Age | Commit message (Collapse) | Author |
|
|
|
In s_server, print the received Kerberos information.
PR: 693
|
|
PR: 349
|
|
|
|
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.
|
|
them to one that won't get exported.
|
|
His comments are:
. adds use of replay cache to protect against replay attacks
. adds functions kssl_tgt_is_available() and
kssl_keytab_is_available() which are used within s3_lib.c
and ssl_lib.c to determine at runtime whether or not
KRB5 ciphers can be supported during the current session.
|
|
SSL according to RFC 2712. His comment is:
This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication. I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week. The full kit includes patches
for mod-ssl, apache, and a few text clients. The sourceforge URL
is http://sourceforge.net/projects/kssl/ .
Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct. I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field. I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
|
|
sure they are available in opensslconf.h, by giving them names starting
with "OPENSSL_" to avoid conflicts with other packages and by making
sure e_os2.h will cover all platform-specific cases together with
opensslconf.h.
I've checked fairly well that nothing breaks with this (apart from
external software that will adapt if they have used something like
NO_KRB5), but I can't guarantee it completely, so a review of this
change would be a good thing.
|
|
Implemented by Vern Staats <staatsvr@asc.hpc.mil>, further hacked and distributed by Jeffrey Altman <jaltnab@columbia.edu>
|
|
4 times it's size when bn_sqr_recursive() won't look farther than the
original length. Thereby, constification is no longer a problem.
|