On Tue, Oct 23, 2007 at 09:42:54PM +0200, Daniel Dehennin wrote:
> Le 5165 Septembre 1993, Kurt Roeckx a tapoté:
> > I have no idea what the state of it is now, but as I understand it,
> > it has been in a broken state for some time.
> >
> > Anyway, I'm afraid I can't enable this without changing the ABI.
>
> What a pity! According to the RFC it should just be another cipher
> suite.
>
> The --with-krb5 configuration option change the ABI of the library ?
>
> How can I test if the ABI is changed between to compiled library ?
The problem is /usr/include/openssl/ssl.h has things like this in the
middle of a struct:
#ifndef OPENSSL_NO_KRB5
unsigned int krb5_client_princ_len;
unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
#endif /* OPENSSL_NO_KRB5 */
[...]
#ifndef OPENSSL_NO_KRB5
KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
#endif /* OPENSSL_NO_KRB5 */
Since those structs are exposed to applications using the library,
they can suddenly try to access the wrong member of the structure if
I change the layout of the structure.
Kurt
