diff options
author | des <des@FreeBSD.org> | 2016-01-19 18:28:23 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2016-01-19 18:28:23 +0000 |
commit | 7a7bc643b5dd94f6333f2a1d91923165ad77176f (patch) | |
tree | 9d2b367395b2d3c9a63b4aecd1eb28b17b838703 /crypto/openssh/PROTOCOL.krl | |
parent | 834fb5aff44e0a606772591d869016a1d8d9aa95 (diff) | |
parent | 928d872bfcc9d49be194dc51d80555f1bbdbff6b (diff) | |
download | FreeBSD-src-7a7bc643b5dd94f6333f2a1d91923165ad77176f.zip FreeBSD-src-7a7bc643b5dd94f6333f2a1d91923165ad77176f.tar.gz |
Upgrade to OpenSSH 6.8p1.
Diffstat (limited to 'crypto/openssh/PROTOCOL.krl')
-rw-r--r-- | crypto/openssh/PROTOCOL.krl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/crypto/openssh/PROTOCOL.krl b/crypto/openssh/PROTOCOL.krl index e8caa45..b969510 100644 --- a/crypto/openssh/PROTOCOL.krl +++ b/crypto/openssh/PROTOCOL.krl @@ -37,7 +37,7 @@ The available section types are: #define KRL_SECTION_FINGERPRINT_SHA1 3 #define KRL_SECTION_SIGNATURE 4 -3. Certificate serial section +2. Certificate section These sections use type KRL_SECTION_CERTIFICATES to revoke certificates by serial number or key ID. The consist of the CA key that issued the @@ -47,6 +47,11 @@ ignored. string ca_key string reserved +Where "ca_key" is the standard SSH wire serialisation of the CA's +public key. Alternately, "ca_key" may be an empty string to indicate +the certificate section applies to all CAs (this is most useful when +revoking key IDs). + Followed by one or more sections: byte cert_section_type @@ -161,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify signatures. Signature sections are optional for KRLs distributed by trusted means. -$OpenBSD: PROTOCOL.krl,v 1.2 2013/01/18 00:24:58 djm Exp $ +$OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $ |