Sergio Gelato <[EMAIL PROTECTED]> writes: > Russ Allbery wrote: >> It looks like this only fails when gss_init_sec_context returns an >> error, and RFC 2744 isn't entirely clear on whether the output token is >> supposed to be initialized in that case, but I can certainly see the >> convenience argument for doing so.
> I find the example code in RFC 2744 section 5.19 to be perfectly clear: > the value of output_token->length is used even when GSS_ERROR(maj_stat) > is true. I'm not aware of any stipulation to the effect that examples in > RFCs aren't normative; and in any case it would be bad form to use a > buggy example without labelling it as such. Oh, very good point. For some reason, I didn't study the example, but indeed it shows a calling convention that requires the output token to be initialized. Sam, unless you say otherwise, I'm going to patch the generic layer of the GSSAPI library to always initialize the output token and submit the patch to the Kerberos RT. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
