[openssh-commits] [openssh] 03/07: upstream: clarify encoding of options/extensions; bz2389

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Dec 7 21:24:05 AEDT 2024 

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 41ab0ccecd68232e196efae5e224b31ca104c423
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Fri Dec 6 16:02:12 2024 +0000

    upstream: clarify encoding of options/extensions; bz2389
    
    OpenBSD-Commit-ID: c4e92356d44dfe6d0a4416deecb33d1d1eba016c
---
 PROTOCOL.certkeys | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 68622e60..0a212c63 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -231,10 +231,15 @@ is a sequence of zero or more tuples:
 Options must be lexically ordered by "name" if they appear in the
 sequence. Each named option may only appear once in a certificate.
 
-The name field identifies the option and the data field encodes
-option-specific information (see below). All options are
-"critical"; if an implementation does not recognise a option,
-then the validating party should refuse to accept the certificate.
+The name field identifies the option. The data field contains
+option-specific information encoded as zero or more values inside
+the string. I.e. an empty data field would be encoded as a zero-
+length string (00 00 00 00), and data field that holds a single
+string value "a" would be encoded as (00 00 00 05 00 00 00 01 65).
+
+All options are "critical"; if an implementation does not recognise
+a option, then the validating party should refuse to accept the
+certificate.
 
 Custom options should append the originating author or organisation's
 domain name to the option name, e.g. "my-option at example.com".
@@ -318,4 +323,4 @@ permit-user-rc          empty         Flag indicating that execution of
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.19 2021/06/05 13:47:00 naddy Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.20 2024/12/06 16:02:12 djm Exp $

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list