Changes to the Kerberos SSL code by Jeffrey Altman <jaltman@columbia.edu>

His comments are: . adds use of replay cache to protect against replay attacks . adds functions kssl_tgt_is_available() and kssl_keytab_is_available() which are used within s3_lib.c and ssl_lib.c to determine at runtime whether or not KRB5 ciphers can be supported during the current session.
author: Richard Levitte <levitte@openssl.org> 2001-07-11 19:03:58 +0000
committer: Richard Levitte <levitte@openssl.org> 2001-07-11 19:03:58 +0000
commit: a5224c3420d20ef08a1db9cc1f90e952dcd75826 (patch)
tree: bb94c0cfaca8da857e0374b8c7e3cc4de9f4f3ae /ssl/s3_lib.c
parent: af436bc1580949f49c25370f8ad1042303f92259 (diff)
download: openssl-a5224c3420d20ef08a1db9cc1f90e952dcd75826.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1c57296297..6813595cbc 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1423,6 +1423,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #endif    /* KSSL_DEBUG */
 
 		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+                if (alg & SSL_KRB5) 
+                        {
+                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                            continue;
+                        }
+#endif /* OPENSSL_NO_KRB5 */
 		if (SSL_C_IS_EXPORT(c))
 			{
 			ok=((alg & emask) == alg)?1:0;
author	Richard Levitte <levitte@openssl.org>	2001-07-11 19:03:58 +0000
committer	Richard Levitte <levitte@openssl.org>	2001-07-11 19:03:58 +0000
commit	a5224c3420d20ef08a1db9cc1f90e952dcd75826 (patch)
tree	bb94c0cfaca8da857e0374b8c7e3cc4de9f4f3ae /ssl/s3_lib.c
parent	af436bc1580949f49c25370f8ad1042303f92259 (diff)
download	openssl-a5224c3420d20ef08a1db9cc1f90e952dcd75826.tar.gz