[krbdev.mit.edu #8398] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Sep 22 22:17:44 EDT 2016
Add PKINIT support for OpenSSL 1.1.0
OpenSSL 1.1 makes the DH, EVP_MD_CTX, X509, and X509_STORE_CTX types
opaque, removes asn1_mac.h, removes the M_ASN1_* macros, and removes
CRYPTO_malloc_init(). Change the PKINIT code to work with OpenSSL 1.1
while retaining compatibility with OpenSSL 1.0. The new code uses
X509_STORE_set_verify_cb(), which is not present in OpenSSL 0.9, so
require OpenSSL 1.0 for PKINIT support.
https://github.com/krb5/krb5/commit/e5c77a11341a79e6af1e5aef7c587a5b75a9e378
Author: Greg Hudson <ghudson at mit.edu>
Commit: e5c77a11341a79e6af1e5aef7c587a5b75a9e378
Branch: master
src/configure.in | 4 +-
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 626 ++++++++++++--------
src/plugins/preauth/pkinit/pkinit_crypto_openssl.h | 11 +-
3 files changed, 402 insertions(+), 239 deletions(-)
More information about the krb5-bugs
mailing list