x509 cert chain
Damien Miller
djm at mindrot.org
Fri Nov 5 09:19:18 EST 2010
On Sun, 31 Oct 2010, Damien Miller wrote:
> On Sat, 30 Oct 2010, Peter Stuge wrote:
>
> > Paul Bradley wrote:
> > > I believe the latest OpenSSH builds support x509 certificates
> >
> > Not at all. OpenSSH uses it's own certificate format.
> >
> >
> > > I've found Roumen Petrovs patches and read some of his stuff but I
> > > find it a bit difficult to follow and in any case I'm not sure how
> > > relevant his implementation is to the mainline openssh 5.4/5.5
> > > x509.
> >
> > There is no x509 in OpenSSH mainline. You need the patches if that is
> > what you want.
>
> Yes, Roumen Petrov has maintained some for quite a few years:
>
> http://www.roumenpetrov.info/openssh/
Also, FWIW I will probably try to implement some basic chaining in OpenSSH
certs at some point too.
-d
More information about the openssh-unix-dev
mailing list