Re: x.509 & key_verify()

From: C S (nd_stew_at_yahoo.com)
Date: 09/19/03

  • Next message: Hong Tian: "RE: Openssh 3.7p1 Solaris Compile"
    Date: Fri, 19 Sep 2003 07:34:41 -0700 (PDT)
    To: secureshell@securityfocus.com
    
    

    Originally the problem was said to exist with
    key_verify() and server_host_key. I never mentioned
    "make check", it ran fine for me. Why should I have
    to go back to the build after a successful "make
    install" with different variables? Having to go back
    to different sig types, key lengths, and SSL just to
    check/test is bewildering.

    My keys, certs are solid and have been tested with
    other apps. Unless I can get a more straight forward
    explanation and if this patch has a future, I'm done
    with this fix, but I'm hopeful to work through it...

    cs
    --- Roumen Petrov <openssh@roumenpetrov.info> wrote:
    > :-)))
    > Curtis Steward wrote:
    >
    > >If I understand you right:
    > >
    > > Any key sig type should be md5, sha1 is invalid.
    > >
    > NO :-[
    >
    > > Key length of 2048 is invalid
    > >
    > NO :-[
    >
    > >, so gen a new set of
    > >keys, what is max length?
    > >
    > Find it self.
    >
    > > OpenSSL needs to be at 0.9.7 or greater.
    > >
    > NO :-[
    >
    > >If I do these three things I should then be
    > >functional, then I'll think about upgrading to
    > OpenSSH
    > >3.7.1.
    > >
    > :-[ 3.7.1p1 or 3.6.1p2
    >
    > >And no, there is no plans for this patch in
    > >3.8 :(
    > >
    > :-)
    >
    > >
    > >Thx
    > >
    > >--- Roumen Petrov <openssh@roumenpetrov.info>
    > wrote:
    > >
    > >
    > >>"make check" cannot reproduce you problem when:
    > >>- all keys are 2048 bits;
    > >>- server use rsa(with md5)+cert as hostkey;
    > >>- client and server config contain
    > >>X509rsaSigType=sha1 option;
    > >>- even "OpenSSH with X.509 cert support" is build
    > >>with openssl 0.9.7x
    > >>but "make check" use openssl 0.9.6x.
    > >>
    > >>
    > >><SNIP>
    > >>
    > >>
    >

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com


  • Next message: Hong Tian: "RE: Openssh 3.7p1 Solaris Compile"