upstream commit

unbreak authentication using lone certificate keys in
 ssh-agent: when attempting pubkey auth with a certificate, if no separate
 private key is found among the keys then try with the certificate key itself.

bz#2550 reported by Peter Moody

Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966

1 files changed, 2 insertions, 6 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index f79c96beb..1cf48a2ee 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1112,12 +1112,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
                             "certificate", __func__, id->filename,
                             id->agent_fd != -1 ? " from agent" : "");
                 } else {
-                        /* XXX maybe verbose/error? */
-                        debug("%s: no private key for certificate "
+                        debug("%s: no separate private key for certificate "
                             "\"%s\"", __func__, id->filename);
-                        free(blob);
-                        buffer_free(&b);
-                        return 0;
                 }
         }