diff options
author | Damien Miller <djm@mindrot.org> | 2010-08-05 13:03:51 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-08-05 13:03:51 +1000 |
commit | 1da638895916bc061ff6aca9f373d48a9776810b (patch) | |
tree | cb085a570b7fae045555c12b680c73506f333b03 /PROTOCOL.certkeys | |
parent | 7fa96602e52f02e66897f98a1568cbd3a555192b (diff) |
- djm@cvs.openbsd.org 2010/08/04 05:40:39
[PROTOCOL.certkeys ssh-keygen.c]
tighten the rules for certificate encoding by requiring that options
appear in lexical order and make our ssh-keygen comply. ok markus@
Diffstat (limited to 'PROTOCOL.certkeys')
-rw-r--r-- | PROTOCOL.certkeys | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys index 81b02a078..1d1be13da 100644 --- a/PROTOCOL.certkeys +++ b/PROTOCOL.certkeys | |||
@@ -157,6 +157,9 @@ is a sequence of zero or more tuples: | |||
157 | string name | 157 | string name |
158 | string data | 158 | string data |
159 | 159 | ||
160 | Options must be lexically ordered by "name" if they appear in the | ||
161 | sequence. | ||
162 | |||
160 | The name field identifies the option and the data field encodes | 163 | The name field identifies the option and the data field encodes |
161 | option-specific information (see below). All options are | 164 | option-specific information (see below). All options are |
162 | "critical", if an implementation does not recognise a option | 165 | "critical", if an implementation does not recognise a option |
@@ -185,9 +188,10 @@ Extensions | |||
185 | ---------- | 188 | ---------- |
186 | 189 | ||
187 | The extensions section of the certificate specifies zero or more | 190 | The extensions section of the certificate specifies zero or more |
188 | non-critical certificate extensions. The encoding of extensions in this | 191 | non-critical certificate extensions. The encoding and ordering of |
189 | field is identical to that of the critical options. If an implementation | 192 | extensions in this field is identical to that of the critical options. |
190 | does not recognise an extension, then it should ignore it. | 193 | If an implementation does not recognise an extension, then it should |
194 | ignore it. | ||
191 | 195 | ||
192 | The supported extensions and the contents and structure of their data | 196 | The supported extensions and the contents and structure of their data |
193 | fields are: | 197 | fields are: |
@@ -218,4 +222,4 @@ permit-user-rc empty Flag indicating that execution of | |||
218 | of this script will not be permitted if | 222 | of this script will not be permitted if |
219 | this option is not present. | 223 | this option is not present. |
220 | 224 | ||
221 | $OpenBSD: PROTOCOL.certkeys,v 1.6 2010/05/20 23:46:02 djm Exp $ | 225 | $OpenBSD: PROTOCOL.certkeys,v 1.7 2010/08/04 05:40:39 djm Exp $ |