Make kerberos ciphersuite code work with newer header files
diff --git a/CHANGES b/CHANGES
index 46db3be..2ff3b83 100644
--- a/CHANGES
+++ b/CHANGES
@@ -780,6 +780,14 @@
Changes between 0.9.7f and 0.9.7g [XX xxx xxxx]
+ *) Fixes for newer kerberos headers. NB: the casts are needed because
+ the 'length' field is signed on one version and unsigned on another
+ with no (?) obvious way to tell the difference, without these VC++
+ complains. Also the "definition" of FAR (blank) is no longer included
+ nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+ some needed definitions.
+ [Steve Henson]
+
*) Undo Cygwin change.
[Ulf Möller]
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 5137889..3afa95f 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -73,6 +73,8 @@
#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
#include <string.h>
+#define KRB5_PRIVATE 1
+
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/objects.h>
@@ -80,6 +82,10 @@
#ifndef OPENSSL_NO_KRB5
+#ifndef ENOMEM
+#define ENOMEM KRB5KRB_ERR_GENERIC
+#endif
+
/*
* When OpenSSL is built on Windows, we do not want to require that
* the Kerberos DLLs be available in order for the OpenSSL DLLs to
@@ -932,7 +938,7 @@
int i;
printf("%s[%d] ", label, kdata->length);
- for (i=0; i < kdata->length; i++)
+ for (i=0; i < (int)kdata->length; i++)
{
if (0 && isprint((int) kdata->data[i]))
printf( "%c ", kdata->data[i]);
@@ -984,14 +990,14 @@
#ifdef KRB5_HEIMDAL
printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
keyblk->keyvalue->length);
- for (i=0; i < keyblk->keyvalue->length; i++)
+ for (i=0; i < (int)keyblk->keyvalue->length; i++)
{
printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
}
printf("\n");
#else
printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
- for (i=0; i < keyblk->length; i++)
+ for (i=0; i < (int)keyblk->length; i++)
{
printf("%02x",keyblk->contents[i]);
}
@@ -1010,12 +1016,12 @@
printf("%s principal Realm: ", label);
if (princ == NULL) return;
- for (ui=0; ui < princ->realm.length; ui++) putchar(princ->realm.data[ui]);
+ for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]);
printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
- for (i=0; i < princ->length; i++)
+ for (i=0; i < (int)princ->length; i++)
{
printf("\t%d [%d]: ", i, princ->data[i].length);
- for (uj=0; uj < princ->data[i].length; uj++) {
+ for (uj=0; uj < (int)princ->data[i].length; uj++) {
putchar(princ->data[i].data[uj]);
}
printf("\n");
diff --git a/ssl/kssl.h b/ssl/kssl.h
index 19a689b..a3d20e1 100644
--- a/ssl/kssl.h
+++ b/ssl/kssl.h
@@ -82,6 +82,12 @@
#ifdef KRB5_HEIMDAL
typedef unsigned char krb5_octet;
#define FAR
+#else
+
+#ifndef FAR
+#define FAR
+#endif
+
#endif
/* Uncomment this to debug kssl problems or
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 28b30fe..4d19637 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1850,8 +1850,8 @@
goto err;
}
- if (n != enc_ticket.length + authenticator.length +
- enc_pms.length + 6)
+ if (n != (long)(enc_ticket.length + authenticator.length +
+ enc_pms.length + 6))
{
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_DATA_LENGTH_TOO_LONG);
