95730a19d6
x
Love Hörnquist Åstrand
2006-11-26 16:57:38 +00:00
15d0393660
Add some more comments about how this works.
Love Hörnquist Åstrand
2006-11-26 16:56:54 +00:00
480aff7f9b
(_kdc_pk_rd_padata): Pick up supportedCMSTypes and pass in into hx509_cms_create_signed_1 via hx509_peer_info blob.
Love Hörnquist Åstrand
2006-11-26 16:38:51 +00:00
d71ddea187
fixed some, added some
Love Hörnquist Åstrand
2006-11-26 15:58:06 +00:00
ace0c11152
x
Love Hörnquist Åstrand
2006-11-26 15:53:32 +00:00
d27456dd83
(hx509_select): new function.
Love Hörnquist Åstrand
2006-11-26 15:53:12 +00:00
d825268bc1
add peer.c
Love Hörnquist Åstrand
2006-11-26 15:52:31 +00:00
ddfe47e5e1
Update hx509_cms_create_signed_1.
Love Hörnquist Åstrand
2006-11-26 15:50:48 +00:00
1ad4760402
add struct hx509_peer_info
Love Hörnquist Åstrand
2006-11-26 15:49:25 +00:00
bdf17144c3
Allow selection of digest/sig-alg
Love Hörnquist Åstrand
2006-11-26 15:49:01 +00:00
a8539398d9
Allow selection of a better digest using hx509_peer_info.
Love Hörnquist Åstrand
2006-11-26 15:48:26 +00:00
84293fbe7c
Add hx509_peer_info and hx509_select selectors.
Love Hörnquist Åstrand
2006-11-26 15:18:47 +00:00
2a62f68e43
x
Love Hörnquist Åstrand
2006-11-25 23:56:17 +00:00
7d2e784271
x
Love Hörnquist Åstrand
2006-11-25 23:54:30 +00:00
2c0f78e9c0
Handle that _hx509_verify_signature takes a context.
Love Hörnquist Åstrand
2006-11-25 23:53:05 +00:00
647a299beb
Sprinkle error strings.
Love Hörnquist Åstrand
2006-11-25 12:40:13 +00:00
85ee798833
Sprinkle context and error strings.
Love Hörnquist Åstrand
2006-11-25 12:31:34 +00:00
3db50a07fc
x
Love Hörnquist Åstrand
2006-11-25 08:52:22 +00:00
9771db55a1
Add LIB_roken and (implictly by that libvers for print_version) to LDADD
Love Hörnquist Åstrand
2006-11-25 08:48:16 +00:00
3cda0af373
x
Love Hörnquist Åstrand
2006-11-24 14:27:38 +00:00
629ef1ca09
Set the large_msg_size to 1400, lets not fragment packets and avoid stupid linklayers that doesn't allow fragmented packets (unix dgram sockets on Mac OS X)
Love Hörnquist Åstrand
2006-11-24 14:24:33 +00:00
c0eada204f
test printing and parsing raw oids in name.
Love Hörnquist Åstrand
2006-11-24 06:11:35 +00:00
a111935bca
Handle printing and parsing raw oids in name.
Love Hörnquist Åstrand
2006-11-24 06:09:48 +00:00
aec1d93b07
x
Love Hörnquist Åstrand
2006-11-24 06:09:01 +00:00
0fa8cd58ec
(der_print_heim_oid): use delim when printing.
Love Hörnquist Åstrand
2006-11-24 06:08:27 +00:00
dcb8f42f41
pkinit_allow_proxy_certificate=true
Love Hörnquist Åstrand
2006-11-24 05:12:03 +00:00
ad2a57913f
x
Love Hörnquist Åstrand
2006-11-23 18:28:41 +00:00
53d000b120
check that the getarg -- option works for delete and add.
Love Hörnquist Åstrand
2006-11-23 18:28:23 +00:00
23105c3230
x
Love Hörnquist Åstrand
2006-11-23 18:15:10 +00:00
3f3bf585c4
Test proxy cert.
Love Hörnquist Åstrand
2006-11-23 18:14:53 +00:00
03d0a158b8
(_krb5_pk_create_sign): stuff down the users certs in the pool to make sure a path is returned, without this proxy certificates wont work.
Love Hörnquist Åstrand
2006-11-23 18:13:47 +00:00
1a89ccbde3
(_hx509_calculate_path): allow to calculate optimistic path when we don't know the trust anchors, just follow the chain upward until we no longer find a parent or we hit the max limit.
