https://bugzilla.mindrot.org/show_bug.cgi?id=2472
Bug ID: 2472
Summary: Add support to load additional certificates
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: [email protected]
Reporter: [email protected]
Created attachment 2715
--> https://bugzilla.mindrot.org/attachment.cgi?id=2715&action=edit
Patch part 1/3
Add support to load additional certificates
for already loaded private keys. Useful
if the private key is on a PKCS#11 hardware token.
The private keys inside ssh-agent are now using a refcount
to share the private parts between "Identities".
The reason for this change was that the PKCS#11 code
might have redirected ("wrap") the RSA functions to a hardware token.
We don't want to mess with those internals.
Tested with an OpenGPG card. Patch developed against 6.9p
and applies to original 6.9, too.
Original patch from openssh-unixdev has been split into three smaller
patches for easier review. It has also been updated for version 7.1p1.
(KEY_RSA_CERT_V00 / KEY_DSA_CERT_V00 was removed).
Original submission:
https://marc.info/?l=openssh-unix-dev&m=143792343407993&w=2
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
