[Bug 2313] New: Corrupt KRL file when using multiple CA.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Nov 14 18:25:09 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2313
Bug ID: 2313
Summary: Corrupt KRL file when using multiple CA.
Product: Portable OpenSSH
Version: 6.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: peter at pean.org
When I have a KRL containing revokations from multiple CA it gets
corrupted some way. sshd cant read it.
This is what sshd says:
debug1: KRL version 0 generated at 20141114T080704
debug3: ssh_krl_from_blob: first pass, section 0x01
debug3: ssh_krl_from_blob: first pass, section 0x01
debug3: ssh_krl_from_blob: second pass, section 0x01
debug3: parse_revoked_certs: subsection type 0x20
debug3: revoked_certs_for_ca_key: new CA RSA
debug3: parse_revoked_certs: subsection type 0x22
debug3: parse_revoked_certs: subsection type 0x20
debug3: ssh_krl_from_blob: second pass, section 0x01
debug3: parse_revoked_certs: subsection type 0x20
debug3: parse_revoked_certs: subsection type 0x22
debug3: parse_revoked_certs: subsection type 0x20
buffer_get_string_ptr: bad string length 268032
parse_revoked_certs: buffer error
Invalid KRL, refusing public key authentication
I generated the KRL using two textfiles containing
multiple serial: <serial> lines like this:
ssh-keygen -k -u -f revoked_keys.bin -s ca1.pub revoked_keys1
ssh-keygen -k -u -f revoked_keys.bin -s ca2.pub revoked_keys2
I have tried to remove the revoked_keys.bin and generate a new one
without success. I even tried revoking from ca2 first and then ca1..
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list