Displaying 20 results from an estimated 200 matches similar to: "Timing bug patch and x509 question."
2000 Jul 06
2
2.1.1p2 HP-UX 11 timing error
FYI in order to get 2.1.1p2 to work on my HP-UX 11.0 systems I had to patch
atomicio.c for EWOULDBLOCK (HP read() does not give the POSIX return code).
The new atomicio() is a clean fix for this timing problem; all it needs now
is this one little tweak.
Also had the "General Commercial Security" error (PAM_TERM_ERROR from
pam_acct_mgmt()) which I have very crudely addressed for now by
2004 Jun 04
2
Patch for FIPS 140 mode - take 3
Greetings.
(Third try at sending this, the first two seemed to disappear without a
trace.
Perhaps use of MS Outlook was the problem, even though in plain text...? Or
attachment too big (22Kb)? Would like to know...)
The final source code and documentation package for a FIPS 140 validated
mode
of OpenSSL was recently submitted. Once the final certification is
awarded by
NIST, in a month or
2000 Jul 12
0
Announce: portable OpenSSH 2.1.1p3
The 2.1.1p3 release of portable OpenSSH has been uploaded to the
OpenBSD ftp master site. In a few hours it will be available from one
of the many mirrors listed at:
http://www.openssh.com/portable.html
This release fixes several bugs reported since the previous release
and extends portability to NeXT and Reliant Unix.
As usual, the OpenBSD team has been hard at work further polishing and
2000 Jul 12
0
Announce: portable OpenSSH 2.1.1p3
The 2.1.1p3 release of portable OpenSSH has been uploaded to the
OpenBSD ftp master site. In a few hours it will be available from one
of the many mirrors listed at:
http://www.openssh.com/portable.html
This release fixes several bugs reported since the previous release
and extends portability to NeXT and Reliant Unix.
As usual, the OpenBSD team has been hard at work further polishing and
2000 Jul 11
3
Test snapshot
Can interested users please test the latest snapshot at
http://www.mindrot.org/misc/junk/openssh-SNAP-2000071102.tar.gz
It contains quite a few fixes for small problems that have been
reported in the last few weeks.
Pending feedback it is going to become 2.1.1p3
Regards,
Damien Miller
--------------- Changelog:
20000711
- (djm) Fixup for AIX getuserattr() support from Tom Bertelson
2005 Feb 18
0
OpenSSH and OpenSSL 0.9.7.e with FIPS
Michael Selvesteen wrote:
>I use OpenSSH 3.9 on HP-UX 11vi. I compiled OpenSSL 0.9.7e by enabling
>FIPS. I found in the FIPS document that OpenSSL now contains the
>FIPS 140 specific cryptographic API and algorithm implementations
>only; i.e. the API for low level algorithms (RSA, AES, 3DES, DSA,
>SHA-1). Does it have any functional impacts on SSH.
>
>Will all the
2015 Mar 18
2
FYI: OpenSSL Patch to Plug Severe Security Holes
Excerpt:
The OpenSSL project said it plans to release new versions of its code to
fix a number of security weaknesses, including some classified as ?high?
severity.
<...>
The patch is likely to set off a mad scramble by security teams at
organizations that rely on OpenSSL. That?s because security updates ?
particularly those added to open-source software like OpenSSL that anyone
can view ?
2003 Feb 19
0
FW: compare st_mode & 07777, or Aix dirs always differ
>jw schultz [mailto:jw@pegasys.ws] wrote:
>On Fri, Feb 07, 2003 at 11:15:57AM -0500, Roderick Schertler wrote:
>> Under Aix directories have the mode 024xxxx instead of the customary
>> 04xxxx. Because of this when you sync a directory to or from an Aix
>> system it's never up to date.
>>
>> Here is a patch which fixes this. It causes rsync to look at
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
Hi,
I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with
FIPS 140-2 OpenSSL.
These are based on previously reported patches by Steve Marquess
<marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>,
for ver. OpenSSH 3.8.
Note that these patches are NOT OFFICIAL, and MAY be used freely by
anyone.
Issues [partially] handled:
SSL FIPS Self test.
