[krbdev.mit.edu #8242] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Sep 10 13:19:19 EDT 2015
Improve PKINIT OpenSSL error reporting
When a non-trivial OpenSSL function fails during PKINIT processing,
try to ensure that the error message includes an indication of the
what PKINIT was doing and the reason for the first queued OpenSSL
error, and flush all queued OpenSSL errors to the trace log. For
certificate verification failures, also include the higher-level error
from the cert store. Add new helper functions oerr() and oerr_cert()
to minimize the amount of code needed to handle each error.
https://github.com/krb5/krb5/commit/7621d2f9a87214327ca3b2594e34dc7cea84596b
Author: Greg Hudson <ghudson at mit.edu>
Commit: 7621d2f9a87214327ca3b2594e34dc7cea84596b
Branch: master
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 146 ++++++++++++--------
src/plugins/preauth/pkinit/pkinit_trace.h | 4 +
2 files changed, 89 insertions(+), 61 deletions(-)
More information about the krb5-bugs
mailing list