bugzilla-daemon at bugzilla.mindrot.org
2007-Oct-05 08:03 UTC
[Bug 1373] New: native support for X.509 v3 certificates
http://bugzilla.mindrot.org/show_bug.cgi?id=1373
Summary: native support for X.509 v3 certificates
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Other
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: mindrot at mycontact.org
I just wondering why their is not support for X.509 certificates in the
standard distribution of OpenSSH.
I found http://roumenpetrov.info/openssh/ but this is not part the
standard Debian distribution.
Other idea is the integration with OpenSC but i don't have a smartcard
on my vServer. A PAM module seems not available too.
Solution, getting direct X.509 support in OpenSSH?
Vote for it :)
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Oct-05 08:05 UTC
[Bug 1373] native support for X.509 v3 certificates
http://bugzilla.mindrot.org/show_bug.cgi?id=1373
Stephan Zehrer <mindrot at mycontact.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
--
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jun-18 04:03 UTC
[Bug 1373] native support for X.509 v3 certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=1373
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> 2008-06-18
14:03:52 ---
We do not plan to support X.509 certificates in OpenSSH. Doing so would
add a significant amount of complexity and would drastically increase
our attack surface.
We recommend users who have a strong need apply Roumen's patch (which
was of good quality the last time I checked), but for the above reasons
we won't be applying it to the version that we distribute it.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jul-22 02:20 UTC
[Bug 1373] native support for X.509 v3 certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=1373
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> 2008-07-22
12:20:00 ---
Mass update RESOLVED->CLOSED after release of openssh-5.1
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
- Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
- Announce: X.509 certificates support in OpenSSH (version 6.1-International)
- [Bug 1498] New: OpenSC smartcard access should use raw public keys, not X.509 certificates
- Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1