Is the x598 support going to be embedded in mainstream?


On Jan 19, 2008 10:50 PM, Roumen Petrov wrote:
> Konstantin V. Gavrilenko wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Roumen,
> >
> > one last thing, what exactly does MandatoryCRL option sets?
> >
> > Since when it is set to no, the ssh_crl.pem does get checked whether the
> > cert is revoked or not.
> > However, when I set it to yes, I get the following error
> > [SNIP]
> >
> > Jan 17 14:46:12 pingo sshd[25026]: error: ssh_x509revoked_cb: unable to
> > get issued CRL
> > [SNIP]

>
> When MandatoryCRL is no, check for revoked only if CRL is found in X.509 store.
>
>
> When MandatoryCRL option is set and certificate attribute "CRL Distribution Point" is set,
>
> corresponding CRL must exist in X.506 store.
>
>
> Roumen
>
> --
> Get X.509 certificates support in OpenSSH:
> http://roumenpetrov.info/openssh/
>
>
> _______________________________________________
>
> openssh-unix-dev mailing list
> openssh-unix-dev@mindrot.org
> https://lists.mindrot.org/mailman/li...enssh-unix-dev
>

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev