Log message:
Remove SRP and Kerberos support from libssl. These are complex protocols
all on their own and we can't effectively maintain them without using them,
which we don't. If the need arises, the code can be resurrected.
Or in Theo's words:
It is crap. Eventually we recognize the risk is to high.
Another relevant commit message, with a fun quote:
Log message:
The complexity and quality of kerberosV and the fact that almost
nobody is using it doesn't justify to have it in base - disable and
remove it. If the 2 two people who use it still want it, they can
make a port or recompile OpenBSD on their own.
There is a quote in theo.c from August 2010: "basically, dung beetles
fucking. that's what kerberosV + openssl is like".
Discussed with many. Tests by henning@ reyk@ and others.
ok deraadt@ henning@
I recommend you take a look at the whole message, it'll give you a vague idea of how big the code base was. Keep in mind that this particular commit was followed by a lot of smaller commits removing remnants of kerberos that had kinda spread all over the system...
I didn't even know there was support for Kerberos in OpenSSl, but it's also under the LibreSSL bullet points as well.