Loading apps/s_client.c +6 −2 Original line number Diff line number Diff line Loading @@ -539,6 +539,9 @@ int MAIN(int argc, char **argv) { unsigned int off=0, clr=0; SSL *con=NULL; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; Loading Loading @@ -1212,9 +1215,10 @@ bad: } #endif #ifndef OPENSSL_NO_KRB5 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) if (con && (kctx = kssl_ctx_new()) != NULL) { kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); SSL_set0_kssl_ctx(con, kctx); kssl_ctx_setstring(kctx, KSSL_SERVER, host); } #endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ Loading apps/s_server.c +19 −10 Original line number Diff line number Diff line Loading @@ -1943,6 +1943,9 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif struct timeval timeout; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) struct timeval tv; Loading Loading @@ -1983,12 +1986,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) } #endif #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) if ((kctx = kssl_ctx_new()) != NULL) { kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); SSL_set0_kssl_ctx(con, kctx); kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); } #endif /* OPENSSL_NO_KRB5 */ if(context) Loading Loading @@ -2341,6 +2343,9 @@ static int init_ssl_connection(SSL *con) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; #endif #ifndef OPENSSL_NO_KRB5 char *client_princ; #endif if ((i=SSL_accept(con)) <= 0) { Loading Loading @@ -2394,10 +2399,11 @@ static int init_ssl_connection(SSL *con) TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); #ifndef OPENSSL_NO_KRB5 if (con->kssl_ctx->client_princ != NULL) client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); if (client_princ != NULL) { BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", con->kssl_ctx->client_princ); client_princ); } #endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", Loading Loading @@ -2449,6 +2455,9 @@ static int www_body(char *hostname, int s, unsigned char *context) SSL *con; const SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); Loading Loading @@ -2480,10 +2489,10 @@ static int www_body(char *hostname, int s, unsigned char *context) } #endif #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) if ((kctx = kssl_ctx_new()) != NULL) { kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); } #endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, Loading ssl/kssl.c +16 −0 Original line number Diff line number Diff line Loading @@ -2191,6 +2191,22 @@ krb5_error_code kssl_build_principal_2( return ENOMEM; } void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) { s->kssl_ctx = kctx; } KSSL_CTX * SSL_get0_kssl_ctx(SSL *s) { return s->kssl_ctx; } char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx) { if (kctx) return kctx->client_princ; return NULL; } #else /* !OPENSSL_NO_KRB5 */ Loading ssl/kssl.h +4 −0 Original line number Diff line number Diff line Loading @@ -172,6 +172,10 @@ krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, krb5_timestamp *atimep, KSSL_ERR *kssl_err); unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); KSSL_CTX * SSL_get0_kssl_ctx(SSL *s); char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); #ifdef __cplusplus } #endif Loading Loading
apps/s_client.c +6 −2 Original line number Diff line number Diff line Loading @@ -539,6 +539,9 @@ int MAIN(int argc, char **argv) { unsigned int off=0, clr=0; SSL *con=NULL; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif int s,k,width,state=0; char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL; int cbuf_len,cbuf_off; Loading Loading @@ -1212,9 +1215,10 @@ bad: } #endif #ifndef OPENSSL_NO_KRB5 if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) if (con && (kctx = kssl_ctx_new()) != NULL) { kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host); SSL_set0_kssl_ctx(con, kctx); kssl_ctx_setstring(kctx, KSSL_SERVER, host); } #endif /* OPENSSL_NO_KRB5 */ /* SSL_set_cipher_list(con,"RC4-MD5"); */ Loading
apps/s_server.c +19 −10 Original line number Diff line number Diff line Loading @@ -1943,6 +1943,9 @@ static int sv_body(char *hostname, int s, unsigned char *context) unsigned long l; SSL *con=NULL; BIO *sbio; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif struct timeval timeout; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5) struct timeval tv; Loading Loading @@ -1983,12 +1986,11 @@ static int sv_body(char *hostname, int s, unsigned char *context) } #endif #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) if ((kctx = kssl_ctx_new()) != NULL) { kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); SSL_set0_kssl_ctx(con, kctx); kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); } #endif /* OPENSSL_NO_KRB5 */ if(context) Loading Loading @@ -2341,6 +2343,9 @@ static int init_ssl_connection(SSL *con) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; #endif #ifndef OPENSSL_NO_KRB5 char *client_princ; #endif if ((i=SSL_accept(con)) <= 0) { Loading Loading @@ -2394,10 +2399,11 @@ static int init_ssl_connection(SSL *con) TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n"); #ifndef OPENSSL_NO_KRB5 if (con->kssl_ctx->client_princ != NULL) client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); if (client_princ != NULL) { BIO_printf(bio_s_out,"Kerberos peer principal is %s\n", con->kssl_ctx->client_princ); client_princ); } #endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", Loading Loading @@ -2449,6 +2455,9 @@ static int www_body(char *hostname, int s, unsigned char *context) SSL *con; const SSL_CIPHER *c; BIO *io,*ssl_bio,*sbio; #ifndef OPENSSL_NO_KRB5 KSSL_CTX *kctx; #endif buf=OPENSSL_malloc(bufsize); if (buf == NULL) return(0); Loading Loading @@ -2480,10 +2489,10 @@ static int www_body(char *hostname, int s, unsigned char *context) } #endif #ifndef OPENSSL_NO_KRB5 if ((con->kssl_ctx = kssl_ctx_new()) != NULL) if ((kctx = kssl_ctx_new()) != NULL) { kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB); kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); } #endif /* OPENSSL_NO_KRB5 */ if(context) SSL_set_session_id_context(con, context, Loading
ssl/kssl.c +16 −0 Original line number Diff line number Diff line Loading @@ -2191,6 +2191,22 @@ krb5_error_code kssl_build_principal_2( return ENOMEM; } void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) { s->kssl_ctx = kctx; } KSSL_CTX * SSL_get0_kssl_ctx(SSL *s) { return s->kssl_ctx; } char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx) { if (kctx) return kctx->client_princ; return NULL; } #else /* !OPENSSL_NO_KRB5 */ Loading
ssl/kssl.h +4 −0 Original line number Diff line number Diff line Loading @@ -172,6 +172,10 @@ krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, krb5_timestamp *atimep, KSSL_ERR *kssl_err); unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); KSSL_CTX * SSL_get0_kssl_ctx(SSL *s); char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); #ifdef __cplusplus } #endif Loading
