[krbdev.mit.edu #7726] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Thu Oct 17 18:46:41 EDT 2013
Use protocol error for PKINIT cert expiry
If we fail to create a cert chain in cms_signeddata_create(), return
KRB5KDC_ERR_PREAUTH_FAILED, which corresponds to a protocol code,
rather than KRB5_PREAUTH_FAILED, which doesn't. This is also more
consistent with other error clauses in the same function.
(cherry picked from commit cd59782cb32b79e4001a86b0fe47af8b6275ef0c)
https://github.com/krb5/krb5/commit/d2935ee933907870b1e5c97aab723bc63b47d0ec
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: d2935ee933907870b1e5c97aab723bc63b47d0ec
Branch: krb5-1.11
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
More information about the krb5-bugs
mailing list