Merge branch 'tls-kdh' of https://github.com/arpa2/tlspool into tls-kdh

Conflicts:
	tool/get_localid.c

diff --git a/etc/root.key b/etc/root.key
index 63cf1ec..8d33957 100644 (file)
--- a/etc/root.key
+++ b/etc/root.key
@@ -1,8 +1,8 @@
 ; autotrust trust anchor file
 ;;id: . 1
-;;last_queried: 1466942059 ;;Sun Jun 26 12:54:19 2016
-;;last_success: 1466942059 ;;Sun Jun 26 12:54:19 2016
-;;next_probe_time: 1466982133 ;;Mon Jun 27 00:02:13 2016
+;;last_queried: 1467295838 ;;Thu Jun 30 15:10:38 2016
+;;last_success: 1467295838 ;;Thu Jun 30 15:10:38 2016
+;;next_probe_time: 1467336964 ;;Fri Jul  1 02:36:04 2016
 ;;query_failed: 0
 ;;query_interval: 43200
 ;;retry_time: 8640

diff --git a/src/Makefile b/src/Makefile
index 76ac3d2..a564a57 100644 (file)
--- a/src/Makefile
+++ b/src/Makefile
@@ -34,6 +34,8 @@ TASN1_LIBS   = $(shell $(PKG_CONFIG) --libs   libtasn1)
 #HOWTOUSE# UNBOUND_LIBS  = $(shell $(PKG_CONFIG) --libs   libunbound)
 QUICKDER_CFLAGS = $(shell $(PKG_CONFIG) --cflags quick-der)
 QUICKDER_LIBS   = $(shell $(PKG_CONFIG) --libs   quick-der)
+KERBEROS_CFLAGS = $(shell krb5-config --cflags)
+KERBEROS_LIBS = $(shell krb5-config --libs)
 
 ifdef WINVER
 CFLAGS += -D_WIN32_WINNT=0x0600 -DATTRIBUTE_UNUSED="" -I ../include/windows

diff --git a/src/starttls.c b/src/starttls.c
index e7fc350..2383dbb 100644 (file)
--- a/src/starttls.c
+++ b/src/starttls.c
@@ -3165,9 +3165,9 @@ static void valexp_Oo_start (void *vcmd, struct valexp *ve, char pred) {
                        valflag = o2vf (online_globaldir_x509 (
                                        rid,
                                        raw->data, raw->size));
-#ifdef GNUTLS_CRT_KRB
+#ifdef HAVE_TLS_KDH
                } else if (cmd->remote_cert_type == GNUTLS_CRT_KRB) {
-                       // Kerberos is sufficiently "live" to always pass O
+                       // Kerberos is sufficiently "live" to be pass O
                        valflag = 1;
                        goto setvalflag;
 #endif

diff --git a/tool/get_localid.c b/tool/get_localid.c
index 0ce1c0e..665a7b2 100644 (file)
--- a/tool/get_localid.c
+++ b/tool/get_localid.c
@@ -30,7 +30,7 @@ const char const *usage =
 "Usage: %s tlspool.conf [user@]fqdn type [outfile.der]\n"
 " - tlspool.conf      is the configuration file for the TLS Pool\n"
 " - user@fqdn or fqdn is a network access identifier\n"
-" - type              X.509,OpenPGP,valexp,client,server,noP11,chained\n"
+" - type              X.509,OpenPGP,Kerberos,valexp,client,server,noP11,chained\n"
 " - outfile.der       optional output file for binary encoded public data\n"
 "Since the public data is stored in a binary format, it will never be printed\n"
 "on stdout; in absense of outfile.der the value is simply not output.\n";

diff --git a/tool/set_localid.c b/tool/set_localid.c
index a4fc960..a3efc13 100644 (file)
--- a/tool/set_localid.c
+++ b/tool/set_localid.c
@@ -32,7 +32,7 @@ const char const *usage =
 "Usage: %s tlspool.conf [user@]fqdn type [p11priv pubdata...]\n"
 " - tlspool.conf      is the configuration file for the TLS Pool\n"
 " - user@fqdn or fqdn is a network access identifier\n"
-" - type              X.509,OpenPGP,valexp,client,server,nop11,chained\n"
+" - type              X.509,OpenPGP,Kerberos,valexp,client,server,nop11,chained\n"
 " - p11priv           is a PKCS #11 URI string for the private key\n"
 " - pubdata           is a file name    string for the public key package\n"
 "The pairs of p11priv and pubdata replace the old content.  An empty list of\n"