Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.1KiB

Add the certauth dbmatch module

Add and enable the "dbmatch" builtin module. Add the
pkinit_client_cert_match() and crypto_req_cert_matching_data() helper
functions. Add dbmatch tests to t_pkinit.py. Add documentation to
krb5_conf.rst, pkinit.rst, and kadmin_local.rst.

[ghudson@mit.edu: simplified code, edited docs]

https://github.com/krb5/krb5/commit/89634ca049e698d7dd2554f5c49bfc499be96188
Author: Matt Rogers <mrogers@redhat.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 89634ca049e698d7dd2554f5c49bfc499be96188
Branch: master
doc/admin/admin_commands/kadmin_local.rst | 7 +++
doc/admin/conf_files/krb5_conf.rst | 5 ++
doc/admin/pkinit.rst | 20 +++++++
src/plugins/preauth/pkinit/pkinit.h | 7 +++
src/plugins/preauth/pkinit/pkinit_crypto.h | 6 ++
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 18 ++++++
src/plugins/preauth/pkinit/pkinit_matching.c | 37 +++++++++++++
src/plugins/preauth/pkinit/pkinit_srv.c | 55 ++++++++++++++++++++
src/tests/t_pkinit.py | 37 +++++++++++++
9 files changed, 192 insertions(+), 0 deletions(-)
From: ghudson@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.5KiB

Add test cert with no extensions

Add commands to make-certs.sh to generate a test client certificate
with no certificate extensions. Re-run make-certs.sh.

https://github.com/krb5/krb5/commit/0d23835660ab131d244d395e4568969b5c0dc678
Author: Greg Hudson <ghudson@mit.edu>
Commit: 0d23835660ab131d244d395e4568969b5c0dc678
Branch: master
src/tests/dejagnu/pkinit-certs/ca.pem | 32 +++++++-------
src/tests/dejagnu/pkinit-certs/generic.p12 | Bin 0 -> 2477 bytes
src/tests/dejagnu/pkinit-certs/generic.pem | 21 ++++++++++
src/tests/dejagnu/pkinit-certs/kdc.pem | 32 +++++++-------
src/tests/dejagnu/pkinit-certs/make-certs.sh | 9 ++++
src/tests/dejagnu/pkinit-certs/privkey-enc.pem | 52 ++++++++++++------------
src/tests/dejagnu/pkinit-certs/privkey.pem | 50 +++++++++++-----------
src/tests/dejagnu/pkinit-certs/user-enc.p12 | Bin 2837 -> 2837 bytes
src/tests/dejagnu/pkinit-certs/user-upn.p12 | Bin 2829 -> 2829 bytes
src/tests/dejagnu/pkinit-certs/user-upn.pem | 30 +++++++-------
src/tests/dejagnu/pkinit-certs/user-upn2.p12 | Bin 2813 -> 2813 bytes
src/tests/dejagnu/pkinit-certs/user-upn2.pem | 32 +++++++-------
src/tests/dejagnu/pkinit-certs/user-upn3.csr | 16 -------
src/tests/dejagnu/pkinit-certs/user-upn3.p12 | Bin 2829 -> 2829 bytes
src/tests/dejagnu/pkinit-certs/user-upn3.pem | 30 +++++++-------
src/tests/dejagnu/pkinit-certs/user.p12 | Bin 2837 -> 2837 bytes
src/tests/dejagnu/pkinit-certs/user.pem | 30 +++++++-------
17 files changed, 174 insertions(+), 160 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Add PKINIT test case for generic client cert

In t_pkinit.py, add a test case where a client cert with no extensions
is authorized via subject and issuer using a pkinit_cert_match string
attribute.

https://github.com/krb5/krb5/commit/8c5d50888aab554239fd51306e79c5213833c898
Author: Greg Hudson <ghudson@mit.edu>
Commit: 8c5d50888aab554239fd51306e79c5213833c898
Branch: master
src/tests/t_pkinit.py | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)