pkinit branch updated

Kevin Coffman kwc at
Thu Jun 14 19:33:41 EDT 2007

There are a few things missing from the log message below.  Including:

a patch from Ken Renard to fix cert matching code when a certificate
has no SANs.
date: 2007/06/13 22:33:21;  author: aglo;  state: Exp;  lines: +4 -0
added a config option to force the CRL checking (pkinit_require_crl_checking)
CRLs are always checked if present but this option would fail certificate
validation if CRLs are not present (without this option, the lack of CRLs
would not have failed verification of the certificate).

I'd appreciate feedback on the documentation changes.  As noted below,
the README is out-of-date and should probably just be removed at this

r19577 | coffman | 2007-06-14 19:20:13 -0400 (Thu, 14 Jun 2007) | 49 lines

Update documentation:
  kinit man-page
  admin-guide: krb5.conf options
  admin-guide: kdc.conf options
Add more functions to accessor structure.
Patch from Ken Raeburn, minus the README changes.
README needs major updating or should be removed.
Hopefully, it is now all captured in the doc changes.

  r807 at dh169:  raeburn | 2007-05-30 19:23:15 -0400
  r810 at dh169:  raeburn | 2007-05-31 15:44:25 -0400
    Add crypto lib check at top level, to make maintainer mode happier.
    No comma at end of enum lists.
    Remove extraneous ';'.
    Fix uninitialized variable.
    No variadic macros.
returning authorization data only for pa-type 16
return signed attributes only for pa-type 16
Don't segfault if we fail to decode the PKCS7 message in
append PIN warnings to PIN prompt
translate pkcs11 error codes to text
Change get_cert() and get_key() to return an error code so we can
give a better reason why they failed.
Fix more compiler warnings.
In crypto_cert_select_default(), enforce that there is exactly one
cert to choose from.
add (currently-hardcoded des3) supportedCMSTypes to pa-type 16 request
accept various oids in the envelopeddata for pa-type 15 request
fix ad_type for authorization data

More information about the krbdev mailing list