Skip Menu |

Subject: git commit

Only require one valid pkinit anchor/pool value

When processing pkinit_anchor or pkinit_pool values, return
successfully if at least one value is successfully loaded (or if none
are configured).

pkinit_identity_prompt() was the backstop against trying anonymous
PKINIT without configured anchors. After this change it no longer is,
so add an explicit check for no anchors in pkinit_client_process().

[ added code to clear ignored errors; made minor style
edits; added no-anchors check]
Author: Ken Hornstein <>
Committer: Greg Hudson <>
Commit: 414cf4152c9743ca3aaef4cf9fb13628ec5f7896
Branch: master
src/plugins/preauth/pkinit/pkinit_clnt.c | 5 +++++
src/plugins/preauth/pkinit/pkinit_identity.c | 25 ++++++++++++++++++++-----
2 files changed, 25 insertions(+), 5 deletions(-)