Make kerberos ciphersuite code work with newer header files

diff --git a/CHANGES b/CHANGES
index 46db3be250be9ff776ed5c080d46f89e504e78ab..2ff3b83698cbc93357e60935c1121b10afab17db 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -780,6 +780,14 @@
 
  Changes between 0.9.7f and 0.9.7g  [XX xxx xxxx]
 
+  *) Fixes for newer kerberos headers. NB: the casts are needed because
+     the 'length' field is signed on one version and unsigned on another
+     with no (?) obvious way to tell the difference, without these VC++
+     complains. Also the "definition" of FAR (blank) is no longer included
+     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+     some needed definitions.
+     [Steve Henson]
+
   *) Undo Cygwin change.
      [Ulf Möller]
 

diff --git a/ssl/kssl.c b/ssl/kssl.c
index 51378897f6e244ce20b282b7ed0ca4f6bae6222f..3afa95f3fad7f2a194afe03e4cd1ef0326f2306c 100644 (file)
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -73,6 +73,8 @@
 #undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
 #include <string.h>
 
+#define KRB5_PRIVATE   1
+
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -80,6 +82,10 @@
 
 #ifndef OPENSSL_NO_KRB5
 
+#ifndef ENOMEM
+#define ENOMEM KRB5KRB_ERR_GENERIC
+#endif
+
 /* 
  * When OpenSSL is built on Windows, we do not want to require that
  * the Kerberos DLLs be available in order for the OpenSSL DLLs to
@@ -932,7 +938,7 @@ print_krb5_data(char *label, krb5_data *kdata)
        int i;
 
        printf("%s[%d] ", label, kdata->length);
-       for (i=0; i < kdata->length; i++)
+       for (i=0; i < (int)kdata->length; i++)
                 {
                if (0 &&  isprint((int) kdata->data[i]))
                         printf(        "%c ",  kdata->data[i]);
@@ -984,14 +990,14 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
 #ifdef KRB5_HEIMDAL
        printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
                                           keyblk->keyvalue->length);
-       for (i=0; i < keyblk->keyvalue->length; i++)
+       for (i=0; i < (int)keyblk->keyvalue->length; i++)
                 {
                printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
                }
        printf("\n");
 #else
        printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
-       for (i=0; i < keyblk->length; i++)
+       for (i=0; i < (int)keyblk->length; i++)
                 {
                printf("%02x",keyblk->contents[i]);
                }
@@ -1010,12 +1016,12 @@ print_krb5_princ(char *label, krb5_principal_data *princ)
 
        printf("%s principal Realm: ", label);
        if (princ == NULL)  return;
-       for (ui=0; ui < princ->realm.length; ui++)  putchar(princ->realm.data[ui]);
+       for (ui=0; ui < (int)princ->realm.length; ui++)  putchar(princ->realm.data[ui]);
        printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
-       for (i=0; i < princ->length; i++)
+       for (i=0; i < (int)princ->length; i++)
                 {
                printf("\t%d [%d]: ", i, princ->data[i].length);
-               for (uj=0; uj < princ->data[i].length; uj++)  {
+               for (uj=0; uj < (int)princ->data[i].length; uj++)  {
                        putchar(princ->data[i].data[uj]);
                        }
                printf("\n");

diff --git a/ssl/kssl.h b/ssl/kssl.h
index 19a689b089b7eb74199afa515e98eb71735c92e3..a3d20e1ccbdc303f5a7522f6ef2e2f8d9d2930d8 100644 (file)
--- a/ssl/kssl.h
+++ b/ssl/kssl.h
@@ -82,6 +82,12 @@ extern "C" {
 #ifdef KRB5_HEIMDAL
 typedef unsigned char krb5_octet;
 #define FAR
+#else
+
+#ifndef FAR
+#define FAR
+#endif
+
 #endif
 
 /*     Uncomment this to debug kssl problems or

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 28b30fec237ef57d677f3ff50a78f535c735fabd..4d196371ec282687d2ad532b7574b344918357b0 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1850,8 +1850,8 @@ static int ssl3_get_client_key_exchange(SSL *s)
                        goto err;
                        }
 
-               if (n != enc_ticket.length + authenticator.length +
-                                               enc_pms.length + 6)
+               if (n != (long)(enc_ticket.length + authenticator.length +
+                                               enc_pms.length + 6))
                        {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
                                SSL_R_DATA_LENGTH_TOO_LONG);