[ssh_x509] Consider logging "run in FIPS mode" as DEBUG level message

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Mar 2 23:16:00 EET 2017


Hi Roumen,

Your finding about the missing algorithm name is consistent with what I 
found as well, with the blank "[]" in the Java exception trace...

I also had an issue with SshX509RsaPublicKeyRfc6187 before, though I had 
assumed it was due to the historical reasons in PKIX-SSH you mentioned 
before 
(http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2016q2/000148.html)...or 
is this what you meant by putting a "work-around in PKIX-SSH to accept 
x509v3-ssh-rsa"?  Any chance you could put in a switch to make turn this 
behavior on or, better, let this be the default behavior and have a 
switch to turn on legacy draft-ietf-secsh-transport-12 support?

What is the pkcs#12 file having only one certificate issue?

It looks like you're well on your way with Maverick SSH, but if you're 
interested in my PKIX-SSH/Maverick interop-test code, here it is: 
https://github.com/juniper/netconf-call-home.

I look forward to testing you next release!

Kent







More information about the ssh_x509 mailing list