Merge branch 'tls-kdh' of https://github.com/arpa2/tlspool into tls-kdh

Conflicts:
	tool/get_localid.c

diff --combined src/Makefile
index 76ac3d2,f61f140..a564a57
--- 1/src/Makefile
--- 2/src/Makefile
+++ b/src/Makefile
@@@ -6,6 -6,7 +6,6 @@@ OBJS = daemon.o config.o manage.o servi
  
  CFLAGS += -pthread -I ../include -std=gnu11
  CFLAGS += $(GNUTLS_CFLAGS) $(P11KIT_CFLAGS) $(BDB_CFLAGS) $(TASN1_CFLAGS) $(UNBOUND_CFLAGS) $(QUICKDER_CFLAGS)
 -CFLAGS += -O0 -ggdb3
  
  LDFLAGS += -std=gnu11
  
@@@ -34,6 -35,8 +34,8 @@@ TASN1_LIBS   = $(shell $(PKG_CONFIG) --
  #HOWTOUSE# UNBOUND_LIBS  = $(shell $(PKG_CONFIG) --libs   libunbound)
  QUICKDER_CFLAGS = $(shell $(PKG_CONFIG) --cflags quick-der)
  QUICKDER_LIBS   = $(shell $(PKG_CONFIG) --libs   quick-der)
+ KERBEROS_CFLAGS = $(shell krb5-config --cflags)
+ KERBEROS_LIBS = $(shell krb5-config --libs)
  
  ifdef WINVER
  CFLAGS += -D_WIN32_WINNT=0x0600 -DATTRIBUTE_UNUSED="" -I ../include/windows
@@@ -44,15 -47,6 +46,15 @@@ endi
  
  PKG_CONFIG ?= pkg-config
  
 +ifdef WINVER
 +CFLAGS += -D_WIN32_WINNT=0x0600 -DATTRIBUTE_UNUSED="" -I ../include/windows
 +OBJS += windows/syslog.o windows/windows.o windows/getopt.o
 +LIBS += -lkernel32 -ladvapi32 -lmsvcrt -lwsock32 -lws2_32
 +EXE = .exe
 +endif
 +
 +PKG_CONFIG ?= pkg-config
 +
  SBIN ?= sbin
  
  BDB_CFLAGS = 
@@@ -62,16 -56,6 +64,16 @@@ els
  BDB_LIBS   = -ldb # this is the default
  endif
  
 +TASN1_CFLAGS = $(shell pkg-config --cflags libtasn1)
 +TASN1_LIBS   = $(shell pkg-config --libs   libtasn1)
 +#HOWTOUSE# UNBOUND_FLAGS = $(shell pkg-config --cflags libunbound)
 +#HOWTOUSE# UNBOUBD_LIBS  = $(shell pkg-config --libs   libunbound)
 +QUICKDER_CFLAGS = $(shell pkg-config --cflags quick-der)
 +QUICKDER_LIBS = $(shell pkg-config --libs quick-der)
 +KERBEROS_CFLAGS = $(shell krb5-config --cflags)
 +KERBEROS_LIBS = $(shell krb5-config --libs)
 +# CFLAGS += -DHAVE_TLS_KDH
 +
  all: $(TARGETS)
  
  tlspool$(EXE): $(OBJS)

diff --combined src/starttls.c
index e7fc350,f07fbd8..2383dbb
--- 1/src/starttls.c
--- 2/src/starttls.c
+++ b/src/starttls.c
@@@ -57,8 -57,6 +57,8 @@@ typedef DER_OVLY_rfc4120_EncryptedData 
  #include <sys/types.h>
  #include <sys/socket.h>
  
 +#include <krb5.h>
 +
  #ifndef __MINGW64__
  #include <arpa/inet.h>
  #endif
@@@ -3165,9 -3163,9 +3165,9 @@@ static void valexp_Oo_start (void *vcmd
                        valflag = o2vf (online_globaldir_x509 (
                                        rid,
                                        raw->data, raw->size));
- #ifdef GNUTLS_CRT_KRB
+ #ifdef HAVE_TLS_KDH
                } else if (cmd->remote_cert_type == GNUTLS_CRT_KRB) {
-                       // Kerberos is sufficiently "live" to always pass O
+                       // Kerberos is sufficiently "live" to be pass O
                        valflag = 1;
                        goto setvalflag;
  #endif

diff --combined tool/get_localid.c
index 0ce1c0e,4bd3bdf..665a7b2
--- 1/tool/get_localid.c
--- 2/tool/get_localid.c
+++ b/tool/get_localid.c
@@@ -30,7 -30,7 +30,7 @@@ const char const *usage 
  "Usage: %s tlspool.conf [user@]fqdn type [outfile.der]\n"
  " - tlspool.conf      is the configuration file for the TLS Pool\n"
  " - user@fqdn or fqdn is a network access identifier\n"
- " - type              X.509,OpenPGP,valexp,client,server,noP11,chained\n"
+ " - type              X.509,OpenPGP,Kerberos,valexp,client,server,noP11,chained\n"
  " - outfile.der       optional output file for binary encoded public data\n"
  "Since the public data is stored in a binary format, it will never be printed\n"
  "on stdout; in absense of outfile.der the value is simply not output.\n";
@@@ -45,7 -45,6 +45,7 @@@ struct typemap_t typemap [] = 
        { "X.509",      1 },
        { "OpenPGP",    2 },
        { "Kerberos",   4 },
 +      { "krb5",       4 },
        { "valexp",     5 },
        { "client",     256 },
        { "server",     512 },