[MS-BKRP] backupkey server and GnuTLS

Andreas Schneider asn at samba.org
Thu Nov 12 11:04:26 UTC 2015


I've started to migrate the backupkey server implementation to GnuTLS.


The 5 patches before the TODO patch are working and pass the tests. They can 
be pushed upstream.

To move on we have an issue. GnuTLS doesn't provide a function to set the 
issuer unique id on a certificate. There is also no workaround because the 
flag is cleared before singing. The function will be added to the next GnuTLS 

The bug for that is:


As soon as the function is available I will add functions to use GnuTLS, if 
not we will use the existing heimdal code. This means with a MIT KDC build you 
will need a recent GnuTLS release.


	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the samba-technical mailing list