From daa7c34ab38c7d2324bc85e9ab2cf45525a3d81e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 15 Dec 2008 04:33:09 +0000
Subject: [PATCH] turn off supportedCMSTypes for now, allow kdc not sending
 correct certs

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24206 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/pkinit.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c
index 49fb1ac66..d855fcb9f 100644
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -453,7 +453,7 @@ build_auth_pack(krb5_context context,
 	a->clientPublicValue->subjectPublicKey.data = dhbuf.data;
     }
 
-    {
+    if (0) {
 	a->supportedCMSTypes = calloc(1, sizeof(*a->supportedCMSTypes));
 	if (a->supportedCMSTypes == NULL)
 	    return ENOMEM;
@@ -648,7 +648,7 @@ pk_mk_padata(krb5_context context,
     if (ret)
 	free(buf.data);
 
-    if (ret == 0 && ctx->type == PKINIT_WIN2K)
+    if (ret == 0)
 	krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0);
 
  out:
@@ -737,7 +737,7 @@ _krb5_pk_verify_sign(krb5_context context,
 
     ret = hx509_cms_verify_signed(id->hx509ctx,
 				  id->verify_ctx,
-				  0,
+				  HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH|HX509_CMS_VS_NO_KU_CHECK,
 				  data,
 				  length,
 				  NULL,