r21880: pkinit and k5-int.h

Greg Hudson ghudson at MIT.EDU
Sat Mar 21 00:35:46 EDT 2009

On Fri, 2009-03-20 at 16:47 -0400, Sam Hartman wrote:
> One of the goals of the pkinit plugin was to try and minimize internal
> dependencies and to use public interfaces where possible.  We made an
> explicit decision that there was no good way to get pkinit ASN.1
> encoders and decoders using public interfaces, so k5-int-pkinit.h was
> created.

No argument with your proposed change, but:

pkinit_profile.c also uses k5-int.h and references context->profile.  I
assume it should be using krb5_get_profile?

pkinit_accessor.c needs k5-int.h to get at the accessor structure for
the aforementioned encoders; k5-int-pkinit.h is not sufficient.

(The inclusion of k5-int.h in pkinit_profile.c and pkinit_accessor.c was
what gave me the impression it would be okay to fix r21879 by including
k5-int.h in other source files in that directory.)

Is it okay use k5-platform.h in preauth plugins, under the theory that
any plugin will have to deal with portability concerns in some fashion,
and k5-platform is merely how we do so in our tree?  (I have no specific
use in mind at this time, but one might arise in the future.)

More information about the krbdev mailing list