Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: git commit
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 954


Add tests for PKINIT using responder functionality

We now also test that the PKINIT challenge looks like we expect it to
look, that PKINIT fails if we don't provide a response or a prompter
callback, and that PKINIT succeeds with a response provided using either
the raw responder API or the PKINIT responder functions.

One thing that we don't check is which specific error code we get when
PKINIT fails:  the OpenSSL and NSS versions return different error codes
(some mixture of EIO, ENOMEM, ENOENT, and KRB5KDC_ERR_PREAUTH_FAILED)
when they encounter trouble loading client credentials.

https://github.com/krb5/krb5/commit/d3d07c3b2f3710c520af5698c096f124cc90f916
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: d3d07c3b2f3710c520af5698c096f124cc90f916
Branch: master
 src/tests/t_authpkinit.py |  160 +++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 160 insertions(+), 0 deletions(-)