[Bug 3613] Unable to sign using certificates and PKCS#11

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 21 22:51:37 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3613

--- Comment #3 from aim at orbit.online ---
Created attachment 3734
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3734&action=edit
Self-contained testscript for cert signing via HSM

First of all thank you for the quick response and a potential fix! And
second of all my apologies on dragging my feet to get this tested!

OK. So it still fails with "process_sign_request2: RSA-CERT key not
found". However, I'm 50/50 on whether I'm using ssh-keygen correctly.
It's a... rather large tool :-)

I have attached a testing script that applies your patch and then tests
everything automatically using SoftHSMv2. It's self-contained and
cleans up after itself. So you should be able to just run it (if you
have docker installed).

Do note that I'm applying the patch to and testing with 9.0p1, which is
the latest version available on Ubuntu. The patch applies cleanly, so I
don't think that that's the issue.

p.s.: Even though the script is a bit quick & dirty I hope this is
usable as a template for an eventual regression test :-)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list