[ssh_x509] pkixssh-8.0b2 source pack - X.509 EC key support - RFC6187

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue May 20 23:51:58 EEST 2014


Hello All,

I would like to announce availability of next beta for of ssh with X.509 
certificate support  version 8.0.
http://roumenpetrov.info/openssh/test-packs/pkixssh-8.0b2_20140518.tgz

This version includes improved support for ECDSA public key algorithm 
for SSH (RFC 6187) :

a) fix name of  x509v3-ecdsa-sha2-* signature .
Now definition is changed to :
   X509KeyAlgorithm x509v3-ecdsa-sha2-nistp256,sha256,ecdsa-sha2-nistp256
   X509KeyAlgorithm x509v3-ecdsa-sha2-nistp384,sha384,ecdsa-sha2-nistp384
   X509KeyAlgorithm x509v3-ecdsa-sha2-nistp521,sha512,ecdsa-sha2-nistp521
Previous beta versions use incorrect name  x509v3-ecdsa-sha2-...

b) redesign configure option --enable-x509v3-ecdsa
Now above defined X509KeyAlgorithm is not enabled by default
Previous beta versions disable support for X.509 EC keys.

c) documentation
Manual pages are updated to mention support for X.509 ECDSA keys 
described in  RFC 6187 .


As basis for second beta is used  version 7.9 of X.509 certificate 
support based on openssh 6.6p1 with applied all patches from 
sub-directories +8.0b0, +8.0b1 and +8.0b2.
The source tree is prepared for distribution  (autoreconf and etc.) .


Regards,
Roumen Petrov




More information about the ssh_x509 mailing list