oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
16,742 Commits 2 Branches 2 Tags
1e12165c58e7c6d26bd4d501556287de1a1856b8
Commit Graph

102 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
1e12165c58 (krb5_get_init_creds_opt_set_pkinit): move parsing of the 
configuration file to the library so application doesn't need to deal
with it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17529 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-11 10:16:01 +00:00
Love Hörnquist Åstrand
66cc779e91 (_krb5_pk_load_id): pass the hx509_lock to when trying to read the 
user certificate.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17526 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-11 07:03:10 +00:00
Love Hörnquist Åstrand
60736cd1ec (hx_pass_prompter): return 0 on success and 1 on failure. Pointed out 
by Douglas E. Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17525 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-11 06:59:56 +00:00
Love Hörnquist Åstrand
64f9c706ec (_krb5_pk_verify_sign): Use hx509_get_one_cert. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17506 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-07 12:32:38 +00:00
Love Hörnquist Åstrand
9f59e70024 Now that hcrypto supports DH, remove check for hx509 null DH. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17491 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-06 13:24:54 +00:00
Love Hörnquist Åstrand
b3fc06db32 Catch using hx509 null DH and print a more useful error message. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17440 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-05 07:33:33 +00:00
Love Hörnquist Åstrand
9b824aa05f Deal with that hx509_prompt.reply is no longer a pointer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17420 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-03 18:56:27 +00:00
Love Hörnquist Åstrand
fa7b5da860 (cert2epi): don't include subject if its null 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17368 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 07:36:27 +00:00
Love Hörnquist Åstrand
92ed76e969 Send over what trust anchors the client have configured. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17364 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-29 21:29:28 +00:00
Love Hörnquist Åstrand
03276c9ead (pk_verify_host): set better error string, only check kdc name/address 
when we got a hostname/address passed in the the function.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17349 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-29 15:04:42 +00:00
Love Hörnquist Åstrand
e5194fdc60 (pk_verify_host): verify hostname/address 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17332 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-28 11:23:35 +00:00
Love Hörnquist Åstrand
25f574426e (_krb5_pk_allow_proxy_certificate); less arguments better 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17291 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 18:54:16 +00:00
Love Hörnquist Åstrand
53905171a0 (_krb5_pk_allow_proxy_certificates): expose hx509_verify_set_proxy_certificate 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17286 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 18:41:40 +00:00
Love Hörnquist Åstrand
2157835b75 Pass down realm to pk_verify_host so the function can verify the 
certificate is from the right realm.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17196 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-24 08:23:47 +00:00
Love Hörnquist Åstrand
4828d9e4e4 (pk_verify_host): Add begining of finding subjectAltName_otherName 
pk-init-san and verifing it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17192 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-23 21:30:17 +00:00
Love Hörnquist Åstrand
9578393792 Add pkinit_require_eku and pkinit_require_krbtgt_otherName 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17177 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-23 20:07:51 +00:00
Love Hörnquist Åstrand
313fa917d5 Adapt to change in hx509_cms_create_signed_1. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-22 12:10:16 +00:00
Love Hörnquist Åstrand
e43d859600 Handle diffrences between libhcrypto and libcrypto. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17109 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-20 17:08:46 +00:00
Love Hörnquist Åstrand
19aee3ece1 (_krb5_pk_load_id): Added certificate revoke information, ie CRL's 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17053 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-12 13:19:13 +00:00
Love Hörnquist Åstrand
ff8a601d49 (krb5_get_init_creds_opt_set_pkinit); fix prototype 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16857 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-30 03:36:32 +00:00
Love Hörnquist Åstrand
945efb8a96 Add pool of certificates to help certificate path building for clients 
sending incomplete path in the signedData.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16854 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-28 19:57:25 +00:00
Love Hörnquist Åstrand
cd6acf1200 Allow passing in related certificates used to build the chain. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16850 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-28 04:38:14 +00:00
Love Hörnquist Åstrand
5e82b46be0 Use less openssl, spell chelling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16823 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-27 04:12:34 +00:00
Love Hörnquist Åstrand
f024392e81 Switch to hx509. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-26 23:55:17 +00:00
Love Hörnquist Åstrand
a603f569c3 (_krb5_pk_rd_pa_reply): pass down the req_buffer in the w2k case 
too. From Douglas E. Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16801 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-23 17:19:14 +00:00
Love Hörnquist Åstrand
9f095696c7 Make struct krb5_dh_moduli available when compiling w/o pkinit. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16736 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-02-14 10:08:29 +00:00
Love Hörnquist Åstrand
1b1e73d1ff update to new paChecksum definition, update the dhgroup handling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16734 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-02-13 11:51:23 +00:00
Love Hörnquist Åstrand
993ae3a82f (_krb5_dh_group_ok): if not enough bits are generated from the DH groups, fail. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16211 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-21 17:18:38 +00:00
Love Hörnquist Åstrand
8a06dac4ff Add option to require binding between reply and response. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16196 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-20 09:29:19 +00:00
Love Hörnquist Åstrand
79146c3e71 Try both ReplyKey and ReplyKey-Win2k for the Windows case to support 
the updated -09 protocol (using asChecksum). Tell KDC we support this
by sending KRB5-PADATA-PK-AS-09-BINDING in the pa-data.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16192 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-19 21:15:41 +00:00
Love Hörnquist Åstrand
296d9d6457 rename element private to opt_private to make c++ picky compilers less upset. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-12 12:41:04 +00:00
Love Hörnquist Åstrand
6b484c39a5 Inline short functions, share more code, rename COMPAT_27 to 
COMPAT_IETF, pass down a krb5_krbhst_info for verification of KDC
info, and general cleaning up.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16151 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-08 15:32:14 +00:00
Love Hörnquist Åstrand
1ef128fbff Removing PK-INIT-19 support. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16141 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-07 11:00:05 +00:00
Love Hörnquist Åstrand
0915d6890b (_krb5_dh_group_ok): return DH group name on success. 
(krb5_get_init_creds_opt_set_pkinit): use moduli file if it exists


