[krbdev.mit.edu #7071] PKINIT trusted_ca encoding issues
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sat Feb 11 00:33:34 EST 2012
As noted in issue #7062, the PKINIT client code never encodes a TrustedCas
value as part of a draft9 PA-PK-AS-REQ. So making changes to the encoder
should not affect interop.
The PKINIT server code does potentially decode a TrustedCas value when
decoding a draft9 PA-PK-AS-REQ (if Win2k clients ever send them).
However, it does nothing with this field during processing.
More information about the krb5-bugs
mailing list