- djm@cvs.openbsd.org 2010/04/16 01:47:26

[PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] [sshconnect.c sshconnect2.c sshd.c] revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the following changes: move the nonce field to the beginning of the certificate where it can better protect against chosen-prefix attacks on the signature hash Rename "constraints" field to "critical options" Add a new non-critical "extensions" field Add a serial number The older format is still support for authentication and cert generation (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) ok markus@
author: Damien Miller <djm@mindrot.org> 2010-04-16 15:56:21 +1000
committer: Damien Miller <djm@mindrot.org> 2010-04-16 15:56:21 +1000
commit: 4e270b05dd9d850fb9e2e0ac43f33cb4090d3ebc (patch)
tree: 4fc84942b5966e9f38f18a1257ac43ddbed336be /ssh-add.c
parent: 031c9100dfe3ee65a29084ebbd61965a76b3ad26 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssh-add.c b/ssh-add.c
index ad9f7a83e..cba1078b4 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.95 2010/04/16 01:47:26 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -204,7 +204,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
        xasprintf(&certpath, "%s-cert.pub", filename);
        if ((cert = key_load_public(certpath, NULL)) != NULL) {
                /* Graft with private bits */
-                if (key_to_certified(private) != 0)
+                if (key_to_certified(private, key_cert_is_legacy(cert)) != 0)
                        fatal("%s: key_to_certified failed", __func__);
                key_cert_copy(cert, private);
                key_free(cert);
author	Damien Miller <djm@mindrot.org>	2010-04-16 15:56:21 +1000
committer	Damien Miller <djm@mindrot.org>	2010-04-16 15:56:21 +1000
commit	4e270b05dd9d850fb9e2e0ac43f33cb4090d3ebc (patch)
tree	4fc84942b5966e9f38f18a1257ac43ddbed336be /ssh-add.c
parent	031c9100dfe3ee65a29084ebbd61965a76b3ad26 (diff)

diff --git a/ssh-add.c b/ssh-add.c index ad9f7a83e..cba1078b4 100644 --- a/ssh-add.c +++ b/ssh-add.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */	1	/* $OpenBSD: ssh-add.c,v 1.95 2010/04/16 01:47:26 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -204,7 +204,7 @@ add_file(AuthenticationConnection ac, const char filename)
204	xasprintf(&certpath, "%s-cert.pub", filename);	204	xasprintf(&certpath, "%s-cert.pub", filename);
205	if ((cert = key_load_public(certpath, NULL)) != NULL) {	205	if ((cert = key_load_public(certpath, NULL)) != NULL) {
206	/* Graft with private bits */	206	/* Graft with private bits */
207	if (key_to_certified(private) != 0)	207	if (key_to_certified(private, key_cert_is_legacy(cert)) != 0)
208	fatal("%s: key_to_certified failed", __func__);	208	fatal("%s: key_to_certified failed", __func__);
209	key_cert_copy(cert, private);	209	key_cert_copy(cert, private);
210	key_free(cert);	210	key_free(cert);