More Kerberos SSL changes from Jeffrey Altman <jaltman@columbia.edu>

His comments are: First, it corrects a problem introduced in the last patch where the kssl_map_enc() would intentionally return NULL for valid ENCTYPE values. This was done to prevent verification of the kerberos 5 authenticator from being performed when Derived Key ciphers were in use. Unfortunately, the authenticator verification routine was not the only place that function was used. And it caused core dumps. Second, it attempt to add to SSL_SESSION the Kerberos 5 Client Principal Name.
author: Richard Levitte <levitte@openssl.org> 2001-07-31 07:21:06 +0000
committer: Richard Levitte <levitte@openssl.org> 2001-07-31 07:21:06 +0000
commit: 882e891284c81c7a49b2bce28f44df3e8d6f7ffc (patch)
tree: fe1e72c9ff5edce490f7da03e639ad7e54cfe0f9 /ssl/ssl_txt.c
parent: 05bbf78afd4cc10c776ad141749c13c25a2daa5e (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index 8b37a37e40..77e881d061 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -139,6 +139,18 @@ int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 			{
 			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
 			}
+#ifndef OPENSSL_NO_KRB5
+       if (BIO_puts(bp,"/n    Krb5 Principal: ") <= 0) goto err;
+            if (x->krb5_client_princ_len == 0)
+            {
+		if (BIO_puts(bp,"None") <= 0) goto err;
+		}
+	else
+		for (i=0; i<x->krb5_client_princ_len; i++)
+			{
+			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
+			}
+#endif /* OPENSSL_NO_KRB5 */
 	if (x->compress_meth != 0)
 		{
 		SSL_COMP *comp;
author	Richard Levitte <levitte@openssl.org>	2001-07-31 07:21:06 +0000
committer	Richard Levitte <levitte@openssl.org>	2001-07-31 07:21:06 +0000
commit	882e891284c81c7a49b2bce28f44df3e8d6f7ffc (patch)
tree	fe1e72c9ff5edce490f7da03e639ad7e54cfe0f9 /ssl/ssl_txt.c
parent	05bbf78afd4cc10c776ad141749c13c25a2daa5e (diff)