Azure
/
sonic-openssh
зеркало из https://github.com/Azure/sonic-openssh.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

- djm@cvs.openbsd.org 2012/03/28 07:23:22 

[PROTOCOL.certkeys]
     explain certificate extensions/crit split rationale. Mention requirement
     that each appear at most once per cert.
This commit is contained in:
Damien Miller 2012-04-22 11:08:30 +10:00
Родитель 29cd188887
Коммит 48348fc3b4
2 изменённых файлов: 16 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
ChangeLog
Просмотреть файл

@ -9,6 +9,10 @@
of having it always enforced even when marked as ignorenologin. This of having it always enforced even when marked as ignorenologin. This
regressed when the logic was incompletely flipped around in rev 1.251 regressed when the logic was incompletely flipped around in rev 1.251
ok halex@ millert@ ok halex@ millert@
- djm@cvs.openbsd.org 2012/03/28 07:23:22
[PROTOCOL.certkeys]
explain certificate extensions/crit split rationale. Mention requirement
that each appear at most once per cert.
20120420 20120420
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]

15
PROTOCOL.certkeys
Просмотреть файл

@ -162,6 +162,13 @@ extensions is a set of zero or more optional extensions. These extensions
are not critical, and an implementation that encounters one that it does are not critical, and an implementation that encounters one that it does
not recognise may safely ignore it. not recognise may safely ignore it.
Generally, critical options are used to control features that restrict
access where extensions are used to enable features that grant access.
This ensures that certificates containing unknown restrictions do not
inadvertently grant access while allowing new protocol features to be
enabled via extensions without breaking certificates' backwards
compatibility.
The reserved field is currently unused and is ignored in this version of The reserved field is currently unused and is ignored in this version of
the protocol. the protocol.
@ -189,7 +196,7 @@ is a sequence of zero or more tuples:
string data string data
Options must be lexically ordered by "name" if they appear in the Options must be lexically ordered by "name" if they appear in the
sequence. sequence. Each named option may only appear once in a certificate.
The name field identifies the option and the data field encodes The name field identifies the option and the data field encodes
option-specific information (see below). All options are option-specific information (see below). All options are
@ -220,7 +227,9 @@ Extensions
The extensions section of the certificate specifies zero or more The extensions section of the certificate specifies zero or more
non-critical certificate extensions. The encoding and ordering of non-critical certificate extensions. The encoding and ordering of
extensions in this field is identical to that of the critical options. extensions in this field is identical to that of the critical options,
as is the requirement that each name appear only once.
If an implementation does not recognise an extension, then it should If an implementation does not recognise an extension, then it should
ignore it. ignore it.
@ -253,4 +262,4 @@ permit-user-rc empty Flag indicating that execution of
of this script will not be permitted if of this script will not be permitted if
this option is not present. this option is not present.
$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $ $OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $