summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ssh-keygen.16
-rw-r--r--ssh-keygen.c73
2 files changed, 59 insertions, 20 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index ffa946b38..74b3124f5 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.128 2015/11/05 09:48:05 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.129 2015/11/13 04:34:15 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: November 5 2015 $ 38.Dd $Mdocdate: November 13 2015 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -376,7 +376,7 @@ using the format described in the
376.Sx KEY REVOCATION LISTS 376.Sx KEY REVOCATION LISTS
377section. 377section.
378.It Fl L 378.It Fl L
379Prints the contents of a certificate. 379Prints the contents of one or more certificates.
380.It Fl l 380.It Fl l
381Show fingerprint of specified public key file. 381Show fingerprint of specified public key file.
382Private RSA1 keys are also supported. 382Private RSA1 keys are also supported.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 4e0a85554..f58462044 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.278 2015/11/13 04:34:15 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1851,23 +1851,10 @@ show_options(struct sshbuf *optbuf, int in_critical)
1851} 1851}
1852 1852
1853static void 1853static void
1854do_show_cert(struct passwd *pw) 1854print_cert(struct sshkey *key)
1855{ 1855{
1856 struct sshkey *key;
1857 struct stat st;
1858 char *key_fp, *ca_fp; 1856 char *key_fp, *ca_fp;
1859 u_int i; 1857 u_int i;
1860 int r;
1861
1862 if (!have_identity)
1863 ask_filename(pw, "Enter file in which the key is");
1864 if (stat(identity_file, &st) < 0)
1865 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
1866 if ((r = sshkey_load_public(identity_file, &key, NULL)) != 0)
1867 fatal("Cannot load public key \"%s\": %s",
1868 identity_file, ssh_err(r));
1869 if (!sshkey_is_cert(key))
1870 fatal("%s is not a certificate", identity_file);
1871 1858
1872 key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT); 1859 key_fp = sshkey_fingerprint(key, fingerprint_hash, SSH_FP_DEFAULT);
1873 ca_fp = sshkey_fingerprint(key->cert->signature_key, 1860 ca_fp = sshkey_fingerprint(key->cert->signature_key,
@@ -1875,7 +1862,6 @@ do_show_cert(struct passwd *pw)
1875 if (key_fp == NULL || ca_fp == NULL) 1862 if (key_fp == NULL || ca_fp == NULL)
1876 fatal("%s: sshkey_fingerprint fail", __func__); 1863 fatal("%s: sshkey_fingerprint fail", __func__);
1877 1864
1878 printf("%s:\n", identity_file);
1879 printf(" Type: %s %s certificate\n", sshkey_ssh_name(key), 1865 printf(" Type: %s %s certificate\n", sshkey_ssh_name(key),
1880 sshkey_cert_type(key)); 1866 sshkey_cert_type(key));
1881 printf(" Public key: %s %s\n", sshkey_type(key), key_fp); 1867 printf(" Public key: %s %s\n", sshkey_type(key), key_fp);
@@ -1908,7 +1894,60 @@ do_show_cert(struct passwd *pw)
1908 printf("\n"); 1894 printf("\n");
1909 show_options(key->cert->extensions, 0); 1895 show_options(key->cert->extensions, 0);
1910 } 1896 }
1911 exit(0); 1897}
1898
1899static void
1900do_show_cert(struct passwd *pw)
1901{
1902 struct sshkey *key = NULL;
1903 struct stat st;
1904 int r, is_stdin = 0, ok = 0;
1905 FILE *f;
1906 char *cp, line[2048];
1907 const char *path;
1908 long int lnum = 0;
1909
1910 if (!have_identity)
1911 ask_filename(pw, "Enter file in which the key is");
1912 if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0)
1913 fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
1914
1915 path = identity_file;
1916 if (strcmp(path, "-") == 0) {
1917 f = stdin;
1918 path = "(stdin)";
1919 is_stdin = 1;
1920 } else if ((f = fopen(identity_file, "r")) == NULL)
1921 fatal("fopen %s: %s", identity_file, strerror(errno));
1922
1923 while (read_keyfile_line(f, path, line, sizeof(line), &lnum) == 0) {
1924 sshkey_free(key);
1925 key = NULL;
1926 /* Trim leading space and comments */
1927 cp = line + strspn(line, " \t");
1928 if (*cp == '#' || *cp == '\0')
1929 continue;
1930 if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
1931 fatal("key_new");
1932 if ((r = sshkey_read(key, &cp)) != 0) {
1933 error("%s:%lu: invalid key: %s", path,
1934 lnum, ssh_err(r));
1935 continue;
1936 }
1937 if (!sshkey_is_cert(key)) {
1938 error("%s:%lu is not a certificate", path, lnum);
1939 continue;
1940 }
1941 ok = 1;
1942 if (!is_stdin && lnum == 1)
1943 printf("%s:\n", path);
1944 else
1945 printf("%s:%lu:\n", path, lnum);
1946 print_cert(key);
1947 }
1948 sshkey_free(key);
1949 fclose(f);
1950 exit(ok ? 0 : 1);
1912} 1951}
1913 1952
1914static void 1953static void
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 08:11:56 +0000