[krbdev.mit.edu #8885] git commit
Greg Hudson via RT
rt at KRBDEV-PROD-APP-1.mit.edu
Thu Mar 26 15:27:42 EDT 2020
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8885 >
Eliminate redundant PKINIT responder invocation
In pkinit_client_prep_questions(), only act if the input padata type
is KRB5_PADATA_PK_AS_REQ. Otherwise we will ask questions again when
the KDC issues a ticket.
Commit 7621d2f9a87214327ca3b2594e34dc7cea84596b (ticket 8242)
unintentionally changed the behavior of pkinit_load_fs_cert_and_key(),
causing pkinit_client_prep_questions() to do nothing on its first
call. Restore the original behavior of returning 0 when prompting is
deferred.
Modify the existing "FILE identity, password on key (responder)"
PKINIT test to check that the responder is only invoked once.
https://github.com/krb5/krb5/commit/f1286842ce7b9e507a4ce0a47f44ab361a98be63
Author: Greg Hudson <ghudson at mit.edu>
Commit: f1286842ce7b9e507a4ce0a47f44ab361a98be63
Branch: master
src/plugins/preauth/pkinit/pkinit_clnt.c | 5 +++++
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 13 +++++++------
src/tests/t_pkinit.py | 11 +++++++----
3 files changed, 19 insertions(+), 10 deletions(-)
More information about the krb5-bugs
mailing list