1 files changed, 6 insertions, 2 deletions

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 2b3ecb104..7c0ceee55 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -257,6 +257,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
                 restore_uid();
                 return 0;
         }
+        auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 /* Skip leading whitespace. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -318,6 +319,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
         found_key = 0;
 
         found = NULL;
+        auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 char *cp, *key_options = NULL;
                 if (found != NULL)
@@ -453,6 +455,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
         if (key_cert_check_authority(key, 0, 1,
             principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
                 goto fail_reason;
+        auth_start_parse_options();
         if (auth_cert_options(key, pw) != 0)
                 goto out;
 
@@ -647,9 +650,10 @@ user_key_allowed(struct passwd *pw, Key *key)
         u_int success, i;
         char *file;
 
-        if (auth_key_is_revoked(key))
+        if (auth_key_is_revoked(key, 0))
                 return 0;
-        if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+        if (key_is_cert(key) &&
+            auth_key_is_revoked(key->cert->signature_key, 0))
                 return 0;
 
         success = user_cert_trusted_ca(pw, key);