Lines Matching refs:pkinit
135 * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error
137 * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error
149 * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds
158 * kdc/pkinit.c (_kdc_pk_rd_padata): leak less memory for
161 * kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers
163 * kdc/pkinit.c: Add comment that the anchors in the signed data
193 * lib/krb5/verify_krb5_conf.c: add more pkinit options.
195 * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply
209 * kdc/pkinit.c: Need better code in the DH parameter rejection
219 * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes.
223 * lib/krb5/pkinit.c: Pass down hx509_peer_info.
225 * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and
228 * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and
239 * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users
245 * kdc/config.c: Make all pkinit options prefixed with pkinit_
291 * doc/setup.texi: fix pkinit option (s/-/_/)
293 * kdc/config.c: revert the enable-pkinit change, and make it
298 * doc/setup.texi: Make all pkinit options prefixed with pkinit_
300 * kdc/config.c: Make all pkinit options prefixed with pkinit_
302 * kdc/pkinit.c: Make app pkinit options prefixed with pkinit_
304 * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_
355 * kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an
380 * kdc/pkinit.c: Catch error string from hx509_cms_verify_signed.
604 * kdc/pkinit.c: Prefix der primitives with der_.
623 * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From
758 * kdc/pkinit.c: Sign the request in the encKey case. Bug reported
896 * lib/krb5/pkinit.c: Adapt to new signature of
901 * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a
915 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string
1094 * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when
1097 * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos
1259 * lib/krb5/pkinit.c: Avoid more shadowing.
1291 * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed.
1302 * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its
1315 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move
1319 * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to
1322 * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1
1336 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use
1344 * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check
1347 * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in
1397 * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more
1428 * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no
1437 * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if
1438 it seems to be valid, simplfy the pkinit-windows DH case (it
1505 * lib/krb5/pkinit.c (cert2epi): don't include subject if its null
1509 * lib/krb5/pkinit.c: Send over what trust anchors the client have
1512 * lib/krb5/pkinit.c (pk_verify_host): set better error string,
1516 * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log
1528 * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address
1563 * kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool
1566 * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose
1569 * kdc/pkinit.c (_kdc_pk_check_client): Use
1616 * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the
1624 * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding
1635 * lib/krb5/pkinit.c: Add pkinit_require_eku and
1644 * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
1646 * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1.
1650 * kdc/pkinit.c (_kdc_pk_rd_padata): use
1655 * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and
1668 * kdc/pkinit.c: Added certificate revoke information.
1673 * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke
1843 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix
1851 * kdc/pkinit.c: Add pool of certificates to help certificate path
1854 * lib/krb5/pkinit.c: Add pool of certificates to help certificate
1863 * kdc/pkinit.c: Allow passing in related certificates used to
1882 * lib/krb5/pkinit.c: Use less openssl, spell chelling.
1884 * kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with
1895 * kdc/pkinit.c: Switch to hx509.
1897 * lib/krb5/pkinit.c: Switch to hx509.
1906 * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the
1966 * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when
1967 compiling w/o pkinit.
1971 * lib/krb5/pkinit.c: update to new paChecksum definition, update
1974 * kdc/pkinit.c: update to new paChecksum definition, use