I'm trying to understand whether OpenSSH supports X.509 certificates in the same way that TLS libraries (like OpenSSL or GnuTLS) do.

Specifically, I would like to know:

Does OpenSSH support parsing standard X.509 certificates (e.g., PEM/CRT files)?

Does OpenSSH provide a way to verify X.509 certificates, similar to how OpenSSL can validate certificates using the verify command?

Or does it only support its own SSH public key / SSH certificate mechanism?

From what I understand, OpenSSH uses host keys and its own SSH CA format rather than the X.509/TLS certificate model, but I would like confirmation.

If it does not support X.509, is this a design decision of the SSH protocol itself, or just a limitation of the OpenSSH implementation?

Thanks in advance.