RC4,
2007 Feb 03
0
ipsec and x509 certificate
hi I''m trying to get ipsec working with x509 certificates however I
just can''t seem to. I''ve hit a road block and was wondering if someone
could help me figure it out. my racoon.conf (I have it mirrored on the
connecting machine.
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/certs";
remote anonymous
{
exchange_mode
2002 Apr 04
0
openssh and x509 extension
I am just finished support for x509 certificate.
More information on this page: http://satva.skalasoft.com/~rumen/openssh/
2003 Mar 27
0
[PATCH] authentication with x509 certificate
Hi,
I have made new small patch. He use X509 certificate to authenticate users.
This patch use some features which are coded by Eric Auge (see ldap patch
http://ldappubkey.gcu-squad.org/).
You could find the patch on http://traceroute.free.fr/articles.php?id=24
regards,
Fred.
2002 Jun 21
0
x509 extension new version is out
Hi All,
Please visit http://satva.skalasoft.com/~rumen/openssh/ to get new version with support for x509 certificate.
- added authorization by 'Distinguished Name';
- added x509 CA store (new options in sshd_config);
- client certificate is verified against CA certificates in x509 store;
- added shell scripts to create 'Test CA' and test client certificates.
Diffs aviable for
2004 Jul 08
2
How to use publickey from x509 certificate?
Hello,
I have the following problem: I want to use publickey authentication by
using the publickey of a x509 certificate stored on a java card. I can
already extract the publickey of the certificate and write it into a
file. The problem i have is that i don't know how to convert the
certificate's publickey into an rsa publickey format that openssh will
accept.
Does anybody have a
2008 Mar 13
2
Openssh to support X509 certificates
Hello,
I have paid attention to the issue about the X509-based certificate support in
standard openssh.
Because I also need the support of X509-based certificates in my project,
and also I have developed specific version of openssh to pass the
proxy certificate from client to server. But I used the PAM module
to verify the proxy and authorize the accessors.
I wonder whether current support in
2011 Feb 17
1
pkcs11 : extract pubkey from x509 certificates
Hello all,
About PKCS11, some provider allows only the use of X509
certificate.
Are there plans to add the ability to extract the public key from
certificates when there is no public key?
Thank you
Sincerely,
Laurent
2018 Sep 04
1
How to specify a x509-dir from XML config file?
Hi Everyone,
I'd like to ask a question about libvirt xml config. I am using kvm with tls certification. For some reason I need to specify a unique certificate file for every instance, so my kvm command would be like:
/usr/libexec/qemu-kvm -spice port=5900,tls-port=5901,addr=0.0.0.0,disable-ticketing,x509-dir=/openstack/etc/pki/libvirt-spice
the argument
2014 Jun 23
0
Wishlist: add a variable %{x509} expanding to the client cert in Dovecot-auth
Hi there,
As of Dovecot 2.2.9, it's possible to enable passwordless authentication
using client certificates [1]:
ssl_ca = </etc/ssl/ca.pem
ssl_verify_client_cert = yes
auth_ssl_username_from_cert = yes
(Password checking can be bypassed by returning the extra fields
?password= nopassword? in the passdb when the variable ?%k? expands to
"valid".)
However this
2006 Feb 07
1
[resend] SAMBA and X509 certs ?
Hello everybody,
I'll try to find out some info about Samba and a way to put x509
authenticate method but i don't find anything clear about it.
I found in the how-to v3 some stuff about authenticate PAM module to use
with samba but I don't know if I look in the right direction.
I have a samba server running for a lots of time based on smbpass DB.
We plan to use our PKI certs to
2002 Feb 13
1
x509 test patch - can't compile
cc -g -I. -I. -I/opt/openssl-0.9.6c/include -I. -I/usr/local/include
-DETCDIR=\"/opt/openssh-3.0.2p1-x509/etc\"
-D_PATH_SSH_PROGRAM=\"/opt/openssh-3.0.2p1-x509/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/openssh-3.0.2p1-x509/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/opt/openssh-3.0.2p1-x509/libexec/sftp-server\"
-D_PATH_SSH_PIDDIR=\"/var/run\"