I believe these patches correct the problem:
*** \ssl\tmp\ssl3.h Thu Oct 10 05:04:18 2002
--- ssl3.h Tue Oct 15 14:01:42 2002
***************
*** 215,234 ****
#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
! #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
! #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
- #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
- #define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
! #define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
#define SSL3_SSL_SESSION_ID_LENGTH 32
--- 215,234 ----
#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
+ #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
! #define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
+ #define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
! #define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
! #define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
#define SSL3_SSL_SESSION_ID_LENGTH 32
*** \ssl\tmp\s3_lib.c Thu Oct 10 04:03:52 2002
--- s3_lib.c Tue Oct 15 14:01:14 2002
***************
*** 676,683 ****
/* Cipher 28 VRS */
{
1,
! SSL3_TXT_KRB5_RC4_40_CBC_SHA,
! SSL3_CK_KRB5_RC4_40_CBC_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
--- 676,683 ----
/* Cipher 28 VRS */
{
1,
! SSL3_TXT_KRB5_RC4_40_SHA,
! SSL3_CK_KRB5_RC4_40_SHA,
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
***************
*** 718,725 ****
/* Cipher 2B VRS */
{
1,
! SSL3_TXT_KRB5_RC4_40_CBC_MD5,
! SSL3_CK_KRB5_RC4_40_CBC_MD5,
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
--- 718,725 ----
/* Cipher 2B VRS */
{
1,
! SSL3_TXT_KRB5_RC4_40_MD5,
! SSL3_CK_KRB5_RC4_40_MD5,
SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
SSL_EXPORT|SSL_EXP40,
0,
> Richard:
>
> Just tried to build this and it fails:
>
> .\ssl\s3_lib.c(609) : error C2065: 'SSL3_TXT_KRB5_DES_192_CBC3_MD5' :
> undeclared identifier
> .\ssl\s3_lib.c(609) : error C2099: initializer is not a constant
> .\ssl\s3_lib.c(610) : warning C4047: 'initializing' : 'const char *'
> differs in levels of indirection from 'const int '
> .\ssl\s3_lib.c(637) : error C2065: 'SSL3_TXT_KRB5_IDEA_128_CBC_MD5' :
> undeclared identifier
> .\ssl\s3_lib.c(637) : error C2099: initializer is not a constant
> .\ssl\s3_lib.c(638) : warning C4047: 'initializing' : 'const char *'
> differs in levels of indirection from 'const int '
> .\ssl\s3_lib.c(679) : error C2065: 'SSL3_TXT_KRB5_RC4_40_CBC_SHA' :
> undeclared identifier
> .\ssl\s3_lib.c(679) : error C2099: initializer is not a constant
> .\ssl\s3_lib.c(680) : error C2065: 'SSL3_CK_KRB5_RC4_40_CBC_SHA' :
> undeclared identifier
> .\ssl\s3_lib.c(680) : error C2099: initializer is not a constant
> .\ssl\s3_lib.c(681) : warning C4047: 'initializing' : 'const char *'
> differs in levels of indirection from 'const long '
> .\ssl\s3_lib.c(707) : error C2065: 'SSL3_TXT_KRB5_RC2_40_CBC_MD5' :
> undeclared identifier
> .\ssl\s3_lib.c(707) : error C2099: initializer is not a constant
> .\ssl\s3_lib.c(708) : warning C4047: 'initializing' : 'const char *'
> differs in levels of indirection from 'const int '
> .\ssl\s3_lib.c(721) : error C2065: 'SSL3_TXT_KRB5_RC4_40_CBC_MD5' :
> undeclared identifier
> .\ssl\s3_lib.c(721) : error C2099: initializer is not a constant
> .\ssl\s3_lib.c(722) : error C2065: 'SSL3_CK_KRB5_RC4_40_CBC_MD5' :
> undeclared identifier
> .\ssl\s3_lib.c(722) : error C2099: initializer is not a constant
> .\ssl\s3_lib.c(723) : warning C4047: 'initializing' : 'const char *'
> differs in levels of indirection from 'const long '
>
> It looks like the identifiers in ssl.h are wrong.
>
>
> >
> > There, I finally got the time to put this in. Just commited.
> > Please test the next 0.9.7 snapshot and make sure I got it all right.
> >
> > This ticket is now resolved.
> >
> > [[EMAIL PROTECTED] - Mon Sep 30 18:55:14 2002]:
> >
> > > Any chance of making progress on this?
> > >
> > > As a reminder, the issue is that the Kerberos ciphersuites in
> > OpenSSL do
> > > not use the IDs defined in RFC2712, which obviously has negative
> > effects
> > > on interoperability.
> >
> > --
> > Richard Levitte
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > Development Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
>
> Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!!
> The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP
> http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and
> [EMAIL PROTECTED] OpenSSL.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
