[ssh_x509] Segfault with ECDSA

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Nov 23 15:23:34 EET 2012


No patch was attached to that email (and I cannot find anything on download
page)!

Andrew

On Fri, Nov 23, 2012 at 01:53:22AM +0200, SSH X509 wrote:
> ssh_x509 at roumenpetrov.info wrote:
> >Hi,
> >
> >If I compile openssh 6.1p1 with openssl 1.0.1c and your patch, and use a CA
> >that has an ECDSA signature, then the client crashes when using an engine.
> >The problem appears to be that ssh_x509_sign returns with an error and then
> >X509_free fails on cleanup.
> >
> >I guess the underlying problem is that you simply do not support ECDSA?  (so I
> >am not giving a lot of details, as I think this error is "expected").
> No crash is not expected. Please could you test with attached patch
> "0011-engine-do-not-load-certificate-if-key-is-not-support.patch" .
> 
> >If so, do you plan to support ECDSA at some point?
> 
> Yes, but progress is slow.
> First I will post one release from 7.x series, then I would like in
> 8.0 to implement x509v3-ssh-{dss|rsa} public key algorithms from RFC
> 6187 and after this
> in 8.1 x509v3-ecdsa-sha2-* .
> 
> >Thanks,
> >Andrew
> Roumen

> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info





More information about the ssh_x509 mailing list