Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jul 17 04:01:10 2023 UTC (10 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.6: +5 -1 lines
Diff to previous 1.6 (colored)
remove vestigal support for KRL signatures When the KRL format was originally defined, it included support for signing of KRL objects. However, the code to sign KRLs and verify KRL signatues was never completed in OpenSSH. Now, some years later, we have SSHSIG support in ssh-keygen that is more general, well tested and actually works. So this removes the semi-finished KRL signing/verification support from OpenSSH and refactors the remaining code to realise the benefit - primarily, we no longer need to perform multiple parsing passes over KRL objects. ok markus@
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jul 17 03:57:21 2023 UTC (10 months ago) by djm
Branch: MAIN
Changes since 1.5: +49 -2 lines
Diff to previous 1.5 (colored)
Support for KRL extensions. This defines wire formats for optional KRL extensions and implements parsing of the new submessages. No actual extensions are supported at this point. ok markus
Revision 1.5 / (download) - annotate - [select for diffs], Wed Sep 12 01:21:34 2018 UTC (5 years, 8 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.4: +9 -7 lines
Diff to previous 1.4 (colored)
allow key revocation by SHA256 hash and allow ssh-keygen to create KRLs using SHA256/base64 key fingerprints; ok markus@
Revision 1.4 / (download) - annotate - [select for diffs], Tue Apr 10 00:10:49 2018 UTC (6 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
lots of typos in comments/docs. Patch from Karsten Weiss after checking with codespell tool (https://github.com/lucasdemarchi/codespell)
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 30 01:10:33 2015 UTC (9 years, 3 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.2: +7 -2 lines
Diff to previous 1.2 (colored)
permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jan 18 00:24:58 2013 UTC (11 years, 4 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.1: +2 -0 lines
Diff to previous 1.1 (colored)
RCD IDs help us keep portable in synch
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jan 17 23:00:01 2013 UTC (11 years, 4 months ago) by djm
Branch: MAIN
add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@