Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: tlyu@mit.edu Subject: git commit X-RT-Original-Encoding: iso-8859-1 Content-Length: 721 Don't blindly use PKCS11 slot IDs in PKINIT Passing invalid slot IDs to C_OpenSession can cause some PKCS #11 implementations (such as the Solaris one) to crash. If a PKINIT identity specifies a slotid, use it to filter the result of C_GetSlotList, but don't try it if it does not appear in the list. (cherry picked from commit ac406bac3d73a7e4efcc74adbb90c722457da969) https://github.com/krb5/krb5/commit/1bc131a069dfe31d2a78f8c1f84e43027a3da967 Author: Greg Hudson Committer: Tom Yu Commit: 1bc131a069dfe31d2a78f8c1f84e43027a3da967 Branch: krb5-1.11 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 27 +++++++++---------- 1 files changed, 13 insertions(+), 14 deletions(-)