https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Jakub Jelen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #21 from Jakub Jelen <[email protected]> --- Created attachment 3122 --> https://bugzilla.mindrot.org/attachment.cgi?id=3122&action=edit load ECDSA public key from certificates I was trying to build it against OpenSSL 1.1.0 and hit several issues with the eighth iteration patch: * I would say that the OpenSSL version and functions detection step should happen during the configure phase, rather than during build on top of each file using ECDSA keys. * OpenSSL 1.1.0 obsoletes most of the ECDSA_* structures and functions in favor of generic EC_KEY*. The OpenSSL 1.1.0 method structure is called EC_KEY_METHOD. Doing this in compatible manner will be pain. * The functionality of pulling the public key from X.509 certificate is completely missing. In the attached patch, there is a snippet to load ECDSA public keys from certificates as my small contribution. Feel free to include it in your patch. I somehow solved the OpenSSL 1.1.0 compatibility, but probably for the price of breaking backward compatibility with OpenSSL 1.0.x or LibreSSL. I put together some modifications to the original patch and built it in copr for Fedora if somebody is interested and would like to try: https://copr.fedorainfracloud.org/coprs/jjelen/openssh-pkcs11/ So far my testing looks fine, keys on my yubikey are recognized and I can authenticate using them successfully. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
