[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKINIT support in which version?
[There is some additional information in the reposting, and a bug report.]
Henry B. Hotz wrote:
> I'm assuming that the final draft-34 version of PKINIT isn't what's
> supported in the latest released version of Heimdal, 0.7.2.
>
> Are the daily snapshots good enough, or do I need some CVS variant to
> get the current PKINIT support?
I was using the daily snapshots, to use the client with the W2K
compatibility code. I added CPPFLAGS="-DPKINIT"
I had been using a version from 2005/10/06. I downloaded
snapshot/heimdal-20060306.tar.gz, and have been using it with one
change to pkinit.c. (I checked today's snapshot/heimdal-20060317.tar.gz
and the pkinit.c is the same so this patch should also apply.)
--- ,pkinit.c Tue Feb 14 04:08:29 2006
+++ pkinit.c Fri Mar 17 13:09:58 2006
@@ -1821,7 +1821,7 @@
return ret;
}
ret = pk_rd_pa_reply_enckey(context, COMPAT_WIN2K, &ci, ctx,
- etype, hi, nonce, NULL, pa, key);
+ etype, hi, nonce, req_buffer, pa, key);
free_ContentInfo(&ci);
break;
default:
Without this there is a bus error or segfault, as the NULL req_buffer
is passed to get_reply_key at line 1514.
This would fail on RedHat or Mac OS 10.4
The KDCs are W2k3.
The certifricates and keys are accessed using the engine code to
OpenSC and pcsc-lite with either a PIV-II card or a GemPlus card.
> ------------------------------------------------------------------------
> ----
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444