diff options
author | Richard Levitte <levitte@openssl.org> | 2001-07-11 19:03:58 +0000 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2001-07-11 19:03:58 +0000 |
commit | a5224c3420d20ef08a1db9cc1f90e952dcd75826 (patch) | |
tree | bb94c0cfaca8da857e0374b8c7e3cc4de9f4f3ae /ssl/s3_lib.c | |
parent | af436bc1580949f49c25370f8ad1042303f92259 (diff) | |
download | openssl-a5224c3420d20ef08a1db9cc1f90e952dcd75826.tar.gz |
Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>
His comments are:
. adds use of replay cache to protect against replay attacks
. adds functions kssl_tgt_is_available() and
kssl_keytab_is_available() which are used within s3_lib.c
and ssl_lib.c to determine at runtime whether or not
KRB5 ciphers can be supported during the current session.
Diffstat (limited to 'ssl/s3_lib.c')
-rw-r--r-- | ssl/s3_lib.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1c57296297..6813595cbc 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1423,6 +1423,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #endif /* KSSL_DEBUG */ alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); +#ifndef OPENSSL_NO_KRB5 + if (alg & SSL_KRB5) + { + if ( !kssl_keytab_is_available(s->kssl_ctx) ) + continue; + } +#endif /* OPENSSL_NO_KRB5 */ if (SSL_C_IS_EXPORT(c)) { ok=((alg & emask) == alg)?1:0; |