[ssh_x509] SSHX509 upgrade issue

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Jun 15 12:52:25 EEST 2017


Hi Roumen

yes, its with X509 EC keys and we installed the latest release on both
client and server. the previous one was PKIX-SSH 0.8, although that
installation is on older version

so what should I do to fix this issue ?
is their a way to properly upgrade or we should install it in the  using
configure, make, make install

Regards,
Mudassir

On Tue, Jun 13, 2017 at 11:26 AM, <ssh_x509 at roumenpetrov.info> wrote:

> ssh_x509 at roumenpetrov.info wrote:
>
>> Hi Roumen,
>>
>> I have upgraded SSH x509 from
>>
>> OpenSSH_6.5p1, OpenSSL 1.0.2g  1 Mar 2016
>>
>> to
>>
>> PKIX-SSH 10.2, OpenSSH_7.5p1, OpenSSL 1.0.1f 6 Jan 2014
>>
>>
>> after upgrade, we're getting following error, any ideA ?
>>
>> X509key_from_buf2_common: the number of X.509 certificates exceed
>> limit(813826572 > 100)
>> ssh_dispatch_run_fatal: Connection to 10.10.xx.xx port 2222: invalid
>> format
>>
> Look like mix between "old" and "new" programs .
>
> PKIX-SSH 10.0 implements properly RFC 6187 and adds detection for "broken"
> versions.
> Above could happen if remove version is not detected as broken. Note that
> this impacts only X.509 EC keys.
>
> If is not the case then I need more information for algorithms (key types)
> used as host key (server) advertised server version.
>
> Roumen
>
>
>
> _______________________________________________
> ssh_x509 mailing list
> ssh_x509 at roumenpetrov.info
> http://roumenpetrov.info/mailman/listinfo/ssh_x509_roumenpetrov.info
>


More information about the ssh_x509 mailing list