[Bug 2472] New: Add support to load additional certificates

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Sep 26 02:13:32 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2472

            Bug ID: 2472
           Summary: Add support to load additional certificates
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-agent
          Assignee: unassigned-bugs at mindrot.org
          Reporter: thomas.jarosch at intra2net.com

Created attachment 2715
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2715&action=edit
Patch part 1/3

Add support to load additional certificates
for already loaded private keys. Useful
if the private key is on a PKCS#11 hardware token.

The private keys inside ssh-agent are now using a refcount
to share the private parts between "Identities".
The reason for this change was that the PKCS#11 code
might have redirected ("wrap") the RSA functions to a hardware token.
We don't want to mess with those internals.

Tested with an OpenGPG card. Patch developed against 6.9p
and applies to original 6.9, too.

Original patch from openssh-unixdev has been split into three smaller
patches for easier review. It has also been updated for version 7.1p1.
(KEY_RSA_CERT_V00 / KEY_DSA_CERT_V00 was removed).

Original submission:
https://marc.info/?l=openssh-unix-dev&m=143792343407993&w=2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list