> On 15 Nov 2014, at 11:16, Damien Miller <djm@xxxxxxxxxxx> wrote: > > On Fri, 14 Nov 2014, Peter Ankerst?l wrote: > >> I recompiled openssh with that line added to krl.c but it gives the same >> result: >> >> debug1: KRL version 0 generated at 20141114T080704 >> debug3: ssh_krl_from_blob: first pass, section 0x01 >> debug3: ssh_krl_from_blob: first pass, section 0x01 >> debug3: ssh_krl_from_blob: second pass, section 0x01 >> debug3: parse_revoked_certs: subsection type 0x20 >> debug3: revoked_certs_for_ca_key: new CA RSA >> debug3: parse_revoked_certs: subsection type 0x22 >> debug3: parse_revoked_certs: subsection type 0x20 >> debug3: ssh_krl_from_blob: second pass, section 0x01 >> debug3: parse_revoked_certs: subsection type 0x20 >> debug3: parse_revoked_certs: subsection type 0x22 >> debug3: parse_revoked_certs: subsection type 0x20 >> buffer_get_string_ptr: bad string length 268032 >> parse_revoked_certs: buffer error >> Invalid KRL, refusing public key authentication > > Did you regenerate the KRL after patching OpenSSH? The bug is in KRL > generation, not reading. > Yes, exactly. > -d
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
