[krbdev.mit.edu #9066] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Jul 7 17:49:36 EDT 2022
Thu Jul 07 17:49:36 2022: Request 9066 was acted upon.
Transaction: Ticket created by ghudson at mit.edu
Queue: krb5
Subject: git commit
Owner: ghudson at mit.edu
Requestors:
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9066 >
Set reasonable supportedCMSTypes in PKINIT
The PKINIT client uses AuthPack.supportedCMSTypes to let the KDC know
the algorithms it supports for verification of the CMS data signature.
(The MIT krb5 KDC currently ignores this list, but other
implementations use it.)
Replace 3DES with sha512WithRSAEncryption and sha256WithRSAEncryption.
[ghudson at mit.edu: simplified code and used appropriate helpers; edited
commit message]
https://github.com/krb5/krb5/commit/1417c64807e8f618c0c8b230246668a50425ec0c
Author: Julien Rische <jrische at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 1417c64807e8f618c0c8b230246668a50425ec0c
Branch: master
src/plugins/preauth/pkinit/pkinit_constants.c | 33 ++++++++++++++-
src/plugins/preauth/pkinit/pkinit_crypto.h | 4 ++
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 49 +++++++++++-----------
3 files changed, 60 insertions(+), 26 deletions(-)
More information about the krb5-bugs
mailing list