upstream commit

add RevokedHostKeys option for the client Allow textfile or KRL-based revocation of hostkeys.
author: djm@openbsd.org <djm@openbsd.org> 2014-12-04 02:24:32 +0000
committer: Damien Miller <djm@mindrot.org> 2014-12-05 09:29:47 +1100
commit: 5e39a49930d885aac9c76af3129332b6e772cd75 (patch)
tree: 0d3613d35ba5478ff9f7889cc1912a70ee3b2e32 /auth2-pubkey.c
parent: 74de254bb92c684cf53461da97f52d5ba34ded80 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index f3ca96592..0a3c1deee 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.41 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.42 2014/12/04 02:24:32 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -434,8 +434,8 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
        ca_fp = key_fingerprint(key->cert->signature_key,
            SSH_FP_MD5, SSH_FP_HEX);
-        if (key_in_file(key->cert->signature_key,
+        if (sshkey_in_file(key->cert->signature_key,
-            options.trusted_user_ca_keys, 1) != 1) {
+            options.trusted_user_ca_keys, 1, 0) != 0) {
                debug2("%s: CA %s %s is not listed in %s", __func__,
                    key_type(key->cert->signature_key), ca_fp,
                    options.trusted_user_ca_keys);
author	djm@openbsd.org <djm@openbsd.org>	2014-12-04 02:24:32 +0000
committer	Damien Miller <djm@mindrot.org>	2014-12-05 09:29:47 +1100
commit	5e39a49930d885aac9c76af3129332b6e772cd75 (patch)
tree	0d3613d35ba5478ff9f7889cc1912a70ee3b2e32 /auth2-pubkey.c
parent	74de254bb92c684cf53461da97f52d5ba34ded80 (diff)

diff --git a/auth2-pubkey.c b/auth2-pubkey.c index f3ca96592..0a3c1deee 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: auth2-pubkey.c,v 1.41 2014/07/15 15:54:14 millert Exp $ */	1	/* $OpenBSD: auth2-pubkey.c,v 1.42 2014/12/04 02:24:32 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -434,8 +434,8 @@ user_cert_trusted_ca(struct passwd pw, Key key)
434	ca_fp = key_fingerprint(key->cert->signature_key,	434	ca_fp = key_fingerprint(key->cert->signature_key,
435	SSH_FP_MD5, SSH_FP_HEX);	435	SSH_FP_MD5, SSH_FP_HEX);
436		436
437	if (key_in_file(key->cert->signature_key,	437	if (sshkey_in_file(key->cert->signature_key,
438	options.trusted_user_ca_keys, 1) != 1) {	438	options.trusted_user_ca_keys, 1, 0) != 0) {
439	debug2("%s: CA %s %s is not listed in %s", __func__,	439	debug2("%s: CA %s %s is not listed in %s", __func__,
440	key_type(key->cert->signature_key), ca_fp,	440	key_type(key->cert->signature_key), ca_fp,
441	options.trusted_user_ca_keys);	441	options.trusted_user_ca_keys);