https://bugzilla.mindrot.org/show_bug.cgi?id=3962
Bug ID: 3962
Summary: Add more verbose output when revoking keys or
certificates via a spec file
Product: Portable OpenSSH
Version: 9.6p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: [email protected]
Reporter: [email protected]
When using a spec file to revoke certificates (via serial number and CA
key), ssh-keygen just outputs that it uses the spec file, but does not
output the entries actually added to the KRL.
For some automated workflows one might want to parse the output to log
the fact of revoking a certificate (or public key).
Example output:
% ssh-keygen -f user-CA.krl -k -s user-CA -u -z 5 user-KRL.spec
Revoking from user-KRL.spec
The user-KRL.spec contained:
serial: 40
serial: 41
serial: 99999
serial: 999999
Actually serial numbers 40 and 41 had been revoked in the KRL file
already, so it would be nice if ssh-keygen would output the entries
actually added to the KRL, maybe like:
Revoked serial 99999
Revoked serial 999999
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
