From 8f639fe722133495eebad594f2f9c886857a5ef8 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 20 May 2011 19:03:08 +1000
Subject:    - djm@cvs.openbsd.org 2011/05/17 07:13:31      [key.c]     
 fatal() if asked to generate a legacy ECDSA cert (these don't exist)      and
 fix the regress test that was trying to generate them :)

---
 ChangeLog | 4 ++++
 key.c     | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 481e9c310..6a0cf4932 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,10 @@
    - djm@cvs.openbsd.org 2011/05/15 08:09:01
      [authfd.c monitor.c serverloop.c]
      use FD_CLOEXEC consistently; patch from zion AT x96.org
+   - djm@cvs.openbsd.org 2011/05/17 07:13:31
+     [key.c]
+     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
+     and fix the regress test that was trying to generate them :)
 
 20110515
  - (djm) OpenBSD CVS Sync
diff --git a/key.c b/key.c
index e3a305e66..498cf5a60 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
+/* $OpenBSD: key.c,v 1.97 2011/05/17 07:13:31 djm Exp $ */
 /*
  * read_bignum():
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1817,6 +1817,9 @@ key_to_certified(Key *k, int legacy)
 		k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT;
 		return 0;
 	case KEY_ECDSA:
+		if (legacy)
+			fatal("%s: legacy ECDSA certificates are not supported",
+			    __func__);
 		k->cert = cert_new();
 		k->type = KEY_ECDSA_CERT;
 		return 0;
-- 
cgit v1.2.3