Add HTTPS patches from masterkrb5-1.12.2-6.fc21

Pull in a stack of patches to add support for accessing servers via
HTTPS proxies, such as python-kdcproxy or the KDC Proxy Service on a
properly-outfitted Windows box.  Pull in the patch to move the logic out
of libkrb5 proper and into a loadable plugin to avoid linking our local
applications against our libkrb5 against libssl against the installed
copy of libgssapi_krb5 and our local libkrb5support.  Adjust a couple of
other patches to apply correctly after them.

1 files changed, 0 insertions, 32 deletions

diff --git a/krb5-1.10-kpasswd_tcp.patch b/krb5-1.10-kpasswd_tcp.patch
deleted file mode 100644
index fd8da8e..0000000
--- a/krb5-1.10-kpasswd_tcp.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Fall back to TCP on kdc-unresolvable/unreachable errors.  We still have
-to wait for UDP to fail, so this might not be ideal.  RT #5868.
-
---- krb5/src/lib/krb5/os/changepw.c
-+++ krb5/src/lib/krb5/os/changepw.c
-@@ -270,10 +270,22 @@ change_set_password(krb5_context context
-                          &callback_info, &chpw_rep, ss2sa(&remote_addr),
-                          &addrlen, NULL, NULL, NULL);
-         if (code) {
--            /*
--             * Here we may want to switch to TCP on some errors.
--             * right?
--             */
-+            /* if we're not using a stream socket, and it's an error which
-+             * might reasonably be specific to a datagram "connection", try
-+             * again with a stream socket */
-+            if (!use_tcp) {
-+                switch (code) {
-+                case KRB5_KDC_UNREACH:
-+                case KRB5_REALM_CANT_RESOLVE:
-+                case KRB5KRB_ERR_RESPONSE_TOO_BIG:
-+                /* should we do this for more result codes than these? */
-+                    k5_free_serverlist (&sl);
-+                    use_tcp = 1;
-+                    continue;
-+                default:
-+                    break;
-+                }
-+            }
-             break;
-         }
-