make kerberos work with OPENSSL_NO_SSL_INTERN

diff --git a/apps/s_client.c b/apps/s_client.c
index 55869b4ee32eaa43814db40cc067412b9b82649c..daf22ba51cc532c311bce99f21c16ec4ddb63ac7 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -502,6 +502,9 @@ int MAIN(int argc, char **argv)
        {
        unsigned int off=0, clr=0;
        SSL *con=NULL;
+#ifndef OPENSSL_NO_KRB5
+       KSSL_CTX *kctx;
+#endif
        int s,k,width,state=0;
        char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
        int cbuf_len,cbuf_off;
@@ -1145,9 +1148,10 @@ bad:
                }
 #endif
 #ifndef OPENSSL_NO_KRB5
-       if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
+       if (con  &&  (kctx = kssl_ctx_new()) != NULL)
                 {
-                kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
+               SSL_set0_kssl_ctx(con, kctx);
+                kssl_ctx_setstring(kctx, KSSL_SERVER, host);
                }
 #endif /* OPENSSL_NO_KRB5  */
 /*     SSL_set_cipher_list(con,"RC4-MD5"); */

diff --git a/apps/s_server.c b/apps/s_server.c
index 39fdc0dbcd97c9cd07a33e10598b7863149ebaeb..0a367732da42a1a7fe224b979b1f5e6d892f18f1 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1861,6 +1861,9 @@ static int sv_body(char *hostname, int s, unsigned char *context)
        unsigned long l;
        SSL *con=NULL;
        BIO *sbio;
+#ifndef OPENSSL_NO_KRB5
+       KSSL_CTX *kctx;
+#endif
        struct timeval timeout;
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_BEOS_R5)
        struct timeval tv;
@@ -1901,12 +1904,11 @@ static int sv_body(char *hostname, int s, unsigned char *context)
                }
 #endif
 #ifndef OPENSSL_NO_KRB5
-               if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+               if ((kctx = kssl_ctx_new()) != NULL)
                         {
-                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
-                                                               KRB5SVC);
-                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
-                                                               KRB5KEYTAB);
+                       SSL_set0_kssl_ctx(con, kctx);
+                        kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
+                        kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
                         }
 #endif /* OPENSSL_NO_KRB5 */
                if(context)
@@ -2299,10 +2301,11 @@ static int init_ssl_connection(SSL *con)
                TLS1_FLAGS_TLS_PADDING_BUG)
                BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
 #ifndef OPENSSL_NO_KRB5
-       if (con->kssl_ctx->client_princ != NULL)
+       client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con));
+       if (client_princ != NULL)
                {
                BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
-                       con->kssl_ctx->client_princ);
+                                                               client_princ);
                }
 #endif /* OPENSSL_NO_KRB5 */
        BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
@@ -2324,6 +2327,9 @@ err:
        return(ret);
        }
 #endif
+#ifndef OPENSSL_NO_KRB5
+       char *client_princ;
+#endif
 
 #if 0
 static int load_CA(SSL_CTX *ctx, char *file)
@@ -2354,6 +2360,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
        SSL *con;
        const SSL_CIPHER *c;
        BIO *io,*ssl_bio,*sbio;
+#ifndef OPENSSL_NO_KRB5
+       KSSL_CTX *kctx;
+#endif
 
        buf=OPENSSL_malloc(bufsize);
        if (buf == NULL) return(0);
@@ -2385,10 +2394,10 @@ static int www_body(char *hostname, int s, unsigned char *context)
                        }
 #endif
 #ifndef OPENSSL_NO_KRB5
-       if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+       if ((kctx = kssl_ctx_new()) != NULL)
                {
-               kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
-               kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+               kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC);
+               kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB);
                }
 #endif /* OPENSSL_NO_KRB5 */
        if(context) SSL_set_session_id_context(con, context,

diff --git a/ssl/kssl.c b/ssl/kssl.c
index b820e37464f4f24468d3a31432dd995f9ef942c0..fd7c67bb1fcb6406b99ec87190c5beefda44eb53 100644 (file)
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -2194,6 +2194,22 @@ krb5_error_code  kssl_build_principal_2(
        return ENOMEM;
        }
 
+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
+       {
+       s->kssl_ctx = kctx;
+       } 
+
+KSSL_CTX * SSL_get0_kssl_ctx(SSL *s)
+       {
+       return s->kssl_ctx;
+       }
+
+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
+       {
+       if (kctx)
+               return kctx->client_princ;
+       return NULL;
+       }
 
 #else /* !OPENSSL_NO_KRB5 */
 

diff --git a/ssl/kssl.h b/ssl/kssl.h
index a3d20e1ccbdc303f5a7522f6ef2e2f8d9d2930d8..8242fd5eeb650c0ac775e14a1cf7fe7a0ac32836 100644 (file)
--- a/ssl/kssl.h
+++ b/ssl/kssl.h
@@ -172,6 +172,10 @@ krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
                                    krb5_timestamp *atimep, KSSL_ERR *kssl_err);
 unsigned char  *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
 
+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
+KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
+
 #ifdef  __cplusplus
 }
 #endif