[Bug 2313] Corrupt KRL file when using multiple CA.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Dec 11 11:32:00 EST 2014


https://bugzilla.mindrot.org/show_bug.cgi?id=2313

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
             Blocks|                            |2266
                 CC|                            |djm at mindrot.org
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Fixed in -current and will be released in OpenSSH 6.8:

> commit 9f9fad0191028edc43d100d0ded39419b6895fdf
> Author: djm at openbsd.org <djm at openbsd.org>
> Date:   Mon Nov 17 00:21:40 2014 +0000
> 
>     upstream commit
>     
>     fix KRL generation when multiple CAs are in use
>     
>     We would generate an invalid KRL when revoking certs by serial
>     number for multiple CA keys due to a section being written out
>     twice.
>     
>     Also extend the regress test to catch this case by having it
>     produce a multi-CA KRL.
>     
>     Reported by peter AT pean.org

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list