Saturday Dec 12, 2009

PuTTY not printing a password expiration warning from a SunSSH server

I think I saw that before but it popped up now again. One of our customers complains that PuTTY (did you know that PuTTY runs on Symbian as well?) is not displaying a warning message about a password expiration when run against the SunSSH server.[Read More]

Saturday Nov 21, 2009

Solaris 10 Security Essentials book on Amazon

Solaris Security Essentials The "Solaris 10 Security Essentials" book is on sale, and you can get it from Amazon now. I was one of those about 20 engineers from the Solaris security organization who wrote the book. Looking forward to get my copy.

Product Details
  \* Paperback: 312 pages
  \* Publisher: Prentice Hall PTR
    1st edition (November 19, 2009)
  \* Language: English
  \* ISBN-10: 0137012330
  \* ISBN-13: 978-0137012336

Thursday Nov 19, 2009

PKCS#11 Engine Patch (including the token access) for OpenSSL 0.9.8l (el)

I have generated a PKCS#11 patch for OpenSSL 0.9.8l. It includes one new feature I have recently integrated into Nevada - RSA Keys by Reference.[Read More]

Wednesday Nov 11, 2009

RSA Keys by Reference (through the OpenSSL PKCS#11 Engine)

I have just done my putback to the SFW gate for the "RSA Keys by Reference" project. It will be part of the Nevada build 129. The CR was "6479874 OpenSSL should support RSA key by reference/hardware keystores". With this code, applications can access RSA keys stored in PKCS#11 tokens...[Read More]

Wednesday Aug 12, 2009

SunSSH and OpenSSL Enhancements in OpenSolaris within 01/2008-06/2009

A presentation written in July 2009, covering all major enhancements we integrated into SunSSH and with OpenSSL within a period of 01/2008-06/2009. The presentation slides are here.

Tuesday Jul 28, 2009

OpenSSL PKCS#11 Engine Internals

Vladimir, who made most of the latest changes to the PKCS#11 engine we ship as part of OpenSSL in Solaris, wrote a presentation on the PKCS#11 internals. It's a very interesting read, and since I believe some of you who use the patch actually read the code and modified it (I got some feedback during the last few years), I hope it might be a very useful thing. See Vladimir's OpenSSL PKCS#11 engine TOI blog entry on that. We also plan to properly document the engine directly in the code so that people can understand how it works without reverse engineering the code. However, there is no ETA for that yet.

Wednesday Apr 15, 2009

PKCS#11 engine patch for OpenSSL 0.9.8k

I didn't generate the patch for OpenSSL 0.9.8k. Given the few changes between 0.9.8j and 0.9.8k it is no suprise that you can apply the PKCS#11 engine patch for 0.9.8j on 0.9.8k.[Read More]

Monday Mar 23, 2009

The ChrootDirectory option resynced to SunSSH

I resynced the ChrootDirectory option from OpenSSH to SunSSH, and pushed the change to the repository today. It wasn't a straightforward resync since we have different privilege separation code. I also found a few very minor issues in the OpenSSH code, and filed bugs with patches (1562, 1564, and 1566). [Read More]

About

Jan Pechanec

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today