1 files changed, 7 insertions, 7 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 9de52224d..f55beffe4 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.220 2010/03/04 10:36:03 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.224 2010/04/16 21:14:27 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -101,8 +101,8 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
         * (e.g. Solaris)
         */
        xasprintf(&tmp, "exec %s", proxy_command);
-        command_string = percent_expand(tmp, "h", host,
+        command_string = percent_expand(tmp, "h", host, "p", strport,
-            "p", strport, (char *)NULL);
+            "r", options.user, (char *)NULL);
        xfree(tmp);
        /* Create pipes for communicating with the proxy. */
@@ -586,9 +586,9 @@ check_host_cert(const char *host, const Key *host_key)
                error("%s", reason);
                return 0;
        }
-        if (buffer_len(&host_key->cert->constraints) != 0) {
+        if (buffer_len(&host_key->cert->critical) != 0) {
-                error("Certificate for %s contains unsupported constraint(s)",
+                error("Certificate for %s contains unsupported "
-                    host);
+                    "critical options(s)", host);
                return 0;
        }
        return 1;
@@ -739,7 +739,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                debug("Host '%.200s' is known and matches the %s host %s.",
                    host, type, want_cert ? "certificate" : "key");
                debug("Found %s in %s:%d",
-                    want_cert ? "certificate" : "key", host_file, host_line);
+                    want_cert ? "CA key" : "key", host_file, host_line);
                if (want_cert && !check_host_cert(hostname, host_key))
                        goto fail;
                if (options.check_host_ip && ip_status == HOST_NEW) {

diff --git a/sshconnect.c b/sshconnect.c index 9de52224d..f55beffe4 100644 --- a/sshconnect.c +++ b/sshconnect.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect.c,v 1.220 2010/03/04 10:36:03 djm Exp $ */	1	/* $OpenBSD: sshconnect.c,v 1.224 2010/04/16 21:14:27 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -101,8 +101,8 @@ ssh_proxy_connect(const char host, u_short port, const char proxy_command)
101	* (e.g. Solaris)	101	* (e.g. Solaris)
102	*/	102	*/
103	xasprintf(&tmp, "exec %s", proxy_command);	103	xasprintf(&tmp, "exec %s", proxy_command);
104	command_string = percent_expand(tmp, "h", host,	104	command_string = percent_expand(tmp, "h", host, "p", strport,
105	"p", strport, (char *)NULL);	105	"r", options.user, (char *)NULL);
106	xfree(tmp);	106	xfree(tmp);
107		107
108	/* Create pipes for communicating with the proxy. */	108	/* Create pipes for communicating with the proxy. */
@@ -586,9 +586,9 @@ check_host_cert(const char host, const Key host_key)
586	error("%s", reason);	586	error("%s", reason);
587	return 0;	587	return 0;
588	}	588	}
589	if (buffer_len(&host_key->cert->constraints) != 0) {	589	if (buffer_len(&host_key->cert->critical) != 0) {
590	error("Certificate for %s contains unsupported constraint(s)",	590	error("Certificate for %s contains unsupported "
591	host);	591	"critical options(s)", host);
592	return 0;	592	return 0;
593	}	593	}
594	return 1;	594	return 1;
@@ -739,7 +739,7 @@ check_host_key(char hostname, struct sockaddr hostaddr, u_short port,
739	debug("Host '%.200s' is known and matches the %s host %s.",	739	debug("Host '%.200s' is known and matches the %s host %s.",
740	host, type, want_cert ? "certificate" : "key");	740	host, type, want_cert ? "certificate" : "key");
741	debug("Found %s in %s:%d",	741	debug("Found %s in %s:%d",
742	want_cert ? "certificate" : "key", host_file, host_line);	742	want_cert ? "CA key" : "key", host_file, host_line);
743	if (want_cert && !check_host_cert(hostname, host_key))	743	if (want_cert && !check_host_cert(hostname, host_key))
744	goto fail;	744	goto fail;
745	if (options.check_host_ip && ip_status == HOST_NEW) {	745	if (options.check_host_ip && ip_status == HOST_NEW) {