[ssh_x509] PKIX-SSH release 8.8

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Mar 2 00:34:12 EET 2016


I apologize, I was mistaken.

On Tue, Mar 1, 2016 at 2:33 PM, <ssh_x509 at roumenpetrov.info> wrote:

> Thank you for the prompt update.
>
> Unfortunately it appears that the .diff file fails to apply against the
> upstream portable openssh 7.2p1 tarball
>
> On Mon, Feb 29, 2016 at 1:38 PM, <ssh_x509 at roumenpetrov.info> wrote:
>
> > Dear All,
> >
> > I would like to announce immediate availability of PKIX-SSH release 8.8.
> > The version adds:
> > * pkcs11 module support EC keys:
> >   PKCS11 module could use EC based X.509 certificates and keys either
> from
> > command line (ssh -I argument) for from agent (loaded with ssh-add -s
> ...).
> >  PKCS11 engine is still supported but current implementation can not be
> > used in all possible OpenSSL configurations.
> >
> > * improved support of pkcs11 module:
> >   Use context extra data specific to ssh to avoid clash with default
> > context. Note that default context could be used by OpenSSL library
> itself.
> >   RSA method is based exactly on OpenSSL RSA method not default one. Note
> > that default RSA method could be provided by loadable cryptographic
> > module(engine).
> >
> > * builds with upcoming OpenSSL 1.1:
> >   It could be build with 1.1 alpha 1,2 and 3 versions of OpenSSL library.
> >
> > * LDAP tests for Solaris:
> >   Note that build with OpenLDAP is supported only.
> >
> > * includes openssh 7.2p1:
> >   You could build with define EXPERIMENTAL_RSA_SHA2_256 to enable
> > experimental support for rsa-sha2-256 and rsa-sha2-512 public key
> > algorithms. Note that those algorithms are be managed yet with options
> like
> > PubkeyAlgorithms or HostbasedAlgorithms.
> >
> > * configure option compatibility:
> >   Accept bogus openssh arguments --without-openssl and --with-ssh1.
> >   Note that build with --without-openssl will fail as support for X.509
> > certificates requires OpenSSL as cryptographic library. Please use
> > --enable-ssh1 instead ambiguous --with-ssh1.
> >
> >
> > Regards,
> > Roumen Petrov
> >
> > _______________________________________________
> > ssh_x509 mailing list
> > ssh_x509 at roumenpetrov.info
> > http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
> >
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>



More information about the ssh_x509 mailing list