[ssh_x509] openssh X509 map CN with SSH_MSG_USERAUTH_REQUEST

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Nov 29 14:05:18 EET 2012


ssh_x509 at roumenpetrov.info wrote:
> Hi,
>
> If I compile openssh 6.1p1 with openssl 1.0.1c and your patch, and use a CA
> that has an ECDSA signature, then the client crashes when using an engine.
> The problem appears to be that ssh_x509_sign returns with an error and then
> X509_free fails on cleanup.
>
> I guess the underlying problem is that you simply do not support ECDSA?  (so I
> am not giving a lot of details, as I think this error is "expected").
No crash is not expected. Please could you test with attached patch 
"0011-engine-do-not-load-certificate-if-key-is-not-support.patch" .

> If so, do you plan to support ECDSA at some point?

Yes, but progress is slow.
First I will post one release from 7.x series, then I would like in 8.0 
to implement x509v3-ssh-{dss|rsa} public key algorithms from RFC 6187 
and after this
in 8.1 x509v3-ecdsa-sha2-* .

> Thanks,
> Andrew
Roumen


More information about the ssh_x509 mailing list