It seems the patch got dropped somewhere. New try.
On Friday 28 Mar 2003 11:30, [EMAIL PROTECTED] via RT wrote:
> I created a patch file for openssl 0.9.7a to allow the control of the
> kerberos credential cache.
>
> Regards
> Markus
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
diff -cr openssl-0.9.7a/include/openssl/kssl.h openssl-0.9.7a-new/include/openssl/kssl.h
*** openssl-0.9.7a/include/openssl/kssl.h Tue Nov 26 10:09:27 2002
--- openssl-0.9.7a-new/include/openssl/kssl.h Thu Mar 27 14:11:11 2003
***************
*** 138,143 ****
--- 138,144 ----
#define KSSL_SERVER 2
#define KSSL_SERVICE 3
#define KSSL_KEYTAB 4
+ #define KSSL_CCACHE 5
#define KSSL_CTX_OK 0
#define KSSL_CTX_ERR 1
diff -cr openssl-0.9.7a/ssl/kssl.c openssl-0.9.7a-new/ssl/kssl.c
*** openssl-0.9.7a/ssl/kssl.c Tue Dec 24 21:53:34 2002
--- openssl-0.9.7a-new/ssl/kssl.c Thu Mar 27 14:14:24 2003
***************
*** 1084,1095 ****
goto err;
}
! if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
! {
! kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
! "krb5_cc_default fails.\n");
! goto err;
! }
if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
&krb5creds.client)) != 0)
--- 1084,1104 ----
goto err;
}
! if (kssl_ctx->cred_cache) {
! if ((krb5rc = krb5_cc_resolve(krb5context, kssl_ctx->cred_cache, &krb5ccdef)) != 0)
! {
! kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
! "krb5_cc_resolve fails.\n");
! goto err;
! }
! } else {
! if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
! {
! kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
! "krb5_cc_default fails.\n");
! goto err;
! }
! }
if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
&krb5creds.client)) != 0)
***************
*** 1557,1562 ****
--- 1566,1572 ----
if (kssl_ctx->service_host) free(kssl_ctx->service_host);
if (kssl_ctx->service_name) free(kssl_ctx->service_name);
if (kssl_ctx->keytab_file) free(kssl_ctx->keytab_file);
+ if (kssl_ctx->cred_cache) free(kssl_ctx->cred_cache);
free(kssl_ctx);
return (KSSL_CTX *) NULL;
***************
*** 1621,1626 ****
--- 1631,1637 ----
case KSSL_SERVER: string = &kssl_ctx->service_host; break;
case KSSL_CLIENT: string = &kssl_ctx->client_princ; break;
case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break;
+ case KSSL_CCACHE: string = &kssl_ctx->cred_cache; break;
default: return KSSL_CTX_ERR; break;
}
if (*string) free(*string);
***************
*** 1717,1722 ****
--- 1728,1735 ----
(kssl_ctx->service_host)? kssl_ctx->service_host: "NULL");
printf("\tkeytab:\t%s\n",
(kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL");
+ printf("\tccache:\t%s\n",
+ (kssl_ctx->cred_cache)? kssl_ctx->cred_cache: "NULL");
printf("\tkey [%d:%d]:\t",
kssl_ctx->enctype, kssl_ctx->length);
***************
*** 1809,1817 ****
KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
goto err;
! if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
! goto err;
!
if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
&krb5creds.client)) != 0)
goto err;
--- 1822,1834 ----
KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
goto err;
! if (kssl_ctx->cred_cache) {
! if ((krb5rc = krb5_cc_resolve(krb5context, kssl_ctx->cred_cache, &krb5ccdef)) != 0)
! goto err;
! } else {
! if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
! goto err;
! }
if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
&krb5creds.client)) != 0)
goto err;
***************
*** 2049,2055 ****
--- 2066,2074 ----
#ifdef KSSL_DEBUG
printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
+ { int padl;
for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
+ }
printf("\n");
#endif /* KSSL_DEBUG */
diff -cr openssl-0.9.7a/ssl/kssl.h openssl-0.9.7a-new/ssl/kssl.h
*** openssl-0.9.7a/ssl/kssl.h Tue Nov 26 10:09:27 2002
--- openssl-0.9.7a-new/ssl/kssl.h Thu Mar 27 14:11:11 2003
***************
*** 138,143 ****
--- 138,144 ----
#define KSSL_SERVER 2
#define KSSL_SERVICE 3
#define KSSL_KEYTAB 4
+ #define KSSL_CCACHE 5
#define KSSL_CTX_OK 0
#define KSSL_CTX_ERR 1
