From 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 12 May 2008 23:33:01 +0000
Subject: * Mitigate OpenSSL security vulnerability:   - Add key blacklisting
 support. Keys listed in     /etc/ssh/blacklist.TYPE-LENGTH will be rejected
 for authentication by     sshd, unless "PermitBlacklistedKeys yes" is set in 
    /etc/ssh/sshd_config.   - Add a new program, ssh-vulnkey, which can be
 used to check keys     against these blacklists.   - Depend on
 openssh-blacklist.   - Force dependencies on libssl0.9.8 /
 libcrypto0.9.8-udeb to at least     0.9.8g-9.   - Automatically regenerate
 known-compromised host keys, with a     critical-priority debconf note. (I
 regret that there was no time to     gather translations.)

---
 authfile.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'authfile.h')

diff --git a/authfile.h b/authfile.h
index a6c74934d..e47710495 100644
--- a/authfile.h
+++ b/authfile.h
@@ -23,4 +23,7 @@ Key	*key_load_private_type(int, const char *, const char *, char **, int *);
 Key	*key_load_private_pem(int, int, const char *, char **);
 int	 key_perm_ok(int, const char *);
 
+char	*blacklist_filename(const Key *key);
+int	 blacklisted_key(const Key *key);
+
 #endif
-- 
cgit v1.2.3