Ticket History #8988: Only require one valid pkinit anchor/pool value

# Mon Mar 08 18:52:07 2021 ghudson@mit.edu (Greg Hudson) - Ticket created

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 925B

Only require one valid pkinit anchor/pool value

When processing pkinit_anchor or pkinit_pool values, return
successfully if at least one value is successfully loaded (or if none
are configured).

pkinit_identity_prompt() was the backstop against trying anonymous
PKINIT without configured anchors. After this change it no longer is,
so add an explicit check for no anchors in pkinit_client_process().

[ghudson@mit.edu: added code to clear ignored errors; made minor style
edits; added no-anchors check]

https://github.com/krb5/krb5/commit/414cf4152c9743ca3aaef4cf9fb13628ec5f7896
Author: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 414cf4152c9743ca3aaef4cf9fb13628ec5f7896
Branch: master
src/plugins/preauth/pkinit/pkinit_clnt.c | 5 +++++
src/plugins/preauth/pkinit/pkinit_identity.c | 25 ++++++++++++++++++++-----
2 files changed, 25 insertions(+), 5 deletions(-)

# Mon Mar 08 18:52:07 2021 ghudson@mit.edu (Greg Hudson) - Requestor ghudson@mit.edu (Greg Hudson) added

# Mon Mar 08 18:52:07 2021 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'

# Mon Mar 21 21:17:45 2022 ghudson@mit.edu (Greg Hudson) - Version_Fixed 1.20 added