x509 patch for SSH
Ian jonhson
jonhson.ian at gmail.com
Wed Jan 23 07:21:56 EST 2008
BTW, why I can not open the following website again,
http://roumenpetrov.info/openssh/
Is it changed?
On Jan 23, 2008 4:16 AM, Ian jonhson <jonhson.ian at gmail.com> wrote:
> Is the x598 support going to be embedded in mainstream?
>
>
>
> On Jan 19, 2008 10:50 PM, Roumen Petrov <openssh at roumenpetrov.info> wrote:
> > Konstantin V. Gavrilenko wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Roumen,
> > >
> > > one last thing, what exactly does MandatoryCRL option sets?
> > >
> > > Since when it is set to no, the ssh_crl.pem does get checked whether the
> > > cert is revoked or not.
> > > However, when I set it to yes, I get the following error
> > > [SNIP]
> > >
> > > Jan 17 14:46:12 pingo sshd[25026]: error: ssh_x509revoked_cb: unable to
> > > get issued CRL
> > > [SNIP]
> >
> > When MandatoryCRL is no, check for revoked only if CRL is found in X.509 store.
> >
> >
> > When MandatoryCRL option is set and certificate attribute "CRL Distribution Point" is set,
> >
> > corresponding CRL must exist in X.506 store.
> >
> >
> > Roumen
> >
> > --
> > Get X.509 certificates support in OpenSSH:
> > http://roumenpetrov.info/openssh/
> >
> >
> > _______________________________________________
> >
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
>
More information about the openssh-unix-dev
mailing list