Re: x509 patch for SSH
This is a discussion on Re: x509 patch for SSH within the OpenSSH Development forums, part of the Networking and Network Related category; Is the x598 support going to be embedded in mainstream? On Jan 19, 2008 10:50 PM, Roumen Petrov <...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-22-2008
|
|||
|
|||
Re: x509 patch for SSH
Is the x598 support going to be embedded in mainstream?
On Jan 19, 2008 10:50 PM, Roumen Petrov <openssh@roumenpetrov.info> wrote: > Konstantin V. Gavrilenko wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Roumen, > > > > one last thing, what exactly does MandatoryCRL option sets? > > > > Since when it is set to no, the ssh_crl.pem does get checked whether the > > cert is revoked or not. > > However, when I set it to yes, I get the following error > > [SNIP] > > > > Jan 17 14:46:12 pingo sshd[25026]: error: ssh_x509revoked_cb: unable to > > get issued CRL > > [SNIP] > > When MandatoryCRL is no, check for revoked only if CRL is found in X.509 store. > > > When MandatoryCRL option is set and certificate attribute "CRL Distribution Point" is set, > > corresponding CRL must exist in X.506 store. > > > Roumen > > -- > Get X.509 certificates support in OpenSSH: > http://roumenpetrov.info/openssh/ > > > _______________________________________________ > > openssh-unix-dev mailing list > openssh-unix-dev@mindrot.org > https://lists.mindrot.org/mailman/li...enssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
