Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Dev

Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1

  

 
OpenSSH dev RSS feed   Index | Next | Previous | View Threaded


openssh at roumenpetrov

May 25, 2012, 12:24 PM

Post #1 of 4 (418 views)
Permalink
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All,

X.509 certificates support for OpenSSH version 6.0p1 was published.
I brief new version include :
- support for Android platform;
- engine implementation is now considered stable;
- various regression test improvements including fixes for OpenSSL FIPS
enabled 1.0.1 stable release and korn shell



Yours sincerely,
Roumen Petrov

--
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


john.m.olsson at ericsson

May 28, 2012, 12:19 AM

Post #2 of 4 (395 views)
Permalink
RE: Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1 [In reply to]
What is blocking this from being merged into OpenSSH?

/John

-----Original Message-----
From: openssh-unix-dev-bounces+john.m.olsson=ericsson.com [at] mindrot [mailto:openssh-unix-dev-bounces+john.m.olsson=ericsson.com [at] mindrot] On Behalf Of Roumen Petrov
Sent: den 25 maj 2012 21:25
To: OpenSSH Devel List
Subject: Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1

Dear All,

X.509 certificates support for OpenSSH version 6.0p1 was published.
I brief new version include :
- support for Android platform;
- engine implementation is now considered stable;
- various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell



Yours sincerely,
Roumen Petrov

--
Get X.509 certificates support in OpenSSH:
http://roumenpetrov.info/openssh/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


peter at stuge

May 28, 2012, 12:57 AM

Post #3 of 4 (394 views)
Permalink
Re: Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1 [In reply to]
John Olsson M wrote:
> What is blocking this from being merged into OpenSSH?

Quite likely the diffstat:

