pkinit branch updated

Kevin Coffman kwc at citi.umich.edu
Thu Jun 14 19:33:41 EDT 2007 

There are a few things missing from the log message below.  Including:

---
a patch from Ken Renard to fix cert matching code when a certificate
has no SANs.
---
date: 2007/06/13 22:33:21;  author: aglo;  state: Exp;  lines: +4 -0
added a config option to force the CRL checking (pkinit_require_crl_checking)
CRLs are always checked if present but this option would fail certificate
validation if CRLs are not present (without this option, the lack of CRLs
would not have failed verification of the certificate).


I'd appreciate feedback on the documentation changes.  As noted below,
the README is out-of-date and should probably just be removed at this
point.

------------------------------------------------------------------------
r19577 | coffman | 2007-06-14 19:20:13 -0400 (Thu, 14 Jun 2007) | 49 lines

Update documentation:
  kinit man-page
  admin-guide: krb5.conf options
  admin-guide: kdc.conf options
---
Add more functions to accessor structure.
---
Patch from Ken Raeburn, minus the README changes.
README needs major updating or should be removed.
Hopefully, it is now all captured in the doc changes.

Log:
  r807 at dh169:  raeburn | 2007-05-30 19:23:15 -0400
    dev
  r810 at dh169:  raeburn | 2007-05-31 15:44:25 -0400
    Add crypto lib check at top level, to make maintainer mode happier.
    No comma at end of enum lists.
    Remove extraneous ';'.
    Fix uninitialized variable.
    No variadic macros.
---
returning authorization data only for pa-type 16
---
return signed attributes only for pa-type 16
---
Don't segfault if we fail to decode the PKCS7 message in
cms_signeddata_verify().
---
append PIN warnings to PIN prompt
---
translate pkcs11 error codes to text
---
Change get_cert() and get_key() to return an error code so we can
give a better reason why they failed.
---
Fix more compiler warnings.
---
In crypto_cert_select_default(), enforce that there is exactly one
cert to choose from.
---
add (currently-hardcoded des3) supportedCMSTypes to pa-type 16 request
---
accept various oids in the envelopeddata for pa-type 15 request
---
fix ad_type for authorization data
---

More information about the krbdev mailing list