Subject: | session_enctypes is ignored if it is empty or evaluates to an empty list |
dbentry_supports_enctype() ignores session_enctypes if it is empty due
to this conditional:
if (retval == 0 && etypes_str != NULL && *etypes_str != '\0')
and also ignores it if it evaluates to an empty list due to this
conditional:
if (retval == 0 && etypes != NULL && etypes[0]) {
The second behavior can be surprising because the enctype list may
contain values which are filtered out due to allow_weak_crypto=false.
Empty values and lists should probably be treated as empty lists, even
if that results in the service principal not working.
to this conditional:
if (retval == 0 && etypes_str != NULL && *etypes_str != '\0')
and also ignores it if it evaluates to an empty list due to this
conditional:
if (retval == 0 && etypes != NULL && etypes[0]) {
The second behavior can be surprising because the enctype list may
contain values which are filtered out due to allow_weak_crypto=false.
Empty values and lists should probably be treated as empty lists, even
if that results in the service principal not working.