OpenSSH with X.509 certificates support v7.3

Roumen Petrov openssh at roumenpetrov.info
Mon Oct 1 01:58:39 EST 2012


Dear All,

Version 7.3 of X.509 certificates support for OpenSSH is published.

Main updates:
- enable AES cipher in CRT mode for FIPS build
     Build with FIPS enabled OpenSSL now use openssl implementation


- initialization of OpenSSL engines
     Engine initialization is improved and now OpenSSL static engines 
are initialized only once. Double initialization lead to application 
crash in engine cleanup, even without use of engines.  Note that dynamic 
engines are not impacted.


- exclude X.509 regression test
     If SSH_X509TESTS is set to skip, X.509 regression test will not be 
run when is requested regression tests to be run as example:

       make check SSH_X509TESTS=skip


- fips regression test
     Standard regression tests are enhanced with connect-privsep and 
try-ciphers test run in fips mode. Tests could be executed only manually 
as example:

       make FIPS_LTESTS=[name_of_test] REGRESS_TARGETS=f-exec


Yours sincerely,
Roumen Petrov



More information about the openssh-unix-dev mailing list