Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

--- Comment #5 from aim@orbit.online ---
(In reply to Damien Miller from comment #4)
> IMO it would be better to get the existing regress/agent-pkcs11.sh
> test working for certs, we'll need to do this anyway

Oh yeah, I can see it already uses softhsm. Should be easy enough to
port. I can try giving it a go if you like? Have you made any progress
on the patch, is there anything I can help with?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

--- Comment #6 from Damien Miller <djm@mindrot.org> ---
(In reply to aim from comment #5)

> Oh yeah, I can see it already uses softhsm. Should be easy enough to
> port. I can try giving it a go if you like? Have you made any
> progress on the patch, is there anything I can help with?


Sorry, I've been away and haven't had time to look at it. Getting the
agent-pkcs11.sh regress test going (and failing) with certs would be a
great help if you're able.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

--- Comment #7 from Damien Miller <djm@mindrot.org> ---
Created attachment 3743
--> https://bugzilla.mindrot.org/attachment.cgi?id=3743&action=edit
allow grafting certs to PKCS#11 keys in ssh-agent

(In reply to Damien Miller from comment #2)
> Another way to fix it would be to allow adding p11 keys to the agent
> while specifying a certificate to graft to them.

Here's an untested prototype of this approach. It's a little more work
but is more general than just doing it in ssh-keygen.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

--- Comment #8 from aim@orbit.online ---
Thank you Damien! I have modified agent-pkcs11.sh to also test signing
with a certificate, but I can't for the life of me figure out how to
run the "t-extra" test target. It looks like you were the one who added
it back in 2019. Any tips on how to run that test specifically?

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker@dtucker.net
Attachment #3744| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #9 from Damien Miller <djm@mindrot.org> ---
Created attachment 3744
--> https://bugzilla.mindrot.org/attachment.cgi?id=3744&action=edit
expose extra tests

hmm, it looks like there is no easy way to run them. This patch should
fix that. It will also run them by default, which might expose new
problems by we can deal with those if/when we see them.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3744|ok?(dtucker@dtucker.net) |ok+
Flags| |

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

--- Comment #10 from Damien Miller <djm@mindrot.org> ---
Thanks Darren - the Makefile fixed have been committed

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3613

aim@orbit.online changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3734|0 |1
is obsolete| |

--- Comment #11 from aim@orbit.online ---
Created attachment 3745
--> https://bugzilla.mindrot.org/attachment.cgi?id=3745&action=edit
patch for agent pkcs11 testsuite that tests signing with a certificate

OK. Here is the diff for the test. I couldn't get the pinentry working
through the pipe when using ssh-keygen, so I create a little askpass
script instead. Do ssh-keygen and ssh-add behave the same way in those
regards?

Anyways, I still can't get the test to pass.

If you'd like to see ssh-agent debug messages in the output, just use
the commented-out section right above where the agent is started and
comment out the original `eval` instead.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs