Skip Menu |
 

From: tlyu@mit.edu
Subject: SVN Commit

With allow_weak_crypto=false, set_default_enctype_var() (helper
function for krb5_set_default_tgs_enctypes(), etc.) was rejecting any
application-provided enctype list that contained any weak enctype even
when valid strong enctypes were present. This broke some Samba
things. Filter the weak enctypes instead. Add test cases.

Reported to Debian by Holger Isenberg. (Debian bug #566977)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977
Thanks to Simo Sorce for testing.

https://github.com/krb5/krb5/commit/15734117beac425fe4e7b5a513af497115eff687
Commit By: tlyu
Revision: 23681
Changed Files:
U trunk/src/lib/krb5/krb/init_ctx.c
U trunk/src/lib/krb5/krb/t_etypes.c
From: tlyu@mit.edu
Subject: SVN Commit

pull up r23681 from trunk

------------------------------------------------------------------------
r23681 | tlyu | 2010-02-01 16:48:19 -0500 (Mon, 01 Feb 2010) | 15 lines

ticket: 6653
subject: set_default_enctype_var should filter not reject weak enctypes
tags: pullup
target_version: 1.8

With allow_weak_crypto=false, set_default_enctype_var() (helper
function for krb5_set_default_tgs_enctypes(), etc.) was rejecting any
application-provided enctype list that contained any weak enctype even
when valid strong enctypes were present. This broke some Samba
things. Filter the weak enctypes instead. Add test cases.

Reported to Debian by Holger Isenberg. (Debian bug #566977)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566977
Thanks to Simo Sorce for testing.

https://github.com/krb5/krb5/commit/8c728c6da3d733c9a4a75b8e66464955aceafcd6
Commit By: tlyu
Revision: 23704
Changed Files:
U branches/krb5-1-8/src/lib/krb5/krb/init_ctx.c
U branches/krb5-1-8/src/lib/krb5/krb/t_etypes.c