[EXTERNAL] Re: Heimdahl Kerberos on MacOSX 10.9.5 using pkinit produces verify error
Glenn Machin
gmachin at sandia.gov
Tue Aug 25 10:46:38 EDT 2015
On the RHEL6 system which has this problem its using OpenSSL 1.0.1e.
Since you indicated OpenSSL 1.0.1f might have the bug fixed, I am going
to build the openssl source for OpenSSL 1.0.1f and link it into our MIT
Kerberos build and see if that fixes the problem. I will let you know
what I find.
Glenn
On 8/25/15 8:41 AM, Greg Hudson wrote:
> On 08/25/2015 12:50 AM, Glenn Machin wrote:
>> Looks like it is an openssl issue, apparently fixed in version 1.0.1f
>> . Seems I asked a similar question then and found this on the
>> krb5-bugs list -
>> http://mailman.mit.edu/pipermail/krb5-bugs/2011-January/008510.html
> Thanks for finding this; I remembered that too, but couldn't find the
> details.
>
> After I sent my last response, I was able to produce the "wrong tag"
> error with your packet by disabling the use of CMS functions and forcing
> the use of PKCS7 functions instead. But it doesn't quite match the
> "nested asn1 error" you are seeing, so I'm not sure it's the same thing.
More information about the Kerberos
mailing list