Roumen Petrov
2006-Apr-27 18:38 UTC
Announce: X.509 certificates support in OpenSSH version 5.4
Hi All,
The version 5.4 of "X.509 certificates support in OpenSSH" is ready
for download.
On download page
http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4
you can found diffs for OpenSSH versions 4.2p1 and 4.3p2.
What's new:
* given up support for "x509v3-sign-rsa-sha1" and
"x509v3-sign-dss-sha1"
The implementation realised in previous version 5.3 is not fully in
conformance
with "draft-ietf-secsh-x509-02.txt"
* correct nid for OCSP responder location
All version before 5.4 search for nid
"id-pkix-ocsp-service-locator"
instead for correct one "id-ad-ocsp" to find location of OCSP
responder.
* public key permit X.509 certificate for authentication
Now the public key listed in authorized keys file permit too a X.509
certificate
with public key that match it to be used in "public key
authentication".
* client option "PubkeyAlgorithms"
This new clent option specifies the protocol version 2 algorithms used in
"publickey" authentication allowed to sent to the host.
* server option "KeyAllowSelfIssued"
This new server option specifies whether only public key or certificate
blob
listed in authorized keys file can allow self-issued(self-signed) X.509
certificate to be used for user authentication.
Please visit "http://roumenpetrov.info/openssh/" for more information
about "X.509 certificates support in OpenSSH".
Regards,
Roumen Petrov
Reasonably Related Threads
- Announce: X.509 certificates support in OpenSSH-3.9p1
- Announce: X.509 certificates support in OpenSSH(version h-Validator)
- X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL
- Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
- Announce: X.509 certificates support in OpenSSH (version 6.1-International)
Wisdom of the Ancients