Love Hörnquist Åstrand
2006-11-23 18:11:22 +00:00
b10833408a
regen
Love Hörnquist Åstrand
2006-11-23 18:09:59 +00:00
94d63f5092
(hx509_cms_create_signed_1): provide a best effort path to the trust anchors to be stored in the SignedData packet, if find parents until trust anchor or max length.
Love Hörnquist Åstrand
2006-11-23 18:08:23 +00:00
976c93b3e6
(krb5_get_init_creds_opt_free): allow free on NULL.
Love Hörnquist Åstrand
2006-11-23 16:27:36 +00:00
a0440ced16
(renew_func): if the initial ticket wasn't renewable from the beginning, not even try to renew it now.
Love Hörnquist Åstrand
2006-11-22 18:13:50 +00:00
f1e2992b43
x
Love Hörnquist Åstrand
2006-11-21 19:59:31 +00:00
c4cd047939
Make all pkinit options prefixed with pkinit_
Love Hörnquist Åstrand
2006-11-21 19:57:33 +00:00
473532da2a
update (c)
Love Hörnquist Åstrand
2006-11-21 08:08:46 +00:00
40363f06d7
x
Love Hörnquist Åstrand
2006-11-21 08:07:50 +00:00
9db7608772
(krb5_get_warn_dest): return warn_dest from krb5_context
Love Hörnquist Åstrand
2006-11-21 08:06:40 +00:00
7f09ad0520
document krb5_[gs]et_warn_dest
Love Hörnquist Åstrand
2006-11-21 07:55:20 +00:00
05c87d8f58
x
Love Hörnquist Åstrand
2006-11-21 05:18:06 +00:00
24d6d22312
Make KRB5-PADATA-S4U2SELF pa type 129.
Love Hörnquist Åstrand
2006-11-21 05:17:47 +00:00
213255c32a
Drop KRB5_KU_TGS_IMPERSONATE.
Love Hörnquist Åstrand
2006-11-21 05:15:36 +00:00
b9624a871d
Use KRB5_KU_OTHER_CKSUM for the impersonate checksum.
Love Hörnquist Åstrand
2006-11-21 05:14:43 +00:00
7624883fb4
Make krb5_get_init_creds_opt_free take a context argument.
Love Hörnquist Åstrand
2006-11-20 18:41:57 +00:00
240d98f20f
x
Love Hörnquist Åstrand
2006-11-20 18:14:57 +00:00
ece5f9603e
Make krb5_get_init_creds_opt_free take a context argument.
Love Hörnquist Åstrand
2006-11-20 18:12:41 +00:00
ebc7f63d48
x
Love Hörnquist Åstrand
2006-11-19 04:17:40 +00:00
8466eac79d
revert the enable-pkinit change, and make it consistant with all other other enable- options
Love Hörnquist Åstrand
2006-11-19 04:16:49 +00:00
f5bb642011
x
Love Hörnquist Åstrand
2006-11-19 04:16:22 +00:00
87ade2d6ad
revert previous
Love Hörnquist Åstrand
2006-11-19 04:14:03 +00:00
30e35fb625
rename enable-digest to digest_enable
Love Hörnquist Åstrand
2006-11-19 04:12:43 +00:00
e57d3c0cae
fix spelling
Love Hörnquist Åstrand
2006-11-17 22:33:21 +00:00
8fa5515700
x
Love Hörnquist Åstrand
2006-11-17 22:27:25 +00:00
5b7701514e
Make all pkinit options prefixed with pkinit_
Love Hörnquist Åstrand
2006-11-17 22:27:01 +00:00
61623b636c
Make app pkinit options prefixed with pkinit_
Love Hörnquist Åstrand
2006-11-17 22:20:25 +00:00
e299db5039
(krb5_c_keylengths): make compile again.
Love Hörnquist Åstrand
2006-11-17 22:17:46 +00:00
20a7bd7a29
Update krb5_c_keylengths
Love Hörnquist Åstrand
2006-11-17 22:09:25 +00:00
0afc3bb28a
(krb5_c_keylengths): rename.
Love Hörnquist Åstrand
2006-11-17 22:06:07 +00:00
3719ad0089
(krb5_c_keylength): mit changed the api, deal.
Love Hörnquist Åstrand
2006-11-17 22:04:54 +00:00
4e200bc2d5
Add krb5_enctype_keybits.
Love Hörnquist Åstrand
2006-11-17 21:58:47 +00:00
f6a0b79caf
x
Love Hörnquist Åstrand
2006-11-16 15:08:26 +00:00
aaf8aff1c6
(hx509_get_error_string): Put ", " between strings in error message.
Love Hörnquist Åstrand
2006-11-16 15:08:09 +00:00
210162ce80
Test that token keys are the same, return actual_mech.
