search for: ca_fp

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan

...!= ';' && i + 1 < len) + buf[i++] = *(*c)++; + if (**c == ';') + (*c)++; + buf[i] = 0; +} + +/* check whether certificate is valid and signature correct */ +int +cert_verify(const u_char *cert, const Key *ca_key, const Key *key, + const u_char *identity) +{ + u_char ca_fp[128], ca_name[128], ca_id[128], ca_opts[512]; + u_char ca_vf[16], ca_vt[16], ca_alg[64], ca_sig[1024]; + u_char sigbuf[1024], datbuf[2048], c, *fp; + unsigned long vf, vt, now = time(NULL); + u_int siglen, i; + + if (cert == NULL || ca_key == NULL || ca_key->type != KEY_RSA || + ca_key->r...

..."%s", reason); - auth_debug_add("%s", reason); + error("Refusing certificate ID \"%s\" serial=%llu " + "signed by %s CA %s: %s", key->cert->key_id, + key->cert->serial, + sshkey_type(key->cert->signature_key), ca_fp, + reason); + auth_debug_add("Refused Certificate ID \"%s\" " + "serial=%llu: %s", key->cert->key_id, + (unsigned long long)key->cert->serial, reason); goto out; } } diff --git a/auth2-pubkeyfile.c b/auth2-pubkeyfile.c index c3b...

On 4/5/25 15:01, Lars Nood?n wrote: > I notice that when using log level INFO it seems sshd(8) provides very > little information about failed SSH certificate log in attempts: > > Apr? 5 14:44:41 server sshd-session[51695]: error: Certificate invalid: > not yet valid > > Apr? 5 14:45:31 server sshd-session[88953]: error: Certificate invalid: > expired > >