mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
Prevent KSSL server from requesting a client certificate.
Submitted by Jeffrey Altman <jaltman@columbia.edu>
This commit is contained in:
parent
131645ecce
commit
45442167b0
@ -1909,10 +1909,13 @@ krb5_error_code kssl_check_authent(
|
||||
if (authentp == NULL || authentp->length == 0) return 0;
|
||||
|
||||
#ifdef KSSL_DEBUG
|
||||
{
|
||||
unsigned int ui;
|
||||
printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
|
||||
p = authentp->data;
|
||||
for (padl=0; padl < authentp->length; padl++) printf("%02x ",p[padl]);
|
||||
for (ui=0; ui < authentp->length; ui++) printf("%02x ",p[ui]);
|
||||
printf("\n");
|
||||
}
|
||||
#endif /* KSSL_DEBUG */
|
||||
|
||||
unencbufsize = 2 * authentp->length;
|
||||
|
@ -311,7 +311,9 @@ int ssl3_accept(SSL *s)
|
||||
((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
|
||||
/* ... except when the application insists on verification
|
||||
* (against the specs, but s3_clnt.c accepts this for SSL 3) */
|
||||
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
|
||||
!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
|
||||
/* never request cert in Kerberos ciphersuites */
|
||||
(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
|
||||
{
|
||||
/* no cert request */
|
||||
skip=1;
|
||||
|
@ -493,7 +493,7 @@ int tls1_enc(SSL *s, int send)
|
||||
|
||||
#ifdef KSSL_DEBUG
|
||||
{
|
||||
unsigned long i;
|
||||
unsigned long ui;
|
||||
printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
|
||||
ds,rec->data,rec->input,l);
|
||||
printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
|
||||
@ -504,7 +504,7 @@ int tls1_enc(SSL *s, int send)
|
||||
for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
|
||||
printf("\n");
|
||||
printf("\trec->input=");
|
||||
for (i=0; i<l; i++) printf(" %02x", rec->input[i]);
|
||||
for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
|
||||
printf("\n");
|
||||
}
|
||||
#endif /* KSSL_DEBUG */
|
||||
|
Loading…
Reference in New Issue
Block a user