diff options
Diffstat (limited to 'ssh-keygen.c')
| -rw-r--r-- | ssh-keygen.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh-keygen.c b/ssh-keygen.c index 478520123..0bd5fc93a 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.290 2016/05/02 09:36:42 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -883,7 +883,7 @@ do_fingerprint(struct passwd *pw) | |||
| 883 | char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; | 883 | char *comment = NULL, *cp, *ep, line[SSH_MAX_PUBKEY_BYTES]; |
| 884 | int i, invalid = 1; | 884 | int i, invalid = 1; |
| 885 | const char *path; | 885 | const char *path; |
| 886 | long int lnum = 0; | 886 | u_long lnum = 0; |
| 887 | 887 | ||
| 888 | if (!have_identity) | 888 | if (!have_identity) |
| 889 | ask_filename(pw, "Enter file in which the key is"); | 889 | ask_filename(pw, "Enter file in which the key is"); |
| @@ -946,7 +946,7 @@ do_fingerprint(struct passwd *pw) | |||
| 946 | } | 946 | } |
| 947 | /* Retry after parsing leading hostname/key options */ | 947 | /* Retry after parsing leading hostname/key options */ |
| 948 | if (public == NULL && (public = try_read_key(&cp)) == NULL) { | 948 | if (public == NULL && (public = try_read_key(&cp)) == NULL) { |
| 949 | debug("%s:%ld: not a public key", path, lnum); | 949 | debug("%s:%lu: not a public key", path, lnum); |
| 950 | continue; | 950 | continue; |
| 951 | } | 951 | } |
| 952 | 952 | ||
| @@ -1599,6 +1599,12 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
| 1599 | ca = load_identity(tmp); | 1599 | ca = load_identity(tmp); |
| 1600 | free(tmp); | 1600 | free(tmp); |
| 1601 | 1601 | ||
| 1602 | if (key_type_name != NULL && | ||
| 1603 | sshkey_type_from_name(key_type_name) != ca->type) { | ||
| 1604 | fatal("CA key type %s doesn't match specified %s", | ||
| 1605 | sshkey_ssh_name(ca), key_type_name); | ||
| 1606 | } | ||
| 1607 | |||
| 1602 | for (i = 0; i < argc; i++) { | 1608 | for (i = 0; i < argc; i++) { |
| 1603 | /* Split list of principals */ | 1609 | /* Split list of principals */ |
| 1604 | n = 0; | 1610 | n = 0; |
| @@ -1640,8 +1646,8 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) | |||
| 1640 | &public->cert->signature_key)) != 0) | 1646 | &public->cert->signature_key)) != 0) |
| 1641 | fatal("key_from_private (ca key): %s", ssh_err(r)); | 1647 | fatal("key_from_private (ca key): %s", ssh_err(r)); |
| 1642 | 1648 | ||
| 1643 | if (sshkey_certify(public, ca) != 0) | 1649 | if ((r = sshkey_certify(public, ca, key_type_name)) != 0) |
| 1644 | fatal("Couldn't not certify key %s", tmp); | 1650 | fatal("Couldn't certify key %s: %s", tmp, ssh_err(r)); |
| 1645 | 1651 | ||
| 1646 | if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) | 1652 | if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0) |
| 1647 | *cp = '\0'; | 1653 | *cp = '\0'; |
| @@ -1920,7 +1926,7 @@ do_show_cert(struct passwd *pw) | |||
| 1920 | FILE *f; | 1926 | FILE *f; |
| 1921 | char *cp, line[SSH_MAX_PUBKEY_BYTES]; | 1927 | char *cp, line[SSH_MAX_PUBKEY_BYTES]; |
| 1922 | const char *path; | 1928 | const char *path; |
| 1923 | long int lnum = 0; | 1929 | u_long lnum = 0; |
| 1924 | 1930 | ||
| 1925 | if (!have_identity) | 1931 | if (!have_identity) |
| 1926 | ask_filename(pw, "Enter file in which the key is"); | 1932 | ask_filename(pw, "Enter file in which the key is"); |