bugzilla-daemon at bugzilla.mindrot.org
2020-Mar-09 12:23 UTC
[Bug 3132] New: No command to list the content of an SSH KRL
https://bugzilla.mindrot.org/show_bug.cgi?id=3132 Bug ID: 3132 Summary: No command to list the content of an SSH KRL Product: Portable OpenSSH Version: 8.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: rik.theys at esat.kuleuven.be Hi, The ssh-keygen command allows generation of a KRL in a binary format. It also has a command line option (-Q) to check if a specific certificate/public key is on the KRL. I did not find any command that will display the full content of a KRL so see which certificates/serial nr/hashes are on the revocation list. It would be nice to have such a command so we can easily check which certificates have been revoked in the past. Regards, Rik -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Mar-13 07:35 UTC
[Bug 3132] No command to list the content of an SSH KRL
https://bugzilla.mindrot.org/show_bug.cgi?id=3132 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org, | |dtucker at dtucker.net Attachment #3367| |ok?(dtucker at dtucker.net) Flags| | --- Comment #1 from Damien Miller <djm at mindrot.org> --- Created attachment 3367 --> https://bugzilla.mindrot.org/attachment.cgi?id=3367&action=edit Support for dumping KRL contents via ssh-keygen This patch adds support for dumping KRL contents via "ssh-keygen -Qlf /path/krl" The dump format is similar to the KRL specification format described in ssh-keygen(1)'s KEY REVOCATION section. Some things we need to print don't fit the format, so I print them as comments. Example:> $ ssh-keygen -lQf obj/krl-all > # KRL version 0 > # Generated at 20200313T181736 > > hash: SHA256:SHA256:s8ltKq+ldDA2KIlB5dqI0BfEI4UyV+pJujwg6Q2uKIU # ssh-dss > hash: SHA256:SHA256:zbEIKMbhOkp/jZWE/cW67PnEwSyv0Oju1c4PH1N70/k # ssh-ed25519 > hash: SHA256:SHA256:VZS9t21+vjrGDece9Pc6i23kPcVw5QsVOtxBCuIOyRw # ecdsa-sha2-nistp256 > hash: SHA256:SHA256:jHnudyvRBF93GK/jA9NO7wpUd5emyeCq9NlIEI6dVQA # sk-ecdsa-sha2-nistp256 at openssh.com > # CA key ssh-ed25519 SHA256:7Y4hOrk8kHvyTeXl+VU/zwD28qqCK9e5M35LTwe0OpM > serial: 1 > serial: 4 > serial: 90 > serial: 500-799 > serial: 999 > serial: 10000-20000 > id: revoked 795 > id: revoked 796 > id: revoked 797 > id: revoked 798-- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Mar-13 07:35 UTC
[Bug 3132] No command to list the content of an SSH KRL
https://bugzilla.mindrot.org/show_bug.cgi?id=3132 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |3117 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3117 [Bug 3117] Tracking bug for 8.3 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Mar-13 08:23 UTC
[Bug 3132] No command to list the content of an SSH KRL
https://bugzilla.mindrot.org/show_bug.cgi?id=3132 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #3367|ok?(dtucker at dtucker.net) |ok+ Flags| | -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Apr-03 02:27 UTC
[Bug 3132] No command to list the content of an SSH KRL
https://bugzilla.mindrot.org/show_bug.cgi?id=3132 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Damien Miller <djm at mindrot.org> --- This has been committed and will be in openssh-8.3 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:58 UTC
[Bug 3132] No command to list the content of an SSH KRL
https://bugzilla.mindrot.org/show_bug.cgi?id=3132 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Oct-13 14:42 UTC
[Bug 3132] No command to list the content of an SSH KRL
https://bugzilla.mindrot.org/show_bug.cgi?id=3132 Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ahmedsayeed1982 at yahoo.com --- Comment #4 from Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> --- no longer builds on aarch64 (native build) after updating to glibc-2.33. http://www-look-4.com/services/usb-type-a/ Due to a glibc 2.33 header file change, the file nat/aarch64-linux-hw-point.c no longer builds on OSes using this version of glibc. https://komiya-dental.com/services/huawei-service/ An enum for PTRACE_SYSEMU is now provided by <sys/ptrace.h>. In the past, PTRACE_SYSEMU was defined only in <asm/ptrace.h>. This is http://www.iu-bloomington.com/property/properties-in-turkey/ what it looks like... In <asm/ptrace.h>: https://waytowhatsnext.com/crypto/cryptocurrency-taxes/ #define PTRACE_SYSEMU 31 http://www.wearelondonmade.com/health/check-ups/ In <sys/ptrace.h>: http://www.jopspeech.com/services/surface-duo/ enum __ptrace_request { http://joerg.li/services/kia-rio-price/ ... PTRACE_SYSEMU = 31, #define PT_SYSEMU PTRACE_SYSEMU ... http://connstr.net/services/mobile-games/ } When <asm/ptrace.h> and <sys/ptrace.h> are both included in a source file, we run into the following build problem when the former is included before the latter: http://embermanchester.uk/tech/google-drive/ In file included from nat/aarch64-linux-hw-point.c:26: /usr/include/sys/ptrace.h:86:3: error: expected identifier before numeric constant 86 | PTRACE_SYSEMU = 31, http://www.slipstone.co.uk/technology/cars-interior/ | ^~~~~~~~~~~~~ (There are more errors after this one too.) http://www.logoarts.co.uk/technology/robot-vacuums/ The file builds without error when <asm/ptrace.h> is included after <sys/ptrace.h>. I found that this is already done in http://www.acpirateradio.co.uk/health/transportation-security/ nat/aarch64-sve-linux-ptrace.h (which is included by nat/aarch64-linux-ptrace.c). http://www.compilatori.com/health/premium-subscription/ A commit for this bug is already on the trunk: https://www.webb-dev.co.uk/computers/crypto-apps/ -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.