From ecac7e1f7add6b28874959a11f2238d149dc2c07 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 20 Sep 2018 03:30:44 +0000
Subject: upstream: add CASignatureAlgorithms option for the client, allowing

it to specify which signature algorithms may be used by CAs when signing
certificates. Useful if you want to ban RSA/SHA1; ok markus@

OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f
---
 readconf.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'readconf.h')

diff --git a/readconf.h b/readconf.h
index c56887816..fc7e38251 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.127 2018/07/19 10:28:47 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.128 2018/09/20 03:30:44 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -67,6 +67,7 @@ typedef struct {
 	char   *macs;		/* SSH2 macs in order of preference. */
 	char   *hostkeyalgorithms;	/* SSH2 server key types in order of preference. */
 	char   *kex_algorithms;	/* SSH2 kex methods in order of preference. */
+	char   *ca_sign_algorithms;	/* Allowed CA signature algorithms */
 	char   *hostname;	/* Real host to connect. */
 	char   *host_key_alias;	/* hostname alias for .ssh/known_hosts */
 	char   *proxy_command;	/* Proxy command for connecting the host. */
-- 
cgit v1.2.3