search for: do_ca_sign

Hi, I don't see any way to view the details of a certificate once it is generated. Having such a capability would be very handy for debugging purposes to check what constraints, principals, and validity interval are associated with a given cert. -- Iain Morgan

...y: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at mindrot.org ReportedBy: alanh at fairlite.co.uk Trying to build 5.8p2 and because the system I'm using lacks dlopen, PKCS11 isn't available and therefore fails with this.... ssh-keygen.c: In function 'do_ca_sign': ssh-keygen.c:1410:2: warning: implicit declaration of function 'pkcs11_init' ssh-keygen.c:1493:2: warning: implicit declaration of function 'pkcs11_terminate' m68k-atari-mint-gcc -o ssh-keygen ssh-keygen.o -L. -Lopenbsd-compat/ -fstack-protector-all -lssh -lopenbsd-compat -ls...

...ssing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype do_ca_sign: unable to open "/u/home/rac/src/openssh/openssh-5.6p1/regress/cert_host_key_rsa" couldn't sign cert_host_key_rsa I haven't pursued beyond this since the cert- scripts are show stoppers. I've perused the mailing list archives and don't see anything similar. I've also...

...? ???? &private, &comment)) != 0) { +?? ??? ???? &private, &comment, NULL)) != 0) { ??? ??? ??? ?freezero(passphrase, strlen(passphrase)); ??? ??? ??? ?fatal("Cannot load private key \"%s\": %s.", ??? ??? ??? ???? identity_file, ssh_err(r)); @@ -1785,7 +1801,7 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, ??? ??? ?ca->flags |= SSHKEY_FLAG_EXT; ??? ?} else { ??? ??? ?/* CA key is assumed to be a private key on the filesystem */ -?? ??? ?ca = load_identity(tmp, NULL); +?? ??? ?ca = load_identity(tmp, NULL, NULL); ??? ?} ??? ?free(tmp); ?...