[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 daemonh...@nullcore.com changed: What|Removed |Added CC||daemonh...@nullcore.com --- Comment #7 from daemonh...@nullcore.com --- This would be helpful on multiple platforms for me (Windows, FreeBSD, Linux). I'm willing to assist with regression testing if I can help expedite this patch landing. Is there are committer that is willing to pickup and merge ? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Dirk-Willem van Gulik changed: What|Removed |Added CC||di...@webweaving.org --- Comment #6 from Dirk-Willem van Gulik --- Rebased version tested on OSX and FreeBSD. In production without any issues for 3 months. Works very well & is very useful. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Orion Poplawski changed: What|Removed |Added CC||or...@nwra.com --- Comment #5 from Orion Poplawski --- This would be very helpful to us. We have multiple certificates on our smart cards and are now running into issues where connections fail because of too many authentication failures while trying the other certificates on the card. Please adopt this or at least comment as to why it isn't acceptable. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 --- Comment #4 from Jakub Jelen --- The updated and rebased change is still available here https://github.com/Jakuje/openssh-portable/commits/jjelen-pkcs11 https://github.com/Jakuje/openssh-portable/commit/ed3eaf7d -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 egbe...@yahoo.com changed: What|Removed |Added CC||egbe...@yahoo.com -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Damien Miller changed: What|Removed |Added Keywords||pkcs11 CC||d...@mindrot.org -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 David Woodhouse changed: What|Removed |Added CC||dw...@infradead.org -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 --- Comment #3 from Jakub Jelen--- I added some more tests and fixed the functionality of loading and unloading the keys per-uri instead of per-pkcs11-module as it used to be. The patches are available in my the github branch and in copr. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Thomas Jaroschchanged: What|Removed |Added CC||thomas.jaro...@intra2net.co ||m -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Jakub Jelenchanged: What|Removed |Added Attachment #3111|0 |1 is obsolete|| --- Comment #2 from Jakub Jelen --- Created attachment 3119 --> https://bugzilla.mindrot.org/attachment.cgi?id=3119=edit PKCS#11 URI (RFC7512) support v2 I uploaded a new version of the patch, which is removing the PKCS11URI configuration option and instead the URI can be provided to IdentityFile configuration option with prefix "pkcs11:". The changes to the code are minimal (the largest part is the testing soft-pkcs11 module): Makefile.in | 24 +- configure.ac | 37 ++ readconf.c|5 +- regress/Makefile |9 +- regress/agent-pkcs11.sh | 13 +- regress/locl.h| 79 +++ regress/pkcs11.sh | 285 + regress/soft-pkcs11.c | 2058 + regress/unittests/Makefile|2 +- regress/unittests/pkcs11/Makefile |9 + regress/unittests/pkcs11/tests.c | 329 ++ ssh-add.c | 26 + ssh-agent.c | 99 ++- ssh-keygen.c |1 + ssh-pkcs11-client.c |3 + ssh-pkcs11-uri.c | 399 ssh-pkcs11-uri.h | 41 ++ ssh-pkcs11.c | 266 ++-- ssh-pkcs11.h |5 + ssh.c | 99 ++- ssh_config.5 | 13 + 21 files changed, 3699 insertions(+), 103 deletions(-) -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2817] Add support for PKCS#11 URIs (RFC 7512)
https://bugzilla.mindrot.org/show_bug.cgi?id=2817 Nikos Mavrogiannopouloschanged: What|Removed |Added CC||n.mavrogiannopoulos@gmail.c ||om --- Comment #1 from Nikos Mavrogiannopoulos --- In my opinion the biggest advantage of this patch set is the ability to be specific on the keys to use from a token/smart card. That is, no longer sends the server each and every key present in the card, but only the one specified by the user. -- You are receiving this mail because: You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs