History log of /freebsd-head/crypto/heimdal/lib/hx509/
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
46d1f3a998f71e6e35c685e92b760f5488d6c82a 05-Oct-2018 jhb <jhb@FreeBSD.org> Update the existing heimdal implementation for OpenSSL 1.1.

Existing work is underway to import a newer version of heimdal, but
this patchset gets us to a fully working tree to enable more wide
spread testing of OpenSSL 1.1 for now.

I've also enabled WARNS=1 for kerberos (which is the reason for the
change in libroken). Having -Werror enabled was useful during the
1.1 updates and we probably should have warnings enabled by default
for kerberos anyway.

This passes make tinderbox, and I have also done some very light
runtime testing on amd64.

Reviewed by: bjk, jkim, emaste
Differential Revision: https://reviews.freebsd.org/D17276
rypto.c
xtool.c
s_file.c
s_p11.c
a5b76e1c59f2936b0fda4076a27b4a51f6397e46 22-Aug-2016 emaste <emaste@FreeBSD.org> Remove duplicate symbol from libhx509 version-script.map

Upstream commit r21331 (7758a5d0) added semiprivate function
_hx509_request_to_pkcs10 twice. This change has been committed upstream
as 8ef0071d.
ersion-script.map
e98d05b4f007c4c6849229bc6c5f1586d0207896 08-Apr-2012 stas <stas@FreeBSD.org> - Update FreeBSD's Heimdal distribution to 1.5.2. This is a bugfix
release, which fixes a DoS issue in libkrb5.
el-lex.l
e7e0b349883e80d63c4e856f16351aaa6607766d 22-Mar-2012 stas <stas@FreeBSD.org> - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.

We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.

- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.

- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c 29-Sep-2011 stas <stas@FreeBSD.org> - Flatten the vendor heimdal tree.
hangeLog
akefile.am
akefile.in
a.c
ert.c
ms.c
ollector.c
rmf.asn1
rypto.c
ata/bleichenbacher-bad.pem
ata/bleichenbacher-good.pem
ata/bleichenbacher-sf-pad-correct.pem
ata/ca.crt
ata/ca.key
ata/crl1.crl
ata/crl1.der
ata/gen-req.sh
ata/j.pem
ata/kdc.crt
ata/kdc.key
ata/key.der
ata/key2.der
ata/nist-data
ata/nist-data2
ata/no-proxy-test.crt
ata/no-proxy-test.key
ata/ocsp-req1.der
ata/ocsp-req2.der
ata/ocsp-resp1-2.der
ata/ocsp-resp1-3.der
ata/ocsp-resp1-ca.der
ata/ocsp-resp1-keyhash.der
ata/ocsp-resp1-ocsp-no-cert.der
ata/ocsp-resp1-ocsp.der
ata/ocsp-resp1.der
ata/ocsp-resp2.der
ata/ocsp-responder.crt
ata/ocsp-responder.key
ata/openssl.cnf
ata/pkinit-proxy-chain.crt
ata/pkinit-proxy.crt
ata/pkinit-proxy.key
ata/pkinit-pw.key
ata/pkinit.crt
ata/pkinit.key
ata/proxy-level-test.crt
ata/proxy-level-test.key
ata/proxy-test.crt
ata/proxy-test.key
ata/proxy10-child-child-test.crt
ata/proxy10-child-child-test.key
ata/proxy10-child-test.crt
ata/proxy10-child-test.key
ata/proxy10-test.crt
ata/proxy10-test.key
ata/revoke.crt
ata/revoke.key
ata/sf-class2-root.pem
ata/static-file
ata/sub-ca.crt
ata/sub-ca.key
ata/sub-cert.crt
ata/sub-cert.key
ata/sub-cert.p12
ata/test-ds-only.crt
ata/test-ds-only.key
ata/test-enveloped-aes-128
ata/test-enveloped-aes-256
ata/test-enveloped-des
ata/test-enveloped-des-ede3
ata/test-enveloped-rc2-128
ata/test-enveloped-rc2-40
ata/test-enveloped-rc2-64
ata/test-ke-only.crt
ata/test-ke-only.key
ata/test-nopw.p12
ata/test-pw.key
ata/test-signed-data
ata/test-signed-data-noattr
ata/test-signed-data-noattr-nocerts
ata/test.combined.crt
ata/test.crt
ata/test.key
ata/test.p12
ata/yutaka-pad-broken-ca.pem
ata/yutaka-pad-broken-cert.pem
ata/yutaka-pad-ok-ca.pem
ata/yutaka-pad-ok-cert.pem
ata/yutaka-pad.key
oxygen.c
nv.c
rror.c
ile.c
x509-private.h
x509-protos.h
x509.h
x509_err.et
x_locl.h
xtool-commands.in
xtool.c
eyset.c
s_dir.c
s_file.c
s_keychain.c
s_mem.c
s_null.c
s_p11.c
s_p12.c
ock.c
ame.c
csp.asn1
eer.c
kcs10.asn1
rint.c
ef/pkcs11.h
eq.c
evoke.c
oftp11.c
est_ca.in
est_cert.in
est_chain.in
est_cms.in
est_crypto.in
est_java_pkcs11.in
est_name.c
est_nist.in
est_nist2.in
est_nist_cert.in
est_nist_pkcs12.in
est_pkcs11.in
est_query.in
est_req.in
est_soft_pkcs11.c
est_windows.in
st-crypto-available1
st-crypto-available2
st-crypto-available3
st-crypto-select
st-crypto-select1
st-crypto-select2
st-crypto-select3
st-crypto-select4
st-crypto-select5
st-crypto-select6
st-crypto-select7
ersion-script.map
51b6601db456e699ea5d4843cbc7239ee92d9c13 07-May-2008 dfr <dfr@FreeBSD.org> Vendor import of Heimdal 1.1
hangeLog
akefile.am
akefile.in
a.c
ert.c
ms.c
ollector.c
rmf.asn1
rypto.c
ata/bleichenbacher-bad.pem
ata/bleichenbacher-good.pem
ata/bleichenbacher-sf-pad-correct.pem
ata/ca.crt
ata/ca.key
ata/crl1.crl
ata/crl1.der
ata/gen-req.sh
ata/j.pem
ata/kdc.crt
ata/kdc.key
ata/key.der
ata/key2.der
ata/nist-data
ata/nist-data2
ata/no-proxy-test.crt
ata/no-proxy-test.key
ata/ocsp-req1.der
ata/ocsp-req2.der
ata/ocsp-resp1-2.der
ata/ocsp-resp1-3.der
ata/ocsp-resp1-ca.der
ata/ocsp-resp1-keyhash.der
ata/ocsp-resp1-ocsp-no-cert.der
ata/ocsp-resp1-ocsp.der
ata/ocsp-resp1.der
ata/ocsp-resp2.der
ata/ocsp-responder.crt
ata/ocsp-responder.key
ata/openssl.cnf
ata/pkinit-proxy-chain.crt
ata/pkinit-proxy.crt
ata/pkinit-proxy.key
ata/pkinit-pw.key
ata/pkinit.crt
ata/pkinit.key
ata/proxy-level-test.crt
ata/proxy-level-test.key
ata/proxy-test.crt
ata/proxy-test.key
ata/proxy10-child-child-test.crt
ata/proxy10-child-child-test.key
ata/proxy10-child-test.crt
ata/proxy10-child-test.key
ata/proxy10-test.crt
ata/proxy10-test.key
ata/revoke.crt
ata/revoke.key
ata/sf-class2-root.pem
ata/static-file
ata/sub-ca.crt
ata/sub-ca.key
ata/sub-cert.crt
ata/sub-cert.key
ata/sub-cert.p12
ata/test-ds-only.crt
ata/test-ds-only.key
ata/test-enveloped-aes-128
ata/test-enveloped-aes-256
ata/test-enveloped-des
ata/test-enveloped-des-ede3
ata/test-enveloped-rc2-128
ata/test-enveloped-rc2-40
ata/test-enveloped-rc2-64
ata/test-ke-only.crt
ata/test-ke-only.key
ata/test-nopw.p12
ata/test-pw.key
ata/test-signed-data
ata/test-signed-data-noattr
ata/test-signed-data-noattr-nocerts
ata/test.combined.crt
ata/test.crt
ata/test.key
ata/test.p12
ata/yutaka-pad-broken-ca.pem
ata/yutaka-pad-broken-cert.pem
ata/yutaka-pad-ok-ca.pem
ata/yutaka-pad-ok-cert.pem
ata/yutaka-pad.key
oxygen.c
nv.c
rror.c
ile.c
x509-private.h
x509-protos.h
x509.h
x509_err.et
x_locl.h
xtool-commands.in
xtool.c
eyset.c
s_dir.c
s_file.c
s_keychain.c
s_mem.c
s_null.c
s_p11.c
s_p12.c
ock.c
ame.c
csp.asn1
eer.c
kcs10.asn1
rint.c
ef/pkcs11.h
eq.c
evoke.c
oftp11.c
est_ca.in
est_cert.in
est_chain.in
est_cms.in
est_crypto.in
est_java_pkcs11.in
est_name.c
est_nist.in
est_nist2.in
est_nist_cert.in
est_nist_pkcs12.in
est_pkcs11.in
est_query.in
est_req.in
est_soft_pkcs11.c
est_windows.in
st-crypto-available1
st-crypto-available2
st-crypto-available3
st-crypto-select
st-crypto-select1
st-crypto-select2
st-crypto-select3
st-crypto-select4
st-crypto-select5
st-crypto-select6
st-crypto-select7
ersion-script.map