Re: x.509 & key_verify()

From: C S (nd_stew_at_yahoo.com)
Date: 09/19/03

  • Next message: Hong Tian: "RE: Openssh 3.7p1 Solaris Compile"
    Date: Fri, 19 Sep 2003 07:34:41 -0700 (PDT)
    To: secureshell@securityfocus.com
    
    

    Originally the problem was said to exist with
    key_verify() and server_host_key. I never mentioned
    "make check", it ran fine for me. Why should I have
    to go back to the build after a successful "make
    install" with different variables? Having to go back
    to different sig types, key lengths, and SSL just to
    check/test is bewildering.

    My keys, certs are solid and have been tested with
    other apps. Unless I can get a more straight forward
    explanation and if this patch has a future, I'm done
    with this fix, but I'm hopeful to work through it...

    cs
    --- Roumen Petrov <openssh@roumenpetrov.info> wrote:
    > :-)))
    > Curtis Steward wrote:
    >
    > >If I understand you right:
    > >
    > > Any key sig type should be md5, sha1 is invalid.
    > >
    > NO :-[
    >
    > > Key length of 2048 is invalid
    > >
    > NO :-[
    >
    > >, so gen a new set of
    > >keys, what is max length?
    > >
    > Find it self.
    >
    > > OpenSSL needs to be at 0.9.7 or greater.
    > >
    > NO :-[
    >
    > >If I do these three things I should then be
    > >functional, then I'll think about upgrading to
    > OpenSSH
    > >3.7.1.
    > >
    > :-[ 3.7.1p1 or 3.6.1p2
    >
    > >And no, there is no plans for this patch in
    > >3.8 :(
    > >
    > :-)
    >
    > >
    > >Thx
    > >
    > >--- Roumen Petrov <openssh@roumenpetrov.info>
    > wrote:
    > >
    > >
    > >>"make check" cannot reproduce you problem when:
    > >>- all keys are 2048 bits;
    > >>- server use rsa(with md5)+cert as hostkey;
    > >>- client and server config contain
    > >>X509rsaSigType=sha1 option;
    > >>- even "OpenSSH with X.509 cert support" is build
    > >>with openssl 0.9.7x
    > >>but "make check" use openssl 0.9.6x.
    > >>
    > >>
    > >><SNIP>
    > >>
    > >>
    >

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com


  • Next message: Hong Tian: "RE: Openssh 3.7p1 Solaris Compile"

    Relevant Pages

    • Fw: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-06:23.openssl
      ... The above patch reduces the functionality of libcryptoby ... prohibiting the use of exceptionally large public keys. ... For general information regarding FreeBSD Security Advisories, ... many applications using OpenSSL do not perform any validation ...
      (freebsd-questions)
    • Re: What do you consider the best recipe software for Windows?
      ... months ago a Windows XP SP3 patch knocked out a string needed for the ... has come up with a patch... ... *Having* to join some yahoo discussion group ... I did pay for my software as I'm sure others did, but lots of people pay for "free" software by making donations to the developers. ...
      (rec.food.cooking)
    • Re: xkeyvals define@key may produce "oddly delimited" internal macros
      ... keys, and choice keys were not affected. ... Thank you for the patch. ... % The xkeyval package will strip the braces. ... % (ordinary, command, boolean, choice & style). ...
      (comp.text.tex)
    • Re: How do I send a page with yahoo?
      ... Navigate to those keys one by one, ... Post the contents of those keys here, in .REG form." ... How do I send a page with yahoo? ...
      (microsoft.public.windowsxp.customize)
    • Re: jquery vs dojo vs yui etc
      ... sign these legal documents so we can use your code for free.". ... I'll just patch where I ... I don't think it's unreasonable to require patch submitters to waive ... It also gives Yahoo! ...
      (comp.lang.javascript)