[ssh_x509] X.509 certificates support version 7.7

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Nov 14 20:03:27 EET 2013


Hi Roumen,

I noticed your last item regarding preparing code for RFC6187. FWIW, I 
also know that the J2SSH Maverick project has started adding support for 
RFC6187.

BTW, I did previously get an OpenSSH server running your patch and a 
J2SSH Maverick based client to interoperate using the "x509v3-sign-rsa" 
hostkey defined by draft-saarenmaa-ssh-x509-00.    I'll check again 
using a RFC6187 key, probably a x509v3-ecdsa-sha2 key, once both 
projects support RFC6187.

Thanks,
Kent



On 11/9/13 4:12 PM, ssh_x509 at roumenpetrov.info wrote:
> Dear All,
>
>
> Version 7.6 is now available for download with following updates
>
> - based on OpenSSH version 6.4p1
>   See OpenSSH security advisory: gcmrekey.adv.
>
> - allow use of internal AES-CTR in FIPS mode
>   This will allow use of AES-CTR in FIPS on systems where AES-CRT in
> not available. For instance systems with custom FIPS validated OpenSSL
> based on 1.0.0.
>
> - build with kerberos enabled openssl
>   Kerberos support is not enabled by default and if is not explicitly
> requested
> (--with-kerberos5) at configure time build fail if openssl support
> kerberos.
>   Now users could build ssh either with or without kerberos support.
>   In addition dependency of ssl library for some executable, like
> ssh-keygen was removed. Remark: ssl library is required if OCSP is
> enabled.
>
> - basic support for certificate chain
>   Preparation of code for keys format described in RFC6187 .
>
>
> Yours sincerely,
> Roumen Petrov
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info





More information about the ssh_x509 mailing list