git.ipfire.org Git - thirdparty/krb5.git/commit

]> git.ipfire.org Git - thirdparty/krb5.git/commit

projects / thirdparty / krb5.git / commit

author	Julien Rische <jrische@redhat.com>
	Wed, 1 Jun 2022 16:02:04 +0000 (18:02 +0200)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 7 Jul 2022 21:15:41 +0000 (17:15 -0400)
commit	1417c64807e8f618c0c8b230246668a50425ec0c
tree	6dc95ed820e2430b969d797e9003c71c13dd275d	tree
parent	05c83221ec30b8c416226cbbde45ad395e1c6f14	commit \| diff

Set reasonable supportedCMSTypes in PKINIT

The PKINIT client uses AuthPack.supportedCMSTypes to let the KDC know
the algorithms it supports for verification of the CMS data signature.
(The MIT krb5 KDC currently ignores this list, but other
implementations use it.)

Replace 3DES with sha512WithRSAEncryption and sha256WithRSAEncryption.

[ghudson@mit.edu: simplified code and used appropriate helpers; edited
commit message]

ticket: 9066 (new)

src/plugins/preauth/pkinit/pkinit_constants.c		diff \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_crypto.h		diff \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c		diff \| blob \| blame \| history

Mirror of https://github.com/krb5/krb5.git

RSS Atom