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16140 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-07 10:40:52 +00:00
Love Hörnquist Åstrand
ff2f0da2df (_krb5_dh_group_ok): if q is zero, ignore it. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16138 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-07 08:59:27 +00:00
Love Hörnquist Åstrand
29bab5c5f9 Update error codes. Add name to group. Change return value of 
_krb5_dh_group_ok.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16131 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-07 08:53:15 +00:00
Love Hörnquist Åstrand
178e4c0087 Add support for reading a moduli-file for DH parameters. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16129 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-07 04:37:28 +00:00
Love Hörnquist Åstrand
70a6c9a2e4 Support cached DH variable (still need to store it though), don't 
check the oid of the DH signedData for now.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16097 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-09-25 15:14:31 +00:00
Love Hörnquist Åstrand
8191484ee6 Wrap DH public key in a ASN.1 INTEGER wrapping. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16096 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-09-23 05:47:13 +00:00
Love Hörnquist Åstrand
defb6d5697 Don't check oid's too closely, they change in Windows Vista. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16087 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-09-22 04:18:05 +00:00
Love Hörnquist Åstrand
c850268273 Disable sending -19, fix parsing -27 of the protocol. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16083 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-09-20 23:21:36 +00:00
Love Hörnquist Åstrand
0b55d28880 Remove double free, now pk-init works again. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16082 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-09-20 22:18:24 +00:00
Love Hörnquist Åstrand
fa4a72a52b (pk_verify_chain_standard): set cert to NULL to make sure its not freed. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16079 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-09-20 19:06:40 +00:00
Love Hörnquist Åstrand
f7aeb827d3 Implement verification of asChecksum, now client side code is using 
-27 of the pk-init draft.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15919 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-12 08:53:00 +00:00
Love Hörnquist Åstrand
b24968272f Adapt to IMPLICIT changes in CMS module. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15714 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-07-23 10:42:01 +00:00
Love Hörnquist Åstrand
88be64c770 (pk_rd_pa_reply_dh): client do not contribute to the DH when the 
server doesn't support the cached DH request.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15629 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-07-12 22:31:22 +00:00
Love Hörnquist Åstrand
23dae960cd clean up pk-init DH support, not finished yet; 
improve error reporting


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15623 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-07-12 13:39:51 +00:00
Love Hörnquist Åstrand
2d1b36a743 (_krb5_pk_rd_pa_reply): non non asn1 decoding errors, fail. Make sure 
we free memory on error.
(pk_verify_chain_standard): make sure we provide good errors.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15190 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-19 18:49:05 +00:00
Love Hörnquist Åstrand
d90f956e94 (pk_verify_chain_standard): store better error message in the context 
for certificate errors.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15188 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-19 18:27:15 +00:00
Love Hörnquist Åstrand
a3c6124483 handle pkinit-9, pkinit-19, and pkinit-25 enckey, still no DH 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15116 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-10 19:40:39 +00:00