Prevent KSSL server from requesting a client certificate.
authorRichard Levitte <levitte@openssl.org>
Thu, 12 Jul 2001 16:17:33 +0000 (16:17 +0000)
committerRichard Levitte <levitte@openssl.org>
Thu, 12 Jul 2001 16:17:33 +0000 (16:17 +0000)
Submitted by Jeffrey Altman <jaltman@columbia.edu>

ssl/kssl.c
ssl/s3_srvr.c
ssl/t1_enc.c

index 6fd8e7e..be44ccb 100644 (file)
@@ -1909,10 +1909,13 @@ krb5_error_code  kssl_check_authent(
        if (authentp == NULL  ||  authentp->length == 0)  return 0;
 
 #ifdef KSSL_DEBUG
+        {
+        unsigned int ui;
        printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
        p = authentp->data; 
-       for (padl=0; padl < authentp->length; padl++)  printf("%02x ",p[padl]);
+       for (ui=0; ui < authentp->length; ui++)  printf("%02x ",p[ui]);
        printf("\n");
+        }
 #endif /* KSSL_DEBUG */
 
        unencbufsize = 2 * authentp->length;
index bcf8c87..20b8cc9 100644 (file)
@@ -311,7 +311,9 @@ int ssl3_accept(SSL *s)
                                ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
                                 /* ... except when the application insists on verification
                                  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
-                                !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
+                                !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                                 /* never request cert in Kerberos ciphersuites */
+                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
                                {
                                /* no cert request */
                                skip=1;
index 97d92ca..57d76cb 100644 (file)
@@ -493,7 +493,7 @@ int tls1_enc(SSL *s, int send)
 
 #ifdef KSSL_DEBUG
                {
-                unsigned long i;
+                unsigned long ui;
                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
                         ds,rec->data,rec->input,l);
                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
@@ -504,7 +504,7 @@ int tls1_enc(SSL *s, int send)
                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
                printf("\n");
                printf("\trec->input=");
-               for (i=0; i<l; i++) printf(" %02x", rec->input[i]);
+               for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
                printf("\n");
                }
 #endif /* KSSL_DEBUG */