[ssh_x509] PKIX-SSH release 11.6

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue Dec 18 21:37:00 EET 2018

Hello all,

Release 11.6 tarball is available for download. It address mainly 
critical issues with Android support.

Short list with important updates ( 
https://roumenpetrov.info/secsh/#news20181218 ):

* improved compatibility with OpenSSL 1.1+ APIs
   Code base is updated to use methods compatible with recent OpenSSL 
API. Also update replace references to SSLeay*. This allows build with 
OpenSSL that deprecate backward compatibility API.
   Note PKIX-SSH requires as minimum OpenSSL 0.9.7 and in this release 
completely removes test and work-around for earlier version.

* remote exit on signal
   Client process "exit-signal" received from server in ssh channel 
message and exits with code "signal number"+128, i.e. in shell style. 
Remark: message is send by server when remote is killed by signal.

* lazy binding
   Prefer to use lazy binding when is loaded pkcs11 module.

* echo of sftp commands
   Prefix @ suppress echo of sftp batch commands.

   Now daemon(server) exposes $SSH_CONNECTION in the PAM environment.

* Support new OpenSSL version scheme
   Next OpenSSL version will be 3.0.0. It introduces new version scheme 
currently available in master branch. This PKIX-SSH release is ready to 
use modern OpenSSL version scheme.

* android port - fake password
   Fixed issue with use of function getenv - prevents crash on 64-bit 
Android OS-es.

* android port - session user environment
   Fixed issue when is prepared specific to Android environment for user 
session. Regression introduced in 11.4 release.

* ssh-agent socket
   Fixed bug in client that was keeping a redundant ssh-agent socket 
around for the life of the connection.

Roumen Petrov

Advanced secure shell implementation with X.509 certificate support

More information about the ssh_x509 mailing list