Skip Menu |
 

Subject: session_enctypes is ignored if it is empty or evaluates to an empty list
dbentry_supports_enctype() ignores session_enctypes if it is empty due
to this conditional:

if (retval == 0 && etypes_str != NULL && *etypes_str != '\0')

and also ignores it if it evaluates to an empty list due to this
conditional:

if (retval == 0 && etypes != NULL && etypes[0]) {

The second behavior can be surprising because the enctype list may
contain values which are filtered out due to allow_weak_crypto=false.
Empty values and lists should probably be treated as empty lists, even
if that results in the service principal not working.