OpenSSH with X.509 certificates support v7.3
Roumen Petrov
openssh at roumenpetrov.info
Mon Oct 1 01:58:39 EST 2012
Dear All,
Version 7.3 of X.509 certificates support for OpenSSH is published.
Main updates:
- enable AES cipher in CRT mode for FIPS build
Build with FIPS enabled OpenSSL now use openssl implementation
- initialization of OpenSSL engines
Engine initialization is improved and now OpenSSL static engines
are initialized only once. Double initialization lead to application
crash in engine cleanup, even without use of engines. Note that dynamic
engines are not impacted.
- exclude X.509 regression test
If SSH_X509TESTS is set to skip, X.509 regression test will not be
run when is requested regression tests to be run as example:
make check SSH_X509TESTS=skip
- fips regression test
Standard regression tests are enhanced with connect-privsep and
try-ciphers test run in fips mode. Tests could be executed only manually
as example:
make FIPS_LTESTS=[name_of_test] REGRESS_TARGETS=f-exec
Yours sincerely,
Roumen Petrov
More information about the openssh-unix-dev
mailing list