git.ipfire.org Git - thirdparty/krb5.git/commit

author	Ken Hornstein <kenh@cmf.nrl.navy.mil>
	Thu, 28 Jan 2021 02:21:19 +0000 (21:21 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 11 Feb 2021 17:50:44 +0000 (12:50 -0500)
commit	13ae08e70a05768d4f65978ce1a8d4e16fec0d35
tree	35128e0f2d7f833f69575b8d70f27399581c762e	tree
parent	c374ab40dd059a5938ffc0440d87457ac5da3a46	commit \| diff

Load certs when checking pkinit_identities values

Move the crypto_load_certs() probe from pkinit_identity_initialize()
to process_option_identity(). This will attempt to load a certificate
for each pkinit_identities value, and if the certificate load fails to
move to the next line.

For PKCS11, return an error if pkinit_open_session() fails, but do not
fail in pkinit_open_session() just because identity prompts are
deferred.

[ghudson@mit.edu: added test case; moved cert probe to
process_option_identity(); rewrote commit message]

ticket: 8984 (new)

doc/admin/conf_files/krb5_conf.rst		diff \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c		diff \| blob \| blame \| history
src/plugins/preauth/pkinit/pkinit_identity.c		diff \| blob \| blame \| history
src/tests/t_pkinit.py		diff \| blob \| blame \| history