METHOD *dhm;
+
+	dhm = DH_get_default_method();
+	if (strcmp(dhm->name, "hx509 null DH") == 0) {
+	    krb5_set_error_string(context,
+				  "pkinit uses dummy DH in libhcrypto, "
+				  "please install DH engine");
+	    _krb5_get_init_creds_opt_free_pkinit(opt);
+	    return EINVAL;
+	}
 
 	moduli_file = krb5_config_get_string(context, NULL,
 					     "libdefaults",