summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c29
1 files changed, 17 insertions, 12 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d922eea26..d8f0aa3e2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.45 2015/01/13 07:39:19 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.46 2015/01/28 22:36:00 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -228,18 +228,20 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
228 } 228 }
229 229
230 if (key_is_cert(key)) { 230 if (key_is_cert(key)) {
231 fp = key_fingerprint(key->cert->signature_key, 231 fp = sshkey_fingerprint(key->cert->signature_key,
232 options.fingerprint_hash, SSH_FP_DEFAULT); 232 options.fingerprint_hash, SSH_FP_DEFAULT);
233 auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", 233 auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s",
234 key_type(key), key->cert->key_id, 234 key_type(key), key->cert->key_id,
235 (unsigned long long)key->cert->serial, 235 (unsigned long long)key->cert->serial,
236 key_type(key->cert->signature_key), fp, 236 key_type(key->cert->signature_key),
237 fp == NULL ? "(null)" : "",
237 extra == NULL ? "" : ", ", extra == NULL ? "" : extra); 238 extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
238 free(fp); 239 free(fp);
239 } else { 240 } else {
240 fp = key_fingerprint(key, options.fingerprint_hash, 241 fp = sshkey_fingerprint(key, options.fingerprint_hash,
241 SSH_FP_DEFAULT); 242 SSH_FP_DEFAULT);
242 auth_info(authctxt, "%s %s%s%s", key_type(key), fp, 243 auth_info(authctxt, "%s %s%s%s", key_type(key),
244 fp == NULL ? "(null)" : "",
243 extra == NULL ? "" : ", ", extra == NULL ? "" : extra); 245 extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
244 free(fp); 246 free(fp);
245 } 247 }
@@ -382,8 +384,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
382 continue; 384 continue;
383 if (!key_is_cert_authority) 385 if (!key_is_cert_authority)
384 continue; 386 continue;
385 fp = key_fingerprint(found, options.fingerprint_hash, 387 if ((fp = sshkey_fingerprint(found,
386 SSH_FP_DEFAULT); 388 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
389 continue;
387 debug("matching CA found: file %s, line %lu, %s %s", 390 debug("matching CA found: file %s, line %lu, %s %s",
388 file, linenum, key_type(found), fp); 391 file, linenum, key_type(found), fp);
389 /* 392 /*
@@ -422,12 +425,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
422 continue; 425 continue;
423 if (key_is_cert_authority) 426 if (key_is_cert_authority)
424 continue; 427 continue;
425 found_key = 1; 428 if ((fp = sshkey_fingerprint(found,
426 fp = key_fingerprint(found, options.fingerprint_hash, 429 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
427 SSH_FP_DEFAULT); 430 continue;
428 debug("matching key found: file %s, line %lu %s %s", 431 debug("matching key found: file %s, line %lu %s %s",
429 file, linenum, key_type(found), fp); 432 file, linenum, key_type(found), fp);
430 free(fp); 433 free(fp);
434 found_key = 1;
431 break; 435 break;
432 } 436 }
433 } 437 }
@@ -449,8 +453,9 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
449 if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) 453 if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
450 return 0; 454 return 0;
451 455
452 ca_fp = key_fingerprint(key->cert->signature_key, 456 if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
453 options.fingerprint_hash, SSH_FP_DEFAULT); 457 options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
458 return 0;
454 459
455 if (sshkey_in_file(key->cert->signature_key, 460 if (sshkey_in_file(key->cert->signature_key,
456 options.trusted_user_ca_keys, 1, 0) != 0) { 461 options.trusted_user_ca_keys, 1, 0) != 0) {