diff options
author | Richard Levitte <levitte@openssl.org> | 2001-07-12 16:17:33 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2001-07-12 16:17:33 +0000 |
commit | 45442167b022f87e20a03ec328d291483ed1dca0 (patch) | |
tree | 7d23078b4bb309c08b0f8562aa7807a3c94db94f | |
parent | 131645ecce8369d6edf2e6abbb2818b88bb14a1c (diff) | |
download | openssl-45442167b022f87e20a03ec328d291483ed1dca0.tar.gz |
Prevent KSSL server from requesting a client certificate.
Submitted by Jeffrey Altman <jaltman@columbia.edu>
-rw-r--r-- | ssl/kssl.c | 5 | ||||
-rw-r--r-- | ssl/s3_srvr.c | 4 | ||||
-rw-r--r-- | ssl/t1_enc.c | 4 |
3 files changed, 9 insertions, 4 deletions
diff --git a/ssl/kssl.c b/ssl/kssl.c index 6fd8e7ea07..be44ccb8a5 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1909,10 +1909,13 @@ krb5_error_code kssl_check_authent( if (authentp == NULL || authentp->length == 0) return 0; #ifdef KSSL_DEBUG + { + unsigned int ui; printf("kssl_check_authent: authenticator[%d]:\n",authentp->length); p = authentp->data; - for (padl=0; padl < authentp->length; padl++) printf("%02x ",p[padl]); + for (ui=0; ui < authentp->length; ui++) printf("%02x ",p[ui]); printf("\n"); + } #endif /* KSSL_DEBUG */ unencbufsize = 2 * authentp->length; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index bcf8c875cc..20b8cc9ac5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -311,7 +311,9 @@ int ssl3_accept(SSL *s) ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) && /* ... except when the application insists on verification * (against the specs, but s3_clnt.c accepts this for SSL 3) */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) + !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || + /* never request cert in Kerberos ciphersuites */ + (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) { /* no cert request */ skip=1; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 97d92cacd0..57d76cb331 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -493,7 +493,7 @@ int tls1_enc(SSL *s, int send) #ifdef KSSL_DEBUG { - unsigned long i; + unsigned long ui; printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", ds,rec->data,rec->input,l); printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", @@ -504,7 +504,7 @@ int tls1_enc(SSL *s, int send) for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); printf("\n"); printf("\trec->input="); - for (i=0; i<l; i++) printf(" %02x", rec->input[i]); + for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); printf("\n"); } #endif /* KSSL_DEBUG */ |