Hello, About three weeks ago I have got a problem with KRB5 cipher crash for FQDN not equal SPN's FQDN at keytab. This looks like #536 (http://rt.openssl.org/Ticket/Display.html?id=536) and resolved with fixing checks at kssl_keytab_is_available()
http://git.altlinux.org/people/sin/packages/openssl.git?p=openssl.git;a=blob;f=openssl-0.9.8h-kssl-keytab-available.patch;h=e37bdf8ecc50b37b40d14bc05e6d3898609c109e;hb=e7842e61f95d7c3df520ff38b37e20f5068a65eb openssl-0.9.8h-kssl-keytab-available.patch: --- openssl/ssl/kssl.c.orig 2008-08-10 20:09:41 +0400 +++ openssl/ssl/kssl.c 2008-11-05 15:17:10 +0300 @@ -1806,6 +1806,8 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx) krb5rc = krb5_sname_to_principal(krb5context, NULL, kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC, KRB5_NT_SRV_HST, &princ); + if (krb5rc) + goto exit; krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, -- Sin (Sinelnikov Evgeny)
openssl-0.9.8h-kssl-keytab-available.patch
Description: Binary data
