[ssh_x509] PKIX-SSH release 10.0

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Feb 25 17:27:44 EET 2017

  Dear All,

I would like to announce availability of new PKIX-SSH release 10.0. This 
new major release enhance support of algorithms described in RFC6187.

* true x509v3-ecdsa-sha2-* algorithms
   Versions before 10.0 incorrectly implement [RFC6187] - public 
key-blob does not include algorithm name and ecdsa signature blob is in 
ASN.1 opaque format.
   New release implement correctly EC X.509 public-key algorithms and 
supports backward compatibility with previous releases.

* x509v3-ssh-*algorithms
   Support x509v3-ssh-rsa and x509v3-ssh-dss algorithms ([RFC6187]) in 
addition to x509v3-sign-rsa and x509v3-sign-dss.
   Note x509v3-sign-* are still preferred.

* demon advertise PKIX-SSH release
   Secure shell sever advertise PKIX-SSH release version in connections 
and logs. Version number could be used to detect capabilities of secure 
shell server.

* support VPN tunnel for Darwin's utun device

* code cleanup
   Completely remove possibility to build without X.509 store.
   Rewrite many methods to use new library style API and mainly to take 
into account public-key algorithm name and compatibilities.

Roumen Petrov

More information about the ssh_x509 mailing list