Content-Type: text/plain; charset="utf-8" X-RT-Interface: API X-Mailer: MIME-tools 5.507 (Entity 5.507) Subject: git commit Content-Transfer-Encoding: binary From: ghudson@mit.edu MIME-Version: 1.0 Content-Disposition: inline X-RT-Original-Encoding: ascii RT-Message-ID: Content-Length: 1063 Eliminate redundant PKINIT responder invocation In pkinit_client_prep_questions(), only act if the input padata type is KRB5_PADATA_PK_AS_REQ. Otherwise we will ask questions again when the KDC issues a ticket. Commit 7621d2f9a87214327ca3b2594e34dc7cea84596b (ticket 8242) unintentionally changed the behavior of pkinit_load_fs_cert_and_key(), causing pkinit_client_prep_questions() to do nothing on its first call. Restore the original behavior of returning 0 when prompting is deferred. Modify the existing "FILE identity, password on key (responder)" PKINIT test to check that the responder is only invoked once. https://github.com/krb5/krb5/commit/f1286842ce7b9e507a4ce0a47f44ab361a98be63 Author: Greg Hudson Commit: f1286842ce7b9e507a4ce0a47f44ab361a98be63 Branch: master src/plugins/preauth/pkinit/pkinit_clnt.c | 5 +++++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 13 +++++++------ src/tests/t_pkinit.py | 11 +++++++---- 3 files changed, 19 insertions(+), 10 deletions(-)