Love Hörnquist Åstrand
2006-11-16 07:27:07 +00:00
142d5bba6f
x
Love Hörnquist Åstrand
2006-11-16 06:54:26 +00:00
18023278c3
We shouldn't be running /bin/ls under valgrind, but for now, at least make it easier to see any other warnings. From Andrew Bartlett.
Love Hörnquist Åstrand
2006-11-16 06:54:13 +00:00
e1cc3a8396
Info.plist.in
Love Hörnquist Åstrand
2006-11-15 12:24:59 +00:00
98cd4ae20b
Resources
Love Hörnquist Åstrand
2006-11-15 12:20:26 +00:00
317383fd3d
Talk about how far the build have progressed.
Love Hörnquist Åstrand
2006-11-15 12:16:51 +00:00
ea44c62ad1
x
Love Hörnquist Åstrand
2006-11-15 12:10:31 +00:00
224784eb7e
clean after ourself.
Love Hörnquist Åstrand
2006-11-15 12:10:11 +00:00
d38439bc09
x
Love Hörnquist Åstrand
2006-11-15 12:03:38 +00:00
8cff9246fb
how to build a mac package
Love Hörnquist Åstrand
2006-11-15 12:03:09 +00:00
07a8f134e8
Make bitfields unsigned, add maybe_open.
Love Hörnquist Åstrand
2006-11-15 11:37:25 +00:00
a4908290ac
x
Love Hörnquist Åstrand
2006-11-15 11:10:54 +00:00
b60aecaebf
Use ASN.1 encoder functions to encode CHOICE structure now that we can handle it.
Love Hörnquist Åstrand
2006-11-15 11:10:46 +00:00
062328fffc
x
Love Hörnquist Åstrand
2006-11-15 10:31:33 +00:00
75b517309f
(_gss_spnego_accept_sec_context): send back ad accept_completed when the security context is ->open, w/o this the client doesn't know that the server have completed the transaction.
Love Hörnquist Åstrand
2006-11-15 10:31:21 +00:00
db9e36b915
x
Love Hörnquist Åstrand
2006-11-15 10:19:54 +00:00
0be2851d8e
Add delegate flag and check that the delegated cred works.
Love Hörnquist Åstrand
2006-11-15 10:19:41 +00:00
c00799be18
Keep track of the opportunistic token in the inital message, it might be a complete gss-api context, in that case we'll get back accept_completed without any token. With this change, krb5 w/o mutual authentication works.
Love Hörnquist Åstrand
2006-11-15 10:18:55 +00:00
c8fd5412ce
Use ASN.1 encoder functions to encode CHOICE structure now that we can handle it.
Love Hörnquist Åstrand
2006-11-15 09:01:45 +00:00
8f4072982a
Add dce-style context building test.
Love Hörnquist Åstrand
2006-11-15 08:49:28 +00:00
0f08e9941a
test more combination of context building
Love Hörnquist Åstrand
2006-11-15 08:45:51 +00:00
774e93dac2
Filter out SPNEGO from the out supported mechs list and make sure we don't select that for the preferred mechamism.
Love Hörnquist Åstrand
2006-11-15 08:42:36 +00:00
576019c819
x
Love Hörnquist Åstrand
2006-11-14 12:35:04 +00:00
f34964d46f
(_gss_mech_cred_find): break out the cred finding to its own function
Love Hörnquist Åstrand
2006-11-14 12:33:11 +00:00
882845f819
x
Love Hörnquist Åstrand
2006-11-14 10:05:56 +00:00
92486672bd
Better error strings, from Andrew Bartlet.
Love Hörnquist Åstrand
2006-11-14 09:49:56 +00:00
891f46953e
x
Love Hörnquist Åstrand
2006-11-14 09:48:24 +00:00
8e8a2d46f4
Forward decl.
Love Hörnquist Åstrand
2006-11-14 09:47:07 +00:00
3e0139bc20
x
Love Hörnquist Åstrand
2006-11-13 18:06:45 +00:00
00bcd44370
Switch from using a specific error message context in the TLS to have a whole krb5_context in TLS. This have some interestion side-effekts for the configruration setting options since they operate on per-thread basis now.
Love Hörnquist Åstrand
2006-11-13 18:02:57 +00:00
a16e0b633c
Create our own krb5_context.
Love Hörnquist Åstrand
2006-11-13 18:01:39 +00:00
073e1a2052
(fill_zeros): stop using MIN.
Love Hörnquist Åstrand
2006-11-13 17:45:27 +00:00
9cfefab1b3
Forward decl
Love Hörnquist Åstrand
2006-11-13 17:39:45 +00:00
Love Hörnquist Åstrand