[krbdev.mit.edu #8603] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Aug 7 16:38:56 EDT 2017
Remove incomplete PKINIT OCSP support
pkinit_kdc_ocsp is non-functional in the PKINIT OpenSSL crypto
implementation, so remove most traces of it, including its man page
entry. If it is present in kdc.conf, error out of PKINIT
initialization instead of silently ignoring the realm entirely.
https://github.com/krb5/krb5/commit/3ff426b9048a8024e5c175256c63cd0ad0572320
Author: Robbie Harwood <rharwood at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 3ff426b9048a8024e5c175256c63cd0ad0572320
Branch: master
doc/admin/conf_files/kdc_conf.rst | 3 ---
src/man/kdc.conf.man | 3 ---
src/plugins/preauth/pkinit/pkinit.h | 2 +-
src/plugins/preauth/pkinit/pkinit_identity.c | 11 -----------
src/plugins/preauth/pkinit/pkinit_srv.c | 12 ++++++++++--
5 files changed, 11 insertions(+), 20 deletions(-)
More information about the krb5-bugs
mailing list