diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2014-04-17 17:17:13 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2014-06-02 18:09:47 -0400 |
commit | f220067c2969aab107bd1300ad1cb8d4855389a7 (patch) | |
tree | 169dadfa34b5fdd4e0635cef321150b0e1240973 /src/include | |
parent | d950809ff49e3e7603594186d77135a09ab6b1b2 (diff) | |
download | krb5-f220067c2969aab107bd1300ad1cb8d4855389a7.zip krb5-f220067c2969aab107bd1300ad1cb8d4855389a7.tar.gz krb5-f220067c2969aab107bd1300ad1cb8d4855389a7.tar.bz2 |
Load custom anchors when using KKDCP
Add an http_anchors per-realm setting which we'll apply when using an
HTTPS proxy, more or less mimicking the syntax of its similarly-named
PKINIT counterpart. We only check the [realms] section, though.
ticket: 7929
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/k5-int.h | 1 | ||||
-rw-r--r-- | src/include/k5-trace.h | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 8f039ee..187d16d 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -212,6 +212,7 @@ typedef unsigned char u_char; #define KRB5_CONF_EXTRA_ADDRESSES "extra_addresses" #define KRB5_CONF_FORWARDABLE "forwardable" #define KRB5_CONF_HOST_BASED_SERVICES "host_based_services" +#define KRB5_CONF_HTTP_ANCHORS "http_anchors" #define KRB5_CONF_IGNORE_ACCEPTOR_HOSTNAME "ignore_acceptor_hostname" #define KRB5_CONF_IPROP_ENABLE "iprop_enable" #define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize" diff --git a/src/include/k5-trace.h b/src/include/k5-trace.h index f0d79f1..046bc95 100644 --- a/src/include/k5-trace.h +++ b/src/include/k5-trace.h @@ -324,6 +324,13 @@ void krb5int_trace(krb5_context context, const char *fmt, ...); TRACE(c, "Resolving hostname {str}", hostname) #define TRACE_SENDTO_KDC_RESPONSE(c, len, raddr) \ TRACE(c, "Received answer ({int} bytes) from {raddr}", len, raddr) +#define TRACE_SENDTO_KDC_HTTPS_NO_REMOTE_CERTIFICATE(c) \ + TRACE(c, "HTTPS server certificate not received") +#define TRACE_SENDTO_KDC_HTTPS_PROXY_CERTIFICATE_ERROR(c, depth, \ + namelen, name, \ + err, errs) \ + TRACE(c, "HTTPS certificate error at {int} ({lenstr}): " \ + "{int} ({str})", depth, namelen, name, err, errs) #define TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(c, raddr) \ TRACE(c, "HTTPS error connecting to {raddr}", raddr) #define TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(c, raddr, err) \ |