[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Poor error handling on expired cerficates

To: heimdal-discuss@sics.se
Subject: Poor error handling on expired cerficates
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 03 Mar 2008 15:01:22 +1100
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, Andrew Bartlett <abartlet@samba.org>

In Samba's snapshot of Heimdal, we have been having some trouble with
expired certificates and PKINIT.

The error we were getting was 'salt type 3 not valid' (caused because a
PKINIT error reply doesn't send normal encryption types), rather than a
sensible error.  

This should be easily reproduced by grabbing Samba4 alpha2, or I can
post the certificates we were using.  

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

This is a digitally signed message part

Prev by Date: Re: Heimdal 1.1 telnetd broken under Solaris 10
Next by Date: current SVN not passing 'make check'
Prev by thread: Re: Renewing tickets broken on Heimdal 1.0.1
Next by thread: current SVN not passing 'make check'
Index(es):
- Date
- Thread