x509 patch for SSH

Ian jonhson jonhson.ian at gmail.com
Wed Jan 23 07:16:09 EST 2008


Is the x598 support going to be embedded in mainstream?


On Jan 19, 2008 10:50 PM, Roumen Petrov <openssh at roumenpetrov.info> wrote:
> Konstantin V. Gavrilenko wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Roumen,
> >
> > one last thing, what exactly does MandatoryCRL option sets?
> >
> > Since when it is set to no, the ssh_crl.pem does get checked whether the
> > cert is revoked or not.
> > However, when I set it to yes, I get the following error
> > [SNIP]
> >
> > Jan 17 14:46:12 pingo sshd[25026]: error: ssh_x509revoked_cb: unable to
> > get issued CRL
> > [SNIP]
>
> When MandatoryCRL is no, check for revoked only if CRL is found in X.509 store.
>
>
> When MandatoryCRL option is set and certificate attribute "CRL Distribution Point" is set,
>
> corresponding CRL must exist in X.506 store.
>
>
> Roumen
>
> --
> Get X.509 certificates support in OpenSSH:
> http://roumenpetrov.info/openssh/
>
>
> _______________________________________________
>
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list