On Fri, 2019-03-29 at 12:29 +0100, Jakub Jelen wrote: > On Wed, 2019-03-27 at 22:00 +1100, Damien Miller wrote: > > Hi, > > > > OpenSSH 8.0p1 is almost ready for release, so we would appreciate > > testing > > on as many platforms and systems as possible. > > > > Snapshot releases for portable OpenSSH are available from > > http://www.mindrot.org/openssh_snap/ > > > > The OpenBSD version is available in CVS HEAD: > > http://www.openbsd.org/anoncvs.html > > > > Portable OpenSSH is also available via git using the > > instructions at http://www.openssh.com/portable.html#cvs > > At https://anongit.mindrot.org/openssh.git/ or via a mirror at > > Github: > > https://github.com/openssh/openssh-portable > > > > Running the regression tests supplied with Portable OpenSSH does > > not > > require installation and is a simply: > > > > $ ./configure && make tests > > For now, I have only one comment, but I plan to run more tests in our > environment. After diving a bit into the PKCS#11 again, I noticed that the pkcs11_finalize is not called at all from ssh. I think it should be called once we are removing the keys from memory. Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
From 780ab6803912e0b8bbcb3852cd877746b4a07bb9 Mon Sep 17 00:00:00 2001 From: Jakub Jelen <jjelen@xxxxxxxxxx> Date: Fri, 5 Apr 2019 15:11:51 +0200 Subject: [PATCH] ssh: Terminate PKCS#11 provider --- ssh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ssh.c b/ssh.c index 91e7c351..6a8fb5fb 100644 --- a/ssh.c +++ b/ssh.c @@ -1521,6 +1521,9 @@ main(int ac, char **av) free(options.certificate_files[i]); options.certificate_files[i] = NULL; } +#ifdef ENABLE_PKCS11 + pkcs11_terminate() +#endif /* ENABLE_PKCS11 */ skip_connect: exit_status = ssh_session2(ssh, pw); -- 2.20.1
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev