[Bug 2472] New: Add support to load additional certificates
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Sep 26 02:13:32 AEST 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Bug ID: 2472
Summary: Add support to load additional certificates
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs at mindrot.org
Reporter: thomas.jarosch at intra2net.com
Created attachment 2715
--> https://bugzilla.mindrot.org/attachment.cgi?id=2715&action=edit
Patch part 1/3
Add support to load additional certificates
for already loaded private keys. Useful
if the private key is on a PKCS#11 hardware token.
The private keys inside ssh-agent are now using a refcount
to share the private parts between "Identities".
The reason for this change was that the PKCS#11 code
might have redirected ("wrap") the RSA functions to a hardware token.
We don't want to mess with those internals.
Tested with an OpenGPG card. Patch developed against 6.9p
and applies to original 6.9, too.
Original patch from openssh-unixdev has been split into three smaller
patches for easier review. It has also been updated for version 7.1p1.
(KEY_RSA_CERT_V00 / KEY_DSA_CERT_V00 was removed).
Original submission:
https://marc.info/?l=openssh-unix-dev&m=143792343407993&w=2
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list