[Heimdal-source-changes] [heimdal/heimdal] dd762e: kadmin: Improve ext_keytab usage

Nico Williams noreply at github.com
Sat Dec 7 04:34:31 CET 2019 

  Branch: refs/heads/d4a319d57
  Home:   https://github.com/heimdal/heimdal
  Commit: dd762e53d1e7511324fffd8349d7885d7a63cd13
      https://github.com/heimdal/heimdal/commit/dd762e53d1e7511324fffd8349d7885d7a63cd13
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-06 (Fri, 06 Dec 2019)

  Changed paths:
    M kadmin/kadmin-commands.in
    M kadmin/kadmin.1

  Log Message:
  -----------
  kadmin: Improve ext_keytab usage


  Commit: d4a319d57ddb465f2027a13e4f89e2ab318c884c
      https://github.com/heimdal/heimdal/commit/d4a319d57ddb465f2027a13e4f89e2ab318c884c
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-06 (Fri, 06 Dec 2019)

  Changed paths:
    M lib/gssapi/gss-token.c

  Log Message:
  -----------
  gss: fix gss-token accept bug


  Commit: 3f81fa6c3ebd250df468bad283d858892a122521
      https://github.com/heimdal/heimdal/commit/3f81fa6c3ebd250df468bad283d858892a122521
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-06 (Fri, 06 Dec 2019)

  Changed paths:
    M lib/hx509/cert.c
    M lib/hx509/hx509.h
    M lib/hx509/keyset.c
    M lib/hx509/ks_file.c
    M lib/hx509/ks_keychain.c
    M lib/hx509/ks_p11.c
    M lib/hx509/ks_p12.c
    M lib/hx509/libhx509-exports.def
    M lib/hx509/req.c
    M lib/hx509/version-script.map

  Log Message:
  -----------
  hx509: private key exclusion option

Add two ways to exclude private keys when dealing with an hx509
certificate store.

This is useful for CA code so it can have a single store with the
issuer's credentials _and_ the chain for it, and copy those to a store
with the issued certificate and _not_ accidentally include the issuer's
private key.


  Commit: b896158270d9958a789e9757a626e07112345c1f
      https://github.com/heimdal/heimdal/commit/b896158270d9958a789e9757a626e07112345c1f
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-06 (Fri, 06 Dec 2019)

  Changed paths:
    M kdc/ca.c

  Log Message:
  -----------
  kdc: kx509: Do not vend issuer private keys


  Commit: a5882a5e7371b929f0a150ceb51cdd86343bc2f9
      https://github.com/heimdal/heimdal/commit/a5882a5e7371b929f0a150ceb51cdd86343bc2f9
  Author: Nicolas Williams <nico at twosigma.com>
  Date:   2019-12-06 (Fri, 06 Dec 2019)

  Changed paths:
    M kdc/bx509d.c
    M lib/gssapi/gss-token.c
    M tests/kdc/Makefile.am
    M tests/kdc/check-bx509.in

  Log Message:
  -----------
  bx509: CSRF protection for /bnegotiate


Compare: https://github.com/heimdal/heimdal/compare/dd762e53d1e7%5E...a5882a5e7371

More information about the Heimdal-source-changes mailing list