Love Hörnquist Åstrand
|
65d743807c
|
Add comment that the anchors in the signed data really should be the
trust anchors of the client.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19241 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-12-06 10:42:41 +00:00 |
|
Love Hörnquist Åstrand
|
5b304e5f20
|
Need better code in the DH parameter rejection case, add comment to
that effect.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19165 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-11-28 03:41:55 +00:00 |
|
Love Hörnquist Åstrand
|
480aff7f9b
|
(_kdc_pk_rd_padata): Pick up supportedCMSTypes and pass in into
hx509_cms_create_signed_1 via hx509_peer_info blob.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19125 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-11-26 16:38:51 +00:00 |
|
Love Hörnquist Åstrand
|
ddfe47e5e1
|
Update hx509_cms_create_signed_1.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19120 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-11-26 15:50:48 +00:00 |
|
Love Hörnquist Åstrand
|
61623b636c
|
Make app pkinit options prefixed with pkinit_
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19068 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-11-17 22:20:25 +00:00 |
|
Love Hörnquist Åstrand
|
204ec47405
|
(_kdc_pk_check_client): drop client_princ as an argument
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18984 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-11-10 03:37:43 +00:00 |
|
Love Hörnquist Åstrand
|
9956ae0200
|
Catch error string from hx509_cms_verify_signed.
Check for id-pKKdcEkuOID and warn if its not there.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18933 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-11-07 17:24:57 +00:00 |
|
Love Hörnquist Åstrand
|
896bc81f54
|
Default to always print subject dn for pk-init authorization.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18874 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-10-24 17:51:33 +00:00 |
|
Love Hörnquist Åstrand
|
69883abf62
|
Prefix der primitives with der_.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18460 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-10-14 10:16:45 +00:00 |
|
Love Hörnquist Åstrand
|
ca35d60f1e
|
(pk_mk_pa_reply_enckey): add missing break. From Olga Kornievskaia.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18427 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-10-12 20:00:25 +00:00 |
|
Love Hörnquist Åstrand
|
760f9f5bee
|
Sign the request in the encKey case.
Bug reported by Olga Kornievskaia of Umich.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18220 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-10-04 20:54:25 +00:00 |
|
Love Hörnquist Åstrand
|
615106f750
|
(_kdc_pk_check_client): make it not crash when there are no acl
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17831 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-07-13 18:37:58 +00:00 |
|
Love Hörnquist Åstrand
|
fea203a708
|
(_kdc_pk_check_client): use the acl in the kerberos database
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17830 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-07-13 18:32:45 +00:00 |
|
Love Hörnquist Åstrand
|
4c970b550e
|
Avoid shadowing.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17579 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-05-13 21:22:55 +00:00 |
|
Love Hörnquist Åstrand
|
eeb100abe7
|
Don't call DH_check_pubkey, it doesn't exists in older OpenSSL.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17489 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-05-06 13:22:33 +00:00 |
|
Love Hörnquist Åstrand
|
044719a5bd
|
(_kdc_pk_mk_pa_reply): send back ocsp response if it seems to be
valid, simplfy the pkinit-windows DH case (it doesn't exists).
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17410 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-05-02 14:04:34 +00:00 |
|
Love Hörnquist Åstrand
|
36b923f56a
|
(_kdc_pk_check_client): reorganize and make log when a SAN matches.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17348 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-29 14:30:01 +00:00 |
|
Love Hörnquist Åstrand
|
61be59e8c7
|
make compile
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17290 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-26 18:53:52 +00:00 |
|
Love Hörnquist Åstrand
|
459f0648f1
|
Add option [kdc]pki-allow-proxy-certificate=bool to allow using proxy certificate.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17287 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-26 18:42:48 +00:00 |
|
Love Hörnquist Åstrand
|
d7bc1efbc8
|
(_kdc_pk_check_client): Use hx509_cert_get_base_subject to get subject
name of the certificate, needed for proxy certificates.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17285 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-26 18:36:22 +00:00 |
|
Love Hörnquist Åstrand
|
313fa917d5
|
Adapt to change in hx509_cms_create_signed_1.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17171 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-22 12:10:16 +00:00 |
|
Love Hörnquist Åstrand
|
1b73708904
|
(_kdc_pk_rd_padata): use hx509_cms_unwrap_ContentInfo.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17117 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-20 19:55:09 +00:00 |
|
Love Hörnquist Åstrand
|
2ad7b45365
|
Handle diffrences between libhcrypto and libcrypto.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17111 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-20 18:15:48 +00:00 |
|
Love Hörnquist Åstrand
|
6815452550
|
Added certificate revoke information from configuration file.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17054 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-04-12 13:21:46 +00:00 |
|
Love Hörnquist Åstrand
|
945efb8a96
