[ssh_x509] SSHX509 upgrade issue

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue Jun 13 09:26:50 EEST 2017

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
> I have upgraded SSH x509 from
> OpenSSH_6.5p1, OpenSSL 1.0.2g  1 Mar 2016
> to
> PKIX-SSH 10.2, OpenSSH_7.5p1, OpenSSL 1.0.1f 6 Jan 2014
> after upgrade, we're getting following error, any ideA ?
> X509key_from_buf2_common: the number of X.509 certificates exceed
> limit(813826572 > 100)
> ssh_dispatch_run_fatal: Connection to 10.10.xx.xx port 2222: invalid format
Look like mix between "old" and "new" programs .

PKIX-SSH 10.0 implements properly RFC 6187 and adds detection for "broken" versions.
Above could happen if remove version is not detected as broken. Note that this impacts only X.509 EC keys.

If is not the case then I need more information for algorithms (key types) used as host key (server) advertised server version.


More information about the ssh_x509 mailing list