1 files changed, 7 insertions, 2 deletions

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 5bccb5d76..d42ba14b8 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -211,6 +211,7 @@ match_principals_file(char *file, struct passwd *pw, struct KeyCert *cert)
                 restore_uid();
                 return 0;
         }
+        auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 /* Skip leading whitespace. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -281,6 +282,8 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
         found_key = 0;
         found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
 
+        auth_start_parse_options();
+
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 char *cp, *key_options = NULL;
 
@@ -417,6 +420,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
         if (key_cert_check_authority(key, 0, 1,
             principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
                 goto fail_reason;
+        auth_start_parse_options();
         if (auth_cert_options(key, pw) != 0)
                 goto out;
 
@@ -440,9 +444,10 @@ user_key_allowed(struct passwd *pw, Key *key)
         u_int success, i;
         char *file;
 
-        if (auth_key_is_revoked(key))
+        if (auth_key_is_revoked(key, 0))
                 return 0;
-        if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+        if (key_is_cert(key) &&
+            auth_key_is_revoked(key->cert->signature_key, 0))
                 return 0;
 
         success = user_cert_trusted_ca(pw, key);