Bug 1373 - native support for X.509 v3 certificates
Summary: native support for X.509 v3 certificates
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 4.7p1
Hardware: Other Other
: P2 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-05 18:03 AEST by Stephan Zehrer
Modified: 2008-07-22 12:20 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Zehrer 2007-10-05 18:03:50 AEST 
I just wondering why their is not support for X.509 certificates in the standard distribution of OpenSSH.
I found http://roumenpetrov.info/openssh/ but this is not part the standard Debian distribution.

Other idea is the integration with OpenSC but i don't have a smartcard on my vServer. A PAM module seems not available too.

Solution, getting direct X.509 support in OpenSSH?

Vote for it :)
Comment 1 Damien Miller 2008-06-18 14:03:52 AEST 
We do not plan to support X.509 certificates in OpenSSH. Doing so would add a significant amount of complexity and would drastically increase our attack surface.

We recommend users who have a strong need apply Roumen's patch (which was of good quality the last time I checked), but for the above reasons we won't be applying it to the version that we distribute it.
Comment 2 Damien Miller 2008-07-22 12:20:00 AEST 
Mass update RESOLVED->CLOSED after release of openssh-5.1