[ssh_x509] PKIX-SSH release 8.8

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Mar 2 00:33:15 EET 2016


Thank you for the prompt update.

Unfortunately it appears that the .diff file fails to apply against the
upstream portable openssh 7.2p1 tarball

On Mon, Feb 29, 2016 at 1:38 PM, <ssh_x509 at roumenpetrov.info> wrote:

> Dear All,
>
> I would like to announce immediate availability of PKIX-SSH release 8.8.
> The version adds:
> * pkcs11 module support EC keys:
>   PKCS11 module could use EC based X.509 certificates and keys either from
> command line (ssh -I argument) for from agent (loaded with ssh-add -s ...).
>  PKCS11 engine is still supported but current implementation can not be
> used in all possible OpenSSL configurations.
>
> * improved support of pkcs11 module:
>   Use context extra data specific to ssh to avoid clash with default
> context. Note that default context could be used by OpenSSL library itself.
>   RSA method is based exactly on OpenSSL RSA method not default one. Note
> that default RSA method could be provided by loadable cryptographic
> module(engine).
>
> * builds with upcoming OpenSSL 1.1:
>   It could be build with 1.1 alpha 1,2 and 3 versions of OpenSSL library.
>
> * LDAP tests for Solaris:
>   Note that build with OpenLDAP is supported only.
>
> * includes openssh 7.2p1:
>   You could build with define EXPERIMENTAL_RSA_SHA2_256 to enable
> experimental support for rsa-sha2-256 and rsa-sha2-512 public key
> algorithms. Note that those algorithms are be managed yet with options like
> PubkeyAlgorithms or HostbasedAlgorithms.
>
> * configure option compatibility:
>   Accept bogus openssh arguments --without-openssl and --with-ssh1.
>   Note that build with --without-openssl will fail as support for X.509
> certificates requires OpenSSL as cryptographic library. Please use
> --enable-ssh1 instead ambiguous --with-ssh1.
>
>
> Regards,
> Roumen Petrov
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>



More information about the ssh_x509 mailing list