- djm@cvs.openbsd.org 2010/04/16 01:47:26

     [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
     [sshconnect.c sshconnect2.c sshd.c]
     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
     following changes:

     move the nonce field to the beginning of the certificate where it can
     better protect against chosen-prefix attacks on the signature hash

     Rename "constraints" field to "critical options"

     Add a new non-critical "extensions" field

     Add a serial number

     The older format is still support for authentication and cert generation
     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)

     ok markus@

1 files changed, 5 insertions, 2 deletions

diff --git a/sshconnect2.c b/sshconnect2.c
index 25a3323f0..e146a4b26 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.181 2010/04/10 02:10:56 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.182 2010/04/16 01:47:26 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -1140,8 +1140,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
         u_int skip = 0;
         int ret = -1;
         int have_sig = 1;
+        char *fp;
 
-        debug3("sign_and_send_pubkey");
+        fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX);
+        debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp);
+        xfree(fp);
 
         if (key_to_blob(id->key, &blob, &bloblen) == 0) {
                 /* we cannot handle this key */