[ssh_x509] x509v3-rsa2048-sha256 algorithm support in PKISSH-10.2

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue Sep 3 18:33:04 EEST 2019


Hello,

ssh_x509 at roumenpetrov.info wrote:
> Hi Roumen,
> As per our discussion in the previous email, I got to know that
> x509v3-rsa2048-sha256 algorithm support is added in PKISSH-12.1 which has
> OpenSSH-8.0p1 version.
> We are using PKISSH-10.2 which has OpenSSH-7.5p1 version and would like you
> to use the same version for now. But we would also like to have
> x509v3-rsa2048-sha256 algorithm support in the same version. Kindly let me
> know if x509v3-rsa2048-sha256 algorithm support can be patched back in
> PKISSH-10.2 release or not. If Yes, kindly provide us with the changes so
> that we can patch the same in PKISSH-10.2.


This is the commit - 
https://gitlab.com/secsh/pkixssh/commit/d051dfbc1d680f109287204a83ac996334d36c87
( plain 
https://gitlab.com/secsh/pkixssh/commit/d051dfbc1d680f109287204a83ac996334d36c87.diff 
) .
For sure patch will fail for non-significant modification like .Dd 
$Mdocdate: June 14 2019 $ , i.e. patch fail on manual pages.

Another fail is in ssh-x509.c function Xkey_algoriths. It is save to 
ignore as is related to "multi-algorithm host-keys" functionality from 11.0.


> Thanks & Regards
> Mohit Gupta

Regards,
Roumen Petrov




More information about the ssh_x509 mailing list