summaryrefslogtreecommitdiff
path: root/ssh-add.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-add.c')
-rw-r--r--ssh-add.c50
1 files changed, 29 insertions, 21 deletions
diff --git a/ssh-add.c b/ssh-add.c
index ad9f7a83e..fb641ec48 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.94 2010/03/01 11:07:06 otto Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.96 2010/05/14 00:47:22 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -194,7 +194,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
194 "Lifetime set to %d seconds\n", lifetime); 194 "Lifetime set to %d seconds\n", lifetime);
195 if (confirm != 0) 195 if (confirm != 0)
196 fprintf(stderr, 196 fprintf(stderr,
197 "The user has to confirm each use of the key\n"); 197 "The user must confirm each use of the key\n");
198 } else { 198 } else {
199 fprintf(stderr, "Could not add identity: %s\n", filename); 199 fprintf(stderr, "Could not add identity: %s\n", filename);
200 } 200 }
@@ -202,29 +202,37 @@ add_file(AuthenticationConnection *ac, const char *filename)
202 202
203 /* Now try to add the certificate flavour too */ 203 /* Now try to add the certificate flavour too */
204 xasprintf(&certpath, "%s-cert.pub", filename); 204 xasprintf(&certpath, "%s-cert.pub", filename);
205 if ((cert = key_load_public(certpath, NULL)) != NULL) { 205 if ((cert = key_load_public(certpath, NULL)) == NULL)
206 /* Graft with private bits */ 206 goto out;
207 if (key_to_certified(private) != 0) 207
208 fatal("%s: key_to_certified failed", __func__); 208 if (!key_equal_public(cert, private)) {
209 key_cert_copy(cert, private); 209 error("Certificate %s does not match private key %s",
210 certpath, filename);
210 key_free(cert); 211 key_free(cert);
212 goto out;
213 }
211 214
212 if (ssh_add_identity_constrained(ac, private, comment, 215 /* Graft with private bits */
213 lifetime, confirm)) { 216 if (key_to_certified(private, key_cert_is_legacy(cert)) != 0) {
214 fprintf(stderr, "Certificate added: %s (%s)\n", 217 error("%s: key_to_certified failed", __func__);
215 certpath, private->cert->key_id); 218 key_free(cert);
216 if (lifetime != 0) 219 goto out;
217 fprintf(stderr, "Lifetime set to %d seconds\n",
218 lifetime);
219 if (confirm != 0)
220 fprintf(stderr, "The user has to confirm each "
221 "use of the key\n");
222 } else {
223 error("Certificate %s (%s) add failed", certpath,
224 private->cert->key_id);
225 }
226 } 220 }
221 key_cert_copy(cert, private);
222 key_free(cert);
227 223
224 if (!ssh_add_identity_constrained(ac, private, comment,
225 lifetime, confirm)) {
226 error("Certificate %s (%s) add failed", certpath,
227 private->cert->key_id);
228 }
229 fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
230 private->cert->key_id);
231 if (lifetime != 0)
232 fprintf(stderr, "Lifetime set to %d seconds\n", lifetime);
233 if (confirm != 0)
234 fprintf(stderr, "The user must confirm each use of the key\n");
235 out:
228 xfree(certpath); 236 xfree(certpath);
229 xfree(comment); 237 xfree(comment);
230 key_free(private); 238 key_free(private);