From 55a9a16f1c02837058173c41fa26f36ec3acd22e Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 12 May 2015 10:27:53 +0100
Subject: Remove Kerberos support from libssl

Remove RFC2712 Kerberos support from libssl. This code and the associated
standard is no longer considered fit-for-purpose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 ssl/ssl_asn1.c | 22 ----------------------
 1 file changed, 22 deletions(-)

(limited to 'ssl/ssl_asn1.c')

diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 3e849175ea..51cc72af27 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -95,9 +95,6 @@ typedef struct {
     ASN1_OCTET_STRING *comp_id;
     ASN1_OCTET_STRING *master_key;
     ASN1_OCTET_STRING *session_id;
-#ifndef OPENSSL_NO_KRB5
-    ASN1_OCTET_STRING *krb5_princ;
-#endif
     ASN1_OCTET_STRING *key_arg;
     long time;
     long timeout;
@@ -125,9 +122,6 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
     ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
     ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
     ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
-#ifndef OPENSSL_NO_KRB5
-    ASN1_OPT(SSL_SESSION_ASN1, krb5_princ, ASN1_OCTET_STRING),
-#endif
     ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
     ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1),
     ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2),
@@ -195,10 +189,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
     ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
 #endif
 
-#ifndef OPENSSL_NO_KRB5
-    ASN1_OCTET_STRING krb5_princ;
-#endif
-
 #ifndef OPENSSL_NO_SRP
     ASN1_OCTET_STRING srp_username;
 #endif
@@ -241,12 +231,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 
     ssl_session_oinit(&as.session_id_context, &sid_ctx,
                       in->sid_ctx, in->sid_ctx_length);
-#ifndef OPENSSL_NO_KRB5
-    if (in->krb5_client_princ_len) {
-        ssl_session_oinit(&as.krb5_princ, &krb5_princ,
-                          in->krb5_client_princ, in->krb5_client_princ_len);
-    }
-#endif                          /* OPENSSL_NO_KRB5 */
 
     as.time = in->time;
     as.timeout = in->timeout;
@@ -368,12 +352,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 
     ret->master_key_length = tmpl;
 
-#ifndef OPENSSL_NO_KRB5
-    if (!ssl_session_memcpy(ret->krb5_client_princ, &ret->krb5_client_princ_len,
-                            as->krb5_princ, SSL_MAX_KRB5_PRINCIPAL_LENGTH))
-        goto err;
-#endif                          /* OPENSSL_NO_KRB5 */
-
     if (as->time != 0)
         ret->time = as->time;
     else
-- 
cgit v1.2.3