1 files changed, 0 insertions, 108 deletions

diff --git a/krb5-1.14.4-SNI-HTTP-Host.patch b/krb5-1.14.4-SNI-HTTP-Host.patch
deleted file mode 100644
index a34faad..0000000
--- a/krb5-1.14.4-SNI-HTTP-Host.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 69c8662190bcd46f2300d0cea139681001ea5b26 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <cheimes@redhat.com>
-Date: Mon, 8 Aug 2016 12:38:17 +0200
-Subject: [PATCH] Add Host HTTP header to MS-KKDCP requests
-
-Some web servers require a Host HTTP header for TLS connections with
-SNI (server name indicator).  It is also required for virtual hosts.
-
-ticket: 8472 (new)
-target_version: 1.14-next
-tags: pullup
----
- src/lib/krb5/os/sendto_kdc.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
-diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
-index c85fdba..a2b7359 100644
---- a/src/lib/krb5/os/sendto_kdc.c
-+++ b/src/lib/krb5/os/sendto_kdc.c
-@@ -78,6 +78,7 @@
- #define MAX_PASS                    3
- #define DEFAULT_UDP_PREF_LIMIT   1465
- #define HARD_UDP_LIMIT          32700 /* could probably do 64K-epsilon ? */
-+#define PORT_LENGTH                 6 /* decimal repr of UINT16_MAX */
- 
- /* Select state flags.  */
- #define SSF_READ 0x01
-@@ -138,6 +139,7 @@ struct conn_state {
-     struct {
-         const char *uri_path;
-         const char *servername;
-+        char port[PORT_LENGTH];
-         char *https_request;
-         k5_tls_handle tls;
-     } http;
-@@ -611,6 +613,8 @@ make_proxy_request(struct conn_state *state, const krb5_data *realm,
-     k5_buf_init_dynamic(&buf);
-     uri_path = (state->http.uri_path != NULL) ? state->http.uri_path : "";
-     k5_buf_add_fmt(&buf, "POST /%s HTTP/1.0\r\n", uri_path);
-+    k5_buf_add_fmt(&buf, "Host: %s:%s\r\n", state->http.servername,
-+                   state->http.port);
-     k5_buf_add(&buf, "Cache-Control: no-cache\r\n");
-     k5_buf_add(&buf, "Pragma: no-cache\r\n");
-     k5_buf_add(&buf, "User-Agent: kerberos/1.0\r\n");
-@@ -673,7 +677,7 @@ static krb5_error_code
- add_connection(struct conn_state **conns, k5_transport transport,
-                krb5_boolean defer, struct addrinfo *ai, size_t server_index,
-                const krb5_data *realm, const char *hostname,
--               const char *uri_path, char **udpbufp)
-+               const char *port, const char *uri_path, char **udpbufp)
- {
-     struct conn_state *state, **tailptr;
- 
-@@ -695,11 +699,13 @@ add_connection(struct conn_state **conns, k5_transport transport,
-         state->service_write = service_tcp_write;
-         state->service_read = service_tcp_read;
-     } else if (transport == HTTPS) {
-+        assert(hostname != NULL && port != NULL);
-         state->service_connect = service_tcp_connect;
-         state->service_write = service_https_write;
-         state->service_read = service_https_read;
-         state->http.uri_path = uri_path;
-         state->http.servername = hostname;
-+        strlcpy(state->http.port, port, PORT_LENGTH);
-     } else {
-         state->service_connect = NULL;
-         state->service_write = NULL;
-@@ -785,7 +791,7 @@ resolve_server(krb5_context context, const krb5_data *realm,
-     struct addrinfo *addrs, *a, hint, ai;
-     krb5_boolean defer;
-     int err, result;
--    char portbuf[64];
-+    char portbuf[PORT_LENGTH];
- 
-     /* Skip UDP entries if we don't want UDP. */
-     if (strategy == NO_UDP && entry->transport == UDP)
-@@ -800,7 +806,7 @@ resolve_server(krb5_context context, const krb5_data *realm,
-         ai.ai_addr = (struct sockaddr *)&entry->addr;
-         defer = (entry->transport != transport);
-         return add_connection(conns, entry->transport, defer, &ai, ind, realm,
--                              NULL, entry->uri_path, udpbufp);
-+                              NULL, NULL, entry->uri_path, udpbufp);
-     }
- 
-     /* If the entry has a specified transport, use it. */
-@@ -826,7 +832,8 @@ resolve_server(krb5_context context, const krb5_data *realm,
-     retval = 0;
-     for (a = addrs; a != 0 && retval == 0; a = a->ai_next) {
-         retval = add_connection(conns, transport, FALSE, a, ind, realm,
--                                entry->hostname, entry->uri_path, udpbufp);
-+                                entry->hostname, portbuf, entry->uri_path,
-+                                udpbufp);
-     }
- 
-     /* For TCP_OR_UDP entries, add each address again with the non-preferred
-@@ -836,7 +843,8 @@ resolve_server(krb5_context context, const krb5_data *realm,
-         for (a = addrs; a != 0 && retval == 0; a = a->ai_next) {
-             a->ai_socktype = socktype_for_transport(transport);
-             retval = add_connection(conns, transport, TRUE, a, ind, realm,
--                                    entry->hostname, entry->uri_path, udpbufp);
-+                                    entry->hostname, portbuf,
-+                                    entry->uri_path, udpbufp);
-         }
-     }
-     freeaddrinfo(addrs);
--- 
-2.8.1
-