search for: sshkey_add_private

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

...t() with 1. OpenSSL now clears everything when you call EVP_CipherInit() again, so what was passed in the first but not in the second call, and what the function calls between them did, was lost. - The test suite was insitng that things like rsa->n where not NULL in sshkey/test_sshkey.c. sshkey_add_private was also doing something like that for the private parts. I don't agree that it should just have BN members that are not set to a real value. So I removed that code and the checks. I'm not even sure why this was done. But sshkey_add_private() ends up as a rather useless function n...

...T) + error("Failed to load certificate \"%s\": %s", + filename, ssh_err(r)); + goto out; + } + if (!sshkey_is_cert(cert)) { + error("Not a certificate: %s", filename); + goto out; + } + + /* Add empty private key fields for serialization */ + if ((r = sshkey_add_private(cert)) != 0) + goto out; + + if ((r = ssh_add_identity_constrained(agent_fd, cert, comment, + lifetime, confirm)) != 0) { + error("Certificate %s (%s) add failed: %s", filename, + cert->cert->key_id, ssh_err(r)); + goto out; + } + ret = 0; + fprintf(stderr, "Certifi...

https://bugzilla.mindrot.org/show_bug.cgi?id=2472 Bug ID: 2472 Summary: Add support to load additional certificates Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at