Some of the Kerberos code had dissapeared. Reapply.

author Richard Levitte <levitte@openssl.org>

Thu, 12 Jul 2001 08:51:47 +0000 (08:51 +0000)

committer Richard Levitte <levitte@openssl.org>

Thu, 12 Jul 2001 08:51:47 +0000 (08:51 +0000)
author Richard Levitte <levitte@openssl.org>
Thu, 12 Jul 2001 08:51:47 +0000 (08:51 +0000)
committer Richard Levitte <levitte@openssl.org>
Thu, 12 Jul 2001 08:51:47 +0000 (08:51 +0000)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c

index 3451ba7939b1ecffaae2e325c3b03b9039e274db..413e2e65515eb8a28c458679ad584680e38049fe 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -766,7 +766,12 @@ static int ssl3_get_server_certificate(SSL *s)
                 }
  
         i=ssl_verify_cert_chain(s,sk);
-       if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+       if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+#ifndef OPENSSL_NO_KRB5
+                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                != (SSL_aKRB5|SSL_kKRB5)
+#endif /* OPENSSL_NO_KRB5 */
+                )
                 {
                 al=ssl_verify_alarm_type(s->verify_result);
                 SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
author	Richard Levitte <levitte@openssl.org>
	Thu, 12 Jul 2001 08:51:47 +0000 (08:51 +0000)
committer	Richard Levitte <levitte@openssl.org>
	Thu, 12 Jul 2001 08:51:47 +0000 (08:51 +0000)