Displaying 20 results from an estimated 800 matches similar to: "[Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME"
2012 Jun 29
2
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Patch applied, thanks.
I still don't understand how it gets into this state since the space
should be allocated immediately beforehand:
if (rrset->rri_nsigs > 0) {
rrset->rri_sigs = calloc(rrset->rri_nsigs,
2007 May 21
1
[PATCH] Add support for ldns
Hi,
as discussed before, we're trying to make use of SSHFP records (RFC
4255) to publish host key fingerprints in the DNS.
However, some non-OpenBSD platforms don't support DNSSEC in the native
resolver (e.g. glibc), which renders the whole thing quite useless,
since openssh correctly requires the RRs to be signed and validated.
The following patch adds support for ldns, an external
2015 Aug 11
0
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release
2013 Jun 09
7
[Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2119
Bug ID: 2119
Summary: SSHFP with DNSSEC ? no trust anchors given, validation
always fails
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2017 Apr 08
2
[Bug 2708] New: openssh: 7.5p1 update breaks ldns/sshfp
https://bugzilla.mindrot.org/show_bug.cgi?id=2708
Bug ID: 2708
Summary: openssh: 7.5p1 update breaks ldns/sshfp
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2018 Jan 11
3
sshfp/ldns still having issues in 7.6
> I replaced the ldns code with getdns. Works fine for more than a year now.
>
I am interested in how you did that. Would you mind sharing your procedure?
> I don't think anybody cares. I tried to tell people. But that had no
> effect.
>
There certainly is not as much talk about it as I would expect there to be.
2018 Jan 10
4
sshfp/ldns still having issues in 7.6
I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a
year or so ago I ran into the problem listed in this bug report:
Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472
The release notes for 7.6 release notes indicate that the fix patch was
included: https://www.openssh.com/txt/release-7.6
I tried 7.6 and I still cannot connect without a prompt wondering
2016 Aug 03
5
[Bug 2603] New: Build with ldns and without kerberos support fails if ldns compiled with kerberos support
https://bugzilla.mindrot.org/show_bug.cgi?id=2603
Bug ID: 2603
Summary: Build with ldns and without kerberos support fails if
ldns compiled with kerberos support
Product: Portable OpenSSH
Version: 7.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2015 Jun 22
2
Small issue with DNSSEC / SSHFP
Hi,
I found a small issue with DNSSEC validation of SSHFP lookups. (For reference
I used OpenSSH 6.8p1 on FreeBSD 10.1).
The issues is that when DNSSEC valiation fails, ssh displays a confusing
message to the user. When DNSSEC validation of a SSHFP record fails, ssh
presents the user with
"Matching host key fingerprint found in DNS.
"Are you sure you want to continue connecting
2007 Jun 11
20
[Bug 1320] New: Add support for ldns
http://bugzilla.mindrot.org/show_bug.cgi?id=1320
Summary: Add support for ldns
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: svallet at
2017 Mar 23
6
[Bug 2697] New: Portable OpenSSH 7.5 can't build with ldns using ldns-config
https://bugzilla.mindrot.org/show_bug.cgi?id=2697
Bug ID: 2697
Summary: Portable OpenSSH 7.5 can't build with ldns using
ldns-config
Product: Portable OpenSSH
Version: 7.5p1
Hardware: All
OS: All
Status: NEW
Severity: trivial
Priority: P5
Component: Build system
2023 Mar 15
0
Announce: OpenSSH 9.3 released
OpenSSH 9.3 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested
2016 Nov 11
0
ldns-dane
This is an epel package but I thought that I would ask here first. I
am encountering unexpected behaviour from this program and I would
like to know if it is a bug, or I am configuring something wrong, of
if this is intended behaviour.
ldns-dane version 1.6.16 (ldns version 1.6.16)
When I attempt to specify the entire certificate as the desired data
source for this program I get the following
2020 Sep 29
2
[Bug 3215] New: Reference to ldns.3.dylib is an error
https://bugzilla.mindrot.org/show_bug.cgi?id=3215
Bug ID: 3215
Summary: Reference to ldns.3.dylib is an error
Product: Portable OpenSSH
Version: 8.4p1
Hardware: amd64
OS: Mac OS X
Status: NEW
Severity: critical
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2017 Mar 31
10
[Bug 2702] New: ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702
Bug ID: 2702
Summary: ssh compiled with --with-ldns segfaults during
known_hosts parsing
Product: Portable OpenSSH
Version: 7.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
2015 Dec 24
0
Centos7 poblems with dnssec-keygen
On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
> I am reading:
>
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
>
> I have bind installed and default config running. I have not applied my
> customizations yet. The first step I am taking is getting rndc.key
> created. So reading the guide I am trying to run (while logged in as
> root, and
2015 Dec 24
2
Centos7 poblems with dnssec-keygen
On 12/24/2015 03:50 PM, Alice Wonder wrote:
>
>
> On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
>> I am reading:
>>
>> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
>>
>>
>> I have bind installed and default config running. I have not applied my
>> customizations yet. The first step I am taking is getting
2011 Jul 20
1
auto-accept keys matching DNSSEC-validated SSHFP records
Hi,
I submitted a patch back in November of 2009 to add local validation of
DNSSEC record to openssh. I recent updated the patch for 5.8, and
figured I do a little marketing while I'm at it. :-)
Someone had previously submitted a patch which simply trusted the AD
bit in the response, which is susceptible to spoofing by anyone who can
inject packets between the resolver and the client. Our
2019 Feb 13
0
DNSSEC Questions
On 2/12/19 11:49 PM, Paul R. Ganci wrote:
>
> On 2/12/19 10:55 PM, Alice Wonder wrote:
>> DNSSEC keys do not expire. Signatures do expire. How long a signature
>> is good for depends upon the software generating the signature, some
>> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>>
>> The keys are in DNSSKEY records that are signed
2019 Feb 13
0
DNSSEC Questions
On 2/12/19 7:26 PM, Paul R. Ganci wrote:
> Last weekend I had my DNSSEC keys expire. I discovered that they had
> expired the hard way... namely randomly websites could not be found and
> email did not get delivered. It seems that the keys were only valid for
> what I estimate was about 30 days. It is a real PITA to have update the
> keys, restart named and then update Godaddy