[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changing signature algorithm
8 jun 2007 kl. 12.39 skrev Tom Hansen:
> That seems to do it. Thanks for the update. I noticed you mentioned
> the old code supported PacketCable. Why was it removed in 0.8?
> Unfortunately the mail archives only go back a few months so not
> much returns when searching for it in the list. Pardon me if this
> was already discussed.
The packet cable code was slowly dying because it was no longer
maintained and when I migrated to hx509 I had no way to check it it
I have no problem maintaning packet-cable code in there, just as long
as there is some chance that it accually might work.
What I would consider the limit would be tests in the regression
suite that tested the code, tests/kdc/check-pkinit.in does this for
both windows, IETF(DH and EncKey) plus a sample transaction in tests/
If you want a code-drop from the old source-code or any help to get
this working, just ask.
> ----- Original Message ----
> From: Love Hörnquist Åstrand <email@example.com>
> To: firstname.lastname@example.org; Tom Hansen <email@example.com>
> Sent: Wednesday, June 6, 2007 8:03:58 PM
> Subject: Re: Changing signature algorithm
> 6 jun 2007 kl. 19.29 skrev Tom Hansen:
>> Trunk? The latest snapshot on ftp is 8.1 rc3 but that doesn't have
>> peer-alg. It seems peer-alg can be used somewhere along
>> krb5_pk_create_sign or other func to set the signatureAlgo to a
>> desired value.
> From http://www.h5l.se/#vc
> svn checkout svn://svn.h5l.se/heimdal/trunk/heimdal heimdal
> cd heimdal
> autoreconf -f -i
>> On the other point, it sounds like the signature algorithm can be
>> kept as is but changing the oid to ...1.1.1 is really all that
>> packetcable is requiring. It seems like an odd requirement.
> Yes, that is what the patch I commited does.
> Yahoo! oneSearch: Finally, mobile search
> that gives answers, not web links.