Source: heimdal Version: 7.8.git20221117.28daf24+dfsg-5 Severity: wishlist Hi,
While trying to use PKINIT I've got the following error: #v+ % kinit -D DIR:/etc/ssl/certs/ -C PKCS11:/usr/lib/x86_64-linux-gnu/libykcs11.so PIN code for Yubico YubiKey OTP+FIDO+CCID 00 00: kinit: krb5_get_init_creds: PKINIT: ECDH not supported #v- Looking at the source code, the error is printed when HAVE_HCRYPTO_W_OPENSSL is not defined, which is the case because the source code is configured --without-openssl. Changelog explains this was introduced to fix #440443, but disabling OpenSSL is a bit unfortunate solution to the FTBFS. Could you consider building with OpenSSL support enabled? For the record, PKINIT with RSA certificates works all right. -- System Information: Debian Release: trixie/sid APT prefers stable-security APT policy: (990, 'stable-security'), (990, 'testing'), (500, 'unstable'), (500, 'stable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.7.12-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL), LANGUAGE=pl:en_GB Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- greetz(); // Jarek
signature.asc
Description: PGP signature
