cb2064d387
MSFT makes the `q` field of `DomainParameters` OPTIONAL even though it's actually required. We currently validate DH groups not by validating that p is a Sophie Germain prime but by checking the proposed group against a compiled-in list and against a krb5.moduli file, therefore we don't need q. Besides, for Oakley groups, because p is a Sophie Germain prime, we'd have q=p/j and j=2, so we can always compute q as needed (and MIT Kerberos does).
65 KiB
65 KiB