[ssh_x509] RP patch 13.1 not based on OpenSSH 8.6P1

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Jun 24 21:39:28 EEST 2021


ssh_x509 at roumenpetrov.info wrote:
> Hello,
> I am patching OpenSSH 8.6P1 (https://github.com/openssh/openssh-portable/tree/V_8_6_P1) with the latest Roumen Petrov patch pkixssh-13.1.
> However it seems that the latest Roumen Petrov patch is not based on OpenSSH 8.6p1 even if it should be.
Since long time ago PKIX-SSH is separate project. Repository is here https://gitlab.com/secsh/pkixssh

Release model does not follow OpenBSD implementation.

 From download page https://roumenpetrov.info.example.net/secsh/download.html you could get complete "tarbal".

> I took differences between the vanilla OpenSSH 8.6p1 and your patched files, and a lot of the differences in the code is part of code that seems to be of from OpenSSH 8.0p1. So, from my understanding your patch is bringing back code from the OpenSSH 8.0, and this seems unusual.

Download page offer "diff" to OpenBSD implementation but should not be considered as main source.

> In the past I patched OpenSSH with your relative code and I didn’t have any problems, so I wonder why I encounter this behaviour.

Initially when pkixssh-*13.1 was published diff was against 8.5p1.

> Is this behaviour intended? Is this issue (if that) known? Do you have any recommendation on how to include your changes on OpenSSH 8.6?

Few days was published *diff was against 8.6p1. I will check diff but note that main source is https://roumenpetrov.info/secsh/src/pkixssh-13.1.tar.xz .

> Thank you very much, any help would be very appreciated.
> Best Regards,
> Gianluca

For protocol :
- https://roumenpetrov.info/openssh/x509-13.1/openssh-8.6p1+x509-13.1.diff.gz
- https://roumenpetrov.info/openssh/x509-13.1/openssh-8.5p1+x509-13.1.diff.gz

Roumen Petrov

More information about the ssh_x509 mailing list