On Feb 11 22:25, Darren Tucker wrote: > On Fri, 11 Feb 2022 at 21:53, Corinna Vinschen <vinschen@xxxxxxxxxx> wrote: > > > [...] > > I wonder why sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx is not in the > > above list of cert type offers. What explanation could that have? > > > > I've just updated our win10 cygwin test VM to current and will attempt to > reproduce with your config flags. > > --without-hardening > > > > Out of curiosity why do you need to disable the compiler hardening? Actually... I *think* there was a problem with an older gcc or libc version when trying to use FORTIFY_SOURCE and/or retpoline. I have to admit I don't remember exactly. > I > don't think it's going to make a difference in the failure case you noted, > but our build farm runs a VM with cygwin on win10 with the default > configure flags which enables hardening and it passes. I've just built OpenSSH without the above flag and it builds and packages fine. Thanks for pointing this out! I will certainly build with hardening in future. I also ran the hostkey-agent test again, but yeah, hardening doesn't change the result. Still bad SSH_CONNECTION key type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx I'm going to run the entire testsuite now, but I don't expect any other problem. Thanks, Corinna _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
