diff options
author | Richard Levitte <levitte@openssl.org> | 2001-07-09 21:46:58 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2001-07-09 21:46:58 +0000 |
commit | 2a1ef754358e35c8e86df903e0a2f92c35a550d0 (patch) | |
tree | 6ac406a5043c584c2ce0912d35192c3c30376f67 /apps/s_server.c | |
parent | c148d7097811c18f277a8559753c770f4ff85771 (diff) | |
download | openssl-2a1ef754358e35c8e86df903e0a2f92c35a550d0.tar.gz |
Patches from Vern Staats <staatsvr@asc.hpc.mil> to get Kerberos 5 in
SSL according to RFC 2712. His comment is:
This is a patch to openssl-SNAP-20010702 to support Kerberized SSL
authentication. I'm expecting to have the full kssl-0.5 kit up on
sourceforge by the end of the week. The full kit includes patches
for mod-ssl, apache, and a few text clients. The sourceforge URL
is http://sourceforge.net/projects/kssl/ .
Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ
message with a real KerberosWrapper struct. I think this is fully
RFC 2712 compliant now, including support for the optional
authenticator field. I also added openssl-style ASN.1 macros for
a few Kerberos structs; see crypto/krb5/ if you're interested.
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 6ed23490f1..269b28dfd1 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -863,8 +863,10 @@ static int sv_body(char *hostname, int s, unsigned char *context) #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) { - kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, + KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, + KRB5KEYTAB); } #endif /* OPENSSL_NO_KRB5 */ if(context) @@ -1249,6 +1251,13 @@ static int www_body(char *hostname, int s, unsigned char *context) if (!BIO_set_write_buffer_size(io,bufsize)) goto err; if ((con=SSL_new(ctx)) == NULL) goto err; +#ifndef OPENSSL_NO_KRB5 + if ((con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + } +#endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); |