Currently if a WSMan target has set Auth/CbtHardeningLevel = Strict then OMI will fail to connect over HTTPS when using Negotiate/Kerberos. This is because the current code does not pass in the necessary structure to GSSAPI that binds the auth with the TLS channel that the CBT check is for.
This PR retrieves the CBT data for GSSAPI if possible and makes sure it's passed into gss_init_sec_context if available. It also rejigs some of the SSL connection code in preparation for cert verification that I'm hoping to look into next.
Currently if a WSMan target has set
Auth/CbtHardeningLevel = Strictthen OMI will fail to connect over HTTPS when using Negotiate/Kerberos. This is because the current code does not pass in the necessary structure to GSSAPI that binds the auth with the TLS channel that the CBT check is for.This PR retrieves the CBT data for GSSAPI if possible and makes sure it's passed into
gss_init_sec_contextif available. It also rejigs some of the SSL connection code in preparation for cert verification that I'm hoping to look into next.TODO: