1 files changed, 17 insertions, 2 deletions

diff --git a/servconf.c b/servconf.c
index 09296c9cf..0a6cdb655 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.202 2010/01/13 03:48:12 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.203 2010/02/26 20:29:54 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -65,6 +65,7 @@ initialize_server_options(ServerOptions *options)
         options->listen_addrs = NULL;
         options->address_family = -1;
         options->num_host_key_files = 0;
+        options->num_host_cert_files = 0;
         options->pid_file = NULL;
         options->server_key_bits = -1;
         options->login_grace_time = -1;
@@ -152,6 +153,7 @@ fill_default_server_options(ServerOptions *options)
                             _PATH_HOST_DSA_KEY_FILE;
                 }
         }
+        /* No certificates by default */
         if (options->num_ports == 0)
                 options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
         if (options->listen_addrs == NULL)
@@ -305,7 +307,7 @@ typedef enum {
         sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
         sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
         sUsePrivilegeSeparation, sAllowAgentForwarding,
-        sZeroKnowledgePasswordAuthentication,
+        sZeroKnowledgePasswordAuthentication, sHostCertificate,
         sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -424,6 +426,7 @@ static struct {
         { "permitopen", sPermitOpen, SSHCFG_ALL },
         { "forcecommand", sForceCommand, SSHCFG_ALL },
         { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
+        { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
         { NULL, sBadOption, 0 }
 };
 
@@ -816,6 +819,16 @@ process_server_config_line(ServerOptions *options, char *line,
                 }
                 break;
 
+        case sHostCertificate:
+                intptr = &options->num_host_cert_files;
+                if (*intptr >= MAX_HOSTKEYS)
+                        fatal("%s line %d: too many host certificates "
+                            "specified (max %d).", filename, linenum,
+                            MAX_HOSTCERTS);
+                charptr = &options->host_cert_files[*intptr];
+                goto parse_filename;
+                break;
+
         case sPidFile:
                 charptr = &options->pid_file;
                 goto parse_filename;
@@ -1651,6 +1664,8 @@ dump_config(ServerOptions *o)
         /* string array arguments */
         dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
              o->host_key_files);
+        dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
+             o->host_cert_files);
         dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
         dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
         dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);