summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c27
1 files changed, 15 insertions, 12 deletions
diff --git a/sshconnect.c b/sshconnect.c
index af7307eb5..d4894b9f1 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.279 2017/05/30 08:52:19 markus Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.280 2017/05/30 14:13:40 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -779,7 +779,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
779 const struct hostkey_entry *host_found, *ip_found; 779 const struct hostkey_entry *host_found, *ip_found;
780 int len, cancelled_forwarding = 0; 780 int len, cancelled_forwarding = 0;
781 int local = sockaddr_is_local(hostaddr); 781 int local = sockaddr_is_local(hostaddr);
782 int r, want_cert = key_is_cert(host_key), host_ip_differ = 0; 782 int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
783 int hostkey_trusted = 0; /* Known or explicitly accepted by user */ 783 int hostkey_trusted = 0; /* Known or explicitly accepted by user */
784 struct hostkeys *host_hostkeys, *ip_hostkeys; 784 struct hostkeys *host_hostkeys, *ip_hostkeys;
785 u_int i; 785 u_int i;
@@ -830,8 +830,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
830 830
831 retry: 831 retry:
832 /* Reload these as they may have changed on cert->key downgrade */ 832 /* Reload these as they may have changed on cert->key downgrade */
833 want_cert = key_is_cert(host_key); 833 want_cert = sshkey_is_cert(host_key);
834 type = key_type(host_key); 834 type = sshkey_type(host_key);
835 835
836 /* 836 /*
837 * Check if the host key is present in the user's list of known 837 * Check if the host key is present in the user's list of known
@@ -851,7 +851,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
851 if (host_status == HOST_CHANGED && 851 if (host_status == HOST_CHANGED &&
852 (ip_status != HOST_CHANGED || 852 (ip_status != HOST_CHANGED ||
853 (ip_found != NULL && 853 (ip_found != NULL &&
854 !key_equal(ip_found->key, host_found->key)))) 854 !sshkey_equal(ip_found->key, host_found->key))))
855 host_ip_differ = 1; 855 host_ip_differ = 1;
856 } else 856 } else
857 ip_status = host_status; 857 ip_status = host_status;
@@ -1048,7 +1048,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
1048 warn_changed_key(host_key); 1048 warn_changed_key(host_key);
1049 error("Add correct host key in %.100s to get rid of this message.", 1049 error("Add correct host key in %.100s to get rid of this message.",
1050 user_hostfiles[0]); 1050 user_hostfiles[0]);
1051 error("Offending %s key in %s:%lu", key_type(host_found->key), 1051 error("Offending %s key in %s:%lu",
1052 sshkey_type(host_found->key),
1052 host_found->file, host_found->line); 1053 host_found->file, host_found->line);
1053 1054
1054 /* 1055 /*
@@ -1177,14 +1178,16 @@ fail:
1177 * search normally. 1178 * search normally.
1178 */ 1179 */
1179 debug("No matching CA found. Retry with plain key"); 1180 debug("No matching CA found. Retry with plain key");
1180 raw_key = key_from_private(host_key); 1181 if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
1181 if (key_drop_cert(raw_key) != 0) 1182 fatal("%s: sshkey_from_private: %s",
1182 fatal("Couldn't drop certificate"); 1183 __func__, ssh_err(r));
1184 if ((r = sshkey_drop_cert(raw_key)) != 0)
1185 fatal("Couldn't drop certificate: %s", ssh_err(r));
1183 host_key = raw_key; 1186 host_key = raw_key;
1184 goto retry; 1187 goto retry;
1185 } 1188 }
1186 if (raw_key != NULL) 1189 if (raw_key != NULL)
1187 key_free(raw_key); 1190 sshkey_free(raw_key);
1188 free(ip); 1191 free(ip);
1189 free(host); 1192 free(host);
1190 if (host_hostkeys != NULL) 1193 if (host_hostkeys != NULL)
@@ -1300,8 +1303,8 @@ out:
1300 free(fp); 1303 free(fp);
1301 free(cafp); 1304 free(cafp);
1302 if (r == 0 && host_key != NULL) { 1305 if (r == 0 && host_key != NULL) {
1303 key_free(previous_host_key); 1306 sshkey_free(previous_host_key);
1304 previous_host_key = key_from_private(host_key); 1307 r = sshkey_from_private(host_key, &previous_host_key);
1305 } 1308 }
1306 1309
1307 return r; 1310 return r;