diff options
| author | Ken Hornstein <kenh@cmf.nrl.navy.mil> | 2021-01-27 21:21:19 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2021-02-17 15:29:19 -0500 |
| commit | 2a3a4088ecafea68d0a91a48c4abc3c11cdf59d8 (patch) | |
| tree | 9d743060a59c0de4ed18ad12ac8466b5b26fa9c4 /src/man/kpropd.man | |
| parent | 3e36b25712d940a8e325abc407143634365b51d0 (diff) | |
| download | krb5-2a3a4088ecafea68d0a91a48c4abc3c11cdf59d8.zip krb5-2a3a4088ecafea68d0a91a48c4abc3c11cdf59d8.tar.gz krb5-2a3a4088ecafea68d0a91a48c4abc3c11cdf59d8.tar.bz2 | |
Load certs when checking pkinit_identities values
Move the crypto_load_certs() probe from pkinit_identity_initialize()
to process_option_identity(). This will attempt to load a certificate
for each pkinit_identities value, and if the certificate load fails to
move to the next line.
For PKCS11, return an error if pkinit_open_session() fails, but do not
fail in pkinit_open_session() just because identity prompts are
deferred.
[ghudson@mit.edu: added test case; moved cert probe to
process_option_identity(); rewrote commit message]
(cherry picked from commit 13ae08e70a05768d4f65978ce1a8d4e16fec0d35)
ticket: 8984
version_fixed: 1.19.1
Diffstat (limited to 'src/man/kpropd.man')
0 files changed, 0 insertions, 0 deletions