tomaswolf opened a new issue, #892: URL: https://github.com/apache/mina-sshd/issues/892
In OpenSSH 10.3 the handling of certificates without principals changes: https://lists.mindrot.org/pipermail/openssh-unix-dev/2026-March/042389.html . See OpenSSH commits: https://github.com/openssh/openssh-portable/commit/5166b6cbf2b6103117a79f90a68068e89e02bf66 and https://github.com/openssh/openssh-portable/commit/ecdf9b9f8e89aae65d4a12fe5a25c560eea08393 . This probably needs a CoreModuleProperties flag that clients can set on the client or server (or on the session) to indicate how it should treat such certificates. Legacy behavior is to consider them matching anything, new behavior is to reject them always. Also: as of openSSH 10.3, user certificates don't support wildcards anymore. Check what our code does, and whether that might need yet another client-settable flag. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
