As the title says, is there any (free) library, patch, etc. that allows OpenSSH to be configured to check x.509 certificate revocation via OCSP (online certificate status protocol)? If so, can you please point me to documentation and/or a download page?
(And yes, I am asking about OpenSSH not OpenSSL.)
Thanks in advance.
[Note that I posted this question on StackOverflow, but no one answered so perhaps this is a better venue.]
Note: The mentioned security.stackexchange.com link no longer appears to be there.
OpenSSH, by default, uses passwords/passphrases, and public/private keys for authenticating clients, not the X.509 certificates that SSL/TLS uses. And OCSP is a protocol for checking the status of certificates, not keys. Thus the short answer is "No, there is no way to get OpenSSH to use OCSP for checking client keys."
Now, that said, there is a patch for OpenSSH which adds support for X.509 certificates. Once this patch is applied, your OpenSSH will be X.509 certificate aware, and can then use OCSP for checking the certificate status as desired.
Hope this helps!
