git.ipfire.org Git - thirdparty/krb5.git/commit

]> git.ipfire.org Git - thirdparty/krb5.git/commit

projects / thirdparty / krb5.git / commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 14 Oct 2013 21:02:31 +0000 (17:02 -0400)
committer	Tom Yu <tlyu@mit.edu>
	Thu, 17 Oct 2013 22:45:36 +0000 (18:45 -0400)
commit	d2935ee933907870b1e5c97aab723bc63b47d0ec
tree	ec2e896ec014076832c29f24d2e651b5e3ef6baa	tree \| snapshot
parent	16f2a314710507c48f479eb990f5dfc7a0bb34de	commit \| diff

Use protocol error for PKINIT cert expiry

If we fail to create a cert chain in cms_signeddata_create(), return
KRB5KDC_ERR_PREAUTH_FAILED, which corresponds to a protocol code,
rather than KRB5_PREAUTH_FAILED, which doesn't. This is also more
consistent with other error clauses in the same function.

(cherry picked from commit cd59782cb32b79e4001a86b0fe47af8b6275ef0c)

ticket: 7726 (new)
version_fixed: 1.11.4
status: resolved

src/plugins/preauth/pkinit/pkinit_crypto_openssl.c

diff | blob | blame | history

Mirror of https://github.com/krb5/krb5.git

RSS Atom