>
> This all looks good to me. I don't have any strong feelings about
> exactly where in the code to do the test. As long as the test is
> performed for each ClientHello message it should be able to handle
> renegotiation OK.
>
> FYI, on the server side, I think the test should be not whether
> /etc/krb5.keytab exists, but whether it is readable. In case e.g.
> a uid=nobody apache tries to read a root-owned mode 0600 keytab.
The test is actually a bit complicated (that is why it will be hidden)
because keytabs do not have to be stored in files. But I will take
care of that in the kssl.c file.
Jeffrey Altman * Sr.Software Designer
The Kermit Project * Columbia University
612 West 115th St * New York, NY * 10025 * USA
http://www.kermit-project.org/ * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
