summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 78813c164..6d819279e 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.305 2018/09/20 03:30:44 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -734,19 +734,28 @@ confirm(const char *prompt)
734} 734}
735 735
736static int 736static int
737check_host_cert(const char *host, const struct sshkey *host_key) 737check_host_cert(const char *host, const struct sshkey *key)
738{ 738{
739 const char *reason; 739 const char *reason;
740 int r;
740 741
741 if (sshkey_cert_check_authority(host_key, 1, 0, host, &reason) != 0) { 742 if (sshkey_cert_check_authority(key, 1, 0, host, &reason) != 0) {
742 error("%s", reason); 743 error("%s", reason);
743 return 0; 744 return 0;
744 } 745 }
745 if (sshbuf_len(host_key->cert->critical) != 0) { 746 if (sshbuf_len(key->cert->critical) != 0) {
746 error("Certificate for %s contains unsupported " 747 error("Certificate for %s contains unsupported "
747 "critical options(s)", host); 748 "critical options(s)", host);
748 return 0; 749 return 0;
749 } 750 }
751 if ((r = sshkey_check_cert_sigtype(key,
752 options.ca_sign_algorithms)) != 0) {
753 logit("%s: certificate signature algorithm %s: %s", __func__,
754 (key->cert == NULL || key->cert->signature_type == NULL) ?
755 "(null)" : key->cert->signature_type, ssh_err(r));
756 return 0;
757 }
758
750 return 1; 759 return 1;
751} 760}
752 761