Corrupt KRL file when using multiple CA.
Peter Ankerstål
peter at pean.org
Fri Nov 14 01:25:28 EST 2014
Hi!
It seems to be a problem when I have revoked keys from multiple CAs in
one KRL file.
ssh refuses access and says:
Nov 13 13:32:15 q sshd[35438]: error: buffer_get_string_ptr: bad string
length 268032
Nov 13 13:32:15 q sshd[35438]: error: parse_revoked_certs: buffer error
Nov 13 13:32:15 q sshd[35438]: error: Invalid KRL, refusing public key
authentication
How would I revoke keys from multiple CAs then? if I put multiple
RevokedKeys it only considers one file.
The KRL is generated by:
ssh-keygen -k -u -f revoked_keys.bin -s ca1.pub revoked_keys1
ssh-keygen -k -u -f revoked_keys.bin -s ca2.pub revoked_keys2
revokes_keys[1-2] has the format:
serial: 2134
serial: 2343
serial: 2842
serial: 8795
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3738 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141113/90d354e2/attachment.bin>
More information about the openssh-unix-dev
mailing list