diff options
author | Colin Watson <cjwatson@debian.org> | 2018-10-19 21:29:01 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2018-10-20 22:54:15 +0100 |
commit | d80ebbf028196b2478beebf5a290b97f35e1eed9 (patch) | |
tree | 6666a5484923a26738675ff27a6186cfe15d4cad /sshconnect.c | |
parent | 4f5bbf3f11efeec65bbd56464b20a19bd250e5cc (diff) | |
parent | 1d2a55436d4b556269f42ad5f7e16608b5a8ed74 (diff) |
New upstream release (7.9p1)
Diffstat (limited to 'sshconnect.c')
-rw-r--r-- | sshconnect.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/sshconnect.c b/sshconnect.c index d3656e47a..b9418e277 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.305 2018/09/20 03:30:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -734,19 +734,28 @@ confirm(const char *prompt) | |||
734 | } | 734 | } |
735 | 735 | ||
736 | static int | 736 | static int |
737 | check_host_cert(const char *host, const struct sshkey *host_key) | 737 | check_host_cert(const char *host, const struct sshkey *key) |
738 | { | 738 | { |
739 | const char *reason; | 739 | const char *reason; |
740 | int r; | ||
740 | 741 | ||
741 | if (sshkey_cert_check_authority(host_key, 1, 0, host, &reason) != 0) { | 742 | if (sshkey_cert_check_authority(key, 1, 0, host, &reason) != 0) { |
742 | error("%s", reason); | 743 | error("%s", reason); |
743 | return 0; | 744 | return 0; |
744 | } | 745 | } |
745 | if (sshbuf_len(host_key->cert->critical) != 0) { | 746 | if (sshbuf_len(key->cert->critical) != 0) { |
746 | error("Certificate for %s contains unsupported " | 747 | error("Certificate for %s contains unsupported " |
747 | "critical options(s)", host); | 748 | "critical options(s)", host); |
748 | return 0; | 749 | return 0; |
749 | } | 750 | } |
751 | if ((r = sshkey_check_cert_sigtype(key, | ||
752 | options.ca_sign_algorithms)) != 0) { | ||
753 | logit("%s: certificate signature algorithm %s: %s", __func__, | ||
754 | (key->cert == NULL || key->cert->signature_type == NULL) ? | ||
755 | "(null)" : key->cert->signature_type, ssh_err(r)); | ||
756 | return 0; | ||
757 | } | ||
758 | |||
750 | return 1; | 759 | return 1; |
751 | } | 760 | } |
752 | 761 | ||