$ curl -s http://roumenpetrov.info/openssh/x509-7.2/openssh-6.0p1+x509-7.2.diff.gz | zcat | diffstat
INSTALL | 14
LICENCE | 3
Makefile.in | 79 ++
README.x509v3 | 622 +++++++++++++++++++
aclocal.m4 | 2
auth-passwd.c | 7
auth.c | 2
auth2-hostbased.c | 42 +
auth2-jpake.c | 49 +
auth2-pubkey.c | 159 ++++
authfd.c | 23
authfile.c | 75 ++
cipher.c | 67 ++
cipher.h | 6
config.h.in | 67 ++
configure | 1072 ++++++++++++++++++++++++++++++---
configure.ac | 343 +++++++++-
defines.h | 7
dns.c | 343 ++++++++++
dns.h | 32 -
evp-compat.h | 134 ++++
hostfile.c | 17
jpake.c | 7
key-eng.c | 677 +++++++++++++++++++++
key-eng.h | 45 +
key.c | 194 +++++-
key.h | 9
log.c | 24
log.h | 4
loginrec.c | 10
m4/ldap.m4 | 217 ++++++
mac.c | 52 +
mac.h | 7
misc.c | 9
moduli.0 | 18
moduli.5 | 10
monitor.c | 8
monitor_wrap.c | 15
openbsd-compat/Makefile.in | 8
openbsd-compat/bsd-arc4random.c | 30
openbsd-compat/bsd-closefrom.c | 23
openbsd-compat/openssl-compat.c | 57 +
openbsd-compat/openssl-compat.h | 18
openbsd-compat/xcrypt.c | 11
pathnames.h | 50 +
readconf.c | 344 ++++++++++
readconf.h | 50 +
regress/Makefile | 12
regress/forwarding.sh | 6
regress/multiplex.sh | 7
regress/sftp-cmds.sh | 6
regress/test-exec.sh | 23
scp.0 | 74 --
scp.1 | 67 --
servconf.c | 300 +++++++++
servconf.h | 44 +
session.c | 32 +
sftp-server.0 | 15
sftp-server.8 | 10
sftp.0 | 160 +----
sftp.1 | 67 --
ssh-add.0 | 44 -
ssh-add.1 | 26
ssh-add.c | 20
ssh-agent.0 | 68 +-
ssh-agent.1 | 18
ssh-agent.c | 57 +
ssh-dss.c | 199 ++++++
ssh-keygen.0 | 193 +++---
ssh-keygen.1 | 51 +
ssh-keygen.c | 36 +
ssh-keyscan.0 | 46 -
ssh-keyscan.1 | 53 +
ssh-keyscan.c | 117 ++-
ssh-keysign.0 | 19
ssh-keysign.8 | 12
ssh-keysign.c | 3
ssh-ocsp.c | 1045 ++++++++++++++++++++++++++++++++
ssh-pkcs11-helper.0 | 6
ssh-pkcs11-helper.8 | 10
ssh-pkcs11-helper.c | 5
ssh-pkcs11.c | 57 +
ssh-rsa.c | 143 ++++
ssh-x509.c | 1215 ++++++++++++++++++++++++++++++++++++++
ssh-x509.h | 86 ++
ssh-xkalg.c | 532 ++++++++++++++++
ssh-xkalg.h | 58 +
ssh.0 | 554 ++++++++---------
ssh.1 | 196 +++---
ssh.c | 76 ++
ssh_config | 13
ssh_config.0 | 632 +++++++++++--------
ssh_config.5 | 247 +++++++
ssh_engine.0 | 64 ++
ssh_engine.5 | 120 +++
sshconnect.c | 69 +-
sshconnect2.c | 121 +++
sshd.0 | 430 +++++++------
sshd.8 | 91 ++
sshd.c | 57 +
sshd_config | 68 ++
sshd_config.0 | 456 +++++++++-----
sshd_config.5 | 259 ++++++++
tests/CA/1-cre_cadb.sh | 417 +++++++++++++
tests/CA/2-cre_cakeys.sh | 382 +++++++++++
tests/CA/2-cre_key.sh | 33 +
tests/CA/3-cre_certs.sh | 343 ++++++++++
tests/CA/4-cre_crls.sh | 125 +++
tests/CA/5-cre_ldap.sh | 137 ++++
tests/CA/Makefile.in | 163 +++++
tests/CA/config | 254 +++++++
tests/CA/env.in | 7
tests/CA/functions | 279 ++++++++
tests/CA/openssh_tests.sh | 374 +++++++++++
tests/CA/shell.rc | 41 +
tests/CA/test-agent.sh.inc | 165 +++++
tests/CA/test-alg.sh.inc | 140 ++++
tests/CA/test-algfmt.sh.inc | 156 ++++
tests/CA/test-blob_auth.sh.inc | 84 ++
tests/CA/test-by_ldap.sh.inc | 299 +++++++++
tests/CA/test-crl.sh.inc | 266 ++++++++
tests/CA/test-dn_auth_file.sh.inc | 119 +++
tests/CA/test-dn_auth_path.sh.inc | 130 ++++
tests/CA/test-ocsp.sh.inc | 256 ++++++++
tests/CA/test-self.sh.inc | 183 +++++
tests/CA/verify.sh | 44 +
umac.c | 4
x509_by_ldap.c | 874 +++++++++++++++++++++++++++
x509_by_ldap.h | 98 +++
x509_nm_cmp.c | 524 ++++++++++++++++
x509store.c | 1034 ++++++++++++++++++++++++++++++++
x509store.h | 123 +++
132 files changed, 18689 insertions(+), 1822 deletions(-)
$


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


djm at mindrot

May 28, 2012, 9:55 PM

Post #4 of 4 (394 views)
Permalink
Re: Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1 [In reply to]
On Mon, 28 May 2012, Peter Stuge wrote:

> John Olsson M wrote:
> > What is blocking this from being merged into OpenSSH?
>
> Quite likely the diffstat:

No, we just don't trust X.509 (or ASN.1 at all) in the pre-authentication
attack surface. This is no reflection on Roumen's code, but on the
syntactic and semantic complexity of the standards themselves and their
vulnerability history.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.