x509v3-sign-rsa authentication type...

Kevin Stefanik kstef at mtppi.org
Fri May 9 07:07:22 EST 2003

On Thursday 08 May 2003 02:05 pm, Markus Friedl wrote:
> On Thu, Apr 24, 2003 at 01:48:55PM -0400, Kevin Stefanik wrote:
> > I've seen a variety of patches on the list for supporting the x509v3
> > certificate authentication.   Are there any plans to include any of these
> > in the official openssh?
> perhaps a simpler version.

I've been using Rouen's patch, quite happily, for a couple of weeks now.  The 
simpler patches didn't seem to be as full, e.g., lacking CRLs.  From what I 
saw, most of the complexity was in the x509 store.  The actual changes to 
openssh code didn't seem extreme. Or were they?

Would splitting out the x509 store somehow help?  Maybe there's a way to split 
the patch out into more digestible parts?


More information about the openssh-unix-dev mailing list