[ssh_x509] pkixssh-8.0b0 and ECDSA public key algorithm for SSH (RFC 6187)

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Feb 8 23:41:17 EET 2014


Hi Mudassir

Now I have time to process my mail box.

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
>
> Many thanks for  writing ECC X509 beta patch and prompt reply.  I am
> getting following error
>
> ssh_x509store_cb:
> subject='CN=ssh-x509.confidential.net,OU=admin,O=confidential',
> error 20 at 0 depth lookup:unable to get local issuer certificate
> ssh_verify_cert: verify error, code=20, msg='unable to get local issuer
> certificate'
> key_verify failed for server_host_key
I'm not sure that error is related to ECC support .
At least root certificate must be located in CACertificateFile or 
CACertificatePath.
Note User... configuration in addtion for client.


> Also its seems that patches are already applied in pkixssh-8.0b0, please
> correct me if i am wrong. Also find detailed logs and config in attached
> file.
Yes,

> Regards,
> Mudassir Aftab


Roumen


-- 
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/





More information about the ssh_x509 mailing list