|
Add pool of certificates to help certificate path building for clients
sending incomplete path in the signedData.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16854 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-03-28 19:57:25 +00:00 |
|
Love Hörnquist Åstrand
|
cd6acf1200
|
Allow passing in related certificates used to build the chain.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16850 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-03-28 04:38:14 +00:00 |
|
Love Hörnquist Åstrand
|
56057ad91b
|
(pk_mk_pa_reply_dh): encode the DH public key with asn1 wrapping
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16822 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-03-27 02:27:59 +00:00 |
|
Love Hörnquist Åstrand
|
b6350decc0
|
(_kdc_pk_check_client): More logging.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16821 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-03-27 02:15:12 +00:00 |
|
Love Hörnquist Åstrand
|
f024392e81
|
Switch to hx509.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16814 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-03-26 23:55:17 +00:00 |
|
Love Hörnquist Åstrand
|
5290184954
|
update to new paChecksum definition, use hdb_entry_ex
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16733 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2006-02-13 11:48:21 +00:00 |
|
Love Hörnquist Åstrand
|
3bfded2697
|
(get_dh_param): Pass down config so this function can check pkinit_dh_min_bits
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16210 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-10-21 17:14:19 +00:00 |
|
Love Hörnquist Åstrand
|
1ef128fbff
|
Removing PK-INIT-19 support.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16141 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-10-07 11:00:05 +00:00 |
|
Love Hörnquist Åstrand
|
b1fffa7079
|
Save DH group name and print it on success.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16139 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-10-07 10:40:00 +00:00 |
|
Love Hörnquist Åstrand
|
776512783d
|
Check dh group parameters from client.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16137 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-10-07 08:57:51 +00:00 |
|
Love Hörnquist Åstrand
|
61b1ea80de
|
The public DH key is encoded as an INTEGER in subjectPublicKey.
Don't verify OID's for now.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16098 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-09-25 15:18:14 +00:00 |
|
Love Hörnquist Åstrand
|
f498bc66ae
|
Implement correct DH for -27, now working with client.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16088 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-09-22 13:41:01 +00:00 |
|
Love Hörnquist Åstrand
|
28d0ef8d96
|
Move DH support from -19 to -27.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16086 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-09-21 00:40:32 +00:00 |
|
Love Hörnquist Åstrand
|
39b04f72d8
|
Support PK-INIT-27 DH (and remove -19)
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16080 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-09-20 19:10:29 +00:00 |
|
Love Hörnquist Åstrand
|
aa0dc9b533
|
Switch over logging and comments to -27.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15923 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-08-12 09:21:40 +00:00 |
|
Love Hörnquist Åstrand
|
761074d9a4
|
(pk_mk_pa_reply_enckey): add missing break;
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15922 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-08-12 09:14:52 +00:00 |
|
Love Hörnquist Åstrand
|
9c7e1cc84a
|
Make compile.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15920 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-08-12 08:58:10 +00:00 |
|
Love Hörnquist Åstrand
|
d8b8b146cc
|
Fill in asChecksum, we now implements -27 in the KDC.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15915 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-08-12 08:17:13 +00:00 |
|
Love Hörnquist Åstrand
|
7e8fdbc14d
|
update to pkinit-27
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15760 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-07-26 18:37:02 +00:00 |
|
Love Hörnquist Åstrand
|
9af7efed48
|
prefix pkinit symbols with _kdc
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15544 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-07-01 15:37:24 +00:00 |
|
Love Hörnquist Åstrand
|
de92125f9d
|
adapt pkinit code to libkdc split
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15540 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-07-01 04:42:59 +00:00 |
|
Love Hörnquist Åstrand
|
7a3fc5e663
|
Don't pollute namespace, generate public headerfile
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15532 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-06-30 01:54:49 +00:00 |
|
Love Hörnquist Åstrand
|
7132a9b084
|
Merge in the libkdc/kdc configuration split from Andrew Bartlet <abartlet@samba.org>
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15529 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-06-30 01:03:35 +00:00 |
|
Love Hörnquist Åstrand
|
10cedfe58e
|
(pk_principal_from_X509): remember to free KRB5PrincipalName
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15365 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-06-11 00:42:20 +00:00 |
|
Love Hörnquist Åstrand
|
a3c6124483
|
handle pkinit-9, pkinit-19, and pkinit-25 enckey, still no DH
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15116 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-05-10 19:40:39 +00:00 |
|
Love Hörnquist Åstrand
|
2446dccfda
|
pass a NULL prompter data to _krb5_pk_load_openssl_id
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15041 ec53bebd-3082-4978-b11e-865c3cabbd6b
|
2005-04-30 16:15:45 +00:00 |
|