Building the PKINIT plugin on Windows
Benjamin Kaduk
kaduk at mit.edu
Fri Oct 9 16:04:44 EDT 2020
On Fri, Oct 09, 2020 at 11:39:31AM -0400, Ken Hornstein wrote:
> >When I last looked into this, the OpenSSL dependency seemed to be the
> >trickiest part. I didn't have any luck finding examples on github that
> >didn't check OpenSSL binaries into the repository. So insight from
> >Windows developers on this point would be the most useful from my
> >perspective. That would also pave the way for k5tls (for MS-KKDCP
> >support) and, less importantly, SPAKE support for the NIST curves.
>
> I guess I'm wondering exactly what kind of infrastructure you want
> in the Windows build process; do you want to have it build OpenSSL
> as well, or simply point to already-built OpenSSL libraries? It looks
> like all our Windows build system does is run "perl Configure VC-WIN64A"
> and then just uses nmake (there may be more steps involved, I'm not
> an expert on the Windows build process we use, but those look like the
> key ones).
I believe that's all there is to the build process (you can, of course,
specify other arguments/options to Configure if desired); the trick is in
making sure that the dependencies and environment are in place. The two
typical stubmling blocks are getting a functional perl available in the
PATH, and making sure to find the right Visual Studio Developer Tools
Command Prompt (or whatever it's called on your version of visual studio).
-Ben
More information about the krbdev
mailing list