From 2a1ef754358e35c8e86df903e0a2f92c35a550d0 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 9 Jul 2001 21:46:58 +0000 Subject: Patches from Vern Staats to get Kerberos 5 in SSL according to RFC 2712. His comment is: This is a patch to openssl-SNAP-20010702 to support Kerberized SSL authentication. I'm expecting to have the full kssl-0.5 kit up on sourceforge by the end of the week. The full kit includes patches for mod-ssl, apache, and a few text clients. The sourceforge URL is http://sourceforge.net/projects/kssl/ . Thanks to a note from Simon Wilkinson I've replaced my KRB5 AP_REQ message with a real KerberosWrapper struct. I think this is fully RFC 2712 compliant now, including support for the optional authenticator field. I also added openssl-style ASN.1 macros for a few Kerberos structs; see crypto/krb5/ if you're interested. --- apps/s_server.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'apps/s_server.c') diff --git a/apps/s_server.c b/apps/s_server.c index 6ed23490f1..269b28dfd1 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -863,8 +863,10 @@ static int sv_body(char *hostname, int s, unsigned char *context) #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) { - kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, + KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, + KRB5KEYTAB); } #endif /* OPENSSL_NO_KRB5 */ if(context) @@ -1249,6 +1251,13 @@ static int www_body(char *hostname, int s, unsigned char *context) if (!BIO_set_write_buffer_size(io,bufsize)) goto err; if ((con=SSL_new(ctx)) == NULL) goto err; +#ifndef OPENSSL_NO_KRB5 + if ((con->kssl_ctx = kssl_ctx_new()) != NULL) + { + kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); + kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); + } +#endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, strlen((char *)context)); -- cgit v1.2.3