wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

make kerberos work with OPENSSL_NO_SSL_INTERN

Browse source
This commit is contained in:
Dr. Stephen Henson 2011-05-11 22:52:34 +00:00
parent 9472baae0d
commit 39348038df
4 changed files with 45 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
apps/s_client.c
View file

@ -502,6 +502,9 @@ int MAIN(int argc, char **argv)
{
unsigned int off=0, clr=0;
SSL *con=NULL;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
int s,k,width,state=0;
char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
int cbuf_len,cbuf_off;
@ -1145,9 +1148,10 @@ bad:
}
#endif
#ifndef OPENSSL_NO_KRB5
if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
if (con && (kctx = kssl_ctx_new()) != NULL)
{
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
SSL_set0_kssl_ctx(con, kctx);
kssl_ctx_setstring(kctx, KSSL_SERVER, host);
}
#endif /* OPENSSL_NO_KRB5 */
/* SSL_set_cipher_list(con,"RC4-MD5"); */

29
apps/s_server.c
View file

@ -1861,6 +1861,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
unsigned long l;
SSL *con=NULL;
BIO *sbio;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
struct timeval timeout;
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
struct timeval tv;
@ -1901,12 +1904,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
}
#endif
#ifndef OPENSSL_NO_KRB5
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
if ((kctx = kssl_ctx_new()) != NULL)
{
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
KRB5SVC);
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
KRB5KEYTAB);
SSL_set0_kssl_ctx(con, kctx);
kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
if(context)
@ -2299,10 +2301,11 @@ static int init_ssl_connection(SSL *con)
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
#ifndef OPENSSL_NO_KRB5
if (con->kssl_ctx->client_princ != NULL)
client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
if (client_princ != NULL)
{
BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
con->kssl_ctx->client_princ);
client_princ);
}
#endif /* OPENSSL_NO_KRB5 */
BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
@ -2324,6 +2327,9 @@ err:
return(ret);
}
#endif
#ifndef OPENSSL_NO_KRB5
char *client_princ;
#endif
#if 0
static int load_CA(SSL_CTX *ctx, char *file)
@ -2354,6 +2360,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
SSL *con;
const SSL_CIPHER *c;
BIO *io,*ssl_bio,*sbio;
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx;
#endif
buf=OPENSSL_malloc(bufsize);
if (buf == NULL) return(0);
@ -2385,10 +2394,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
}
#endif
#ifndef OPENSSL_NO_KRB5
if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
if ((kctx = kssl_ctx_new()) != NULL)
{
kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
}
#endif /* OPENSSL_NO_KRB5 */
if(context) SSL_set_session_id_context(con, context,

16
ssl/kssl.c
View file

@ -2194,6 +2194,22 @@ krb5_error_code kssl_build_principal_2(
return ENOMEM;
}
void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
{
s->kssl_ctx = kctx;
}
KSSL_CTX * SSL_get0_kssl_ctx(SSL *s)
{
return s->kssl_ctx;
}
char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
{
if (kctx)
return kctx->client_princ;
return NULL;
}
#else /* !OPENSSL_NO_KRB5 */

4
ssl/kssl.h
View file

@ -172,6 +172,10 @@ krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
krb5_timestamp *atimep, KSSL_ERR *kssl_err);
unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
#ifdef __cplusplus
}
#endif