upstream: Let allowed signers files used by ssh-keygen(1)

signatures support key lifetimes, and allow the verification mode to specify a signature time to check at. This is intended for use by git to support signing objects using ssh keys. ok dtucker@ OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
author: djm@openbsd.org <djm@openbsd.org> 2021-07-23 03:37:52 +0000
committer: Damien Miller <djm@mindrot.org> 2021-07-23 14:07:19 +1000
commit: d0bb1ce731762c55acb95817df4d5fab526c7ecd (patch)
tree: d842850a20b4d61cd15e7ff9c9dc6474831797ca /auth2-hostbased.c
parent: 44142068dc7ef783d135e91ff954e754d2ed432e (diff)
download: openssh-git-d0bb1ce731762c55acb95817df4d5fab526c7ecd.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 002e7e4e..3a29126c 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.46 2021/01/27 10:05:28 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.47 2021/07/23 03:37:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -213,7 +213,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
 	debug2_f("access allowed by auth_rhosts2");
 
 	if (sshkey_is_cert(key) &&
-	    sshkey_cert_check_authority(key, 1, 0, 0, lookup, &reason)) {
+	    sshkey_cert_check_authority_now(key, 1, 0, 0, lookup, &reason)) {
 		error("%s", reason);
 		auth_debug_add("%s", reason);
 		return 0;
author	djm@openbsd.org <djm@openbsd.org>	2021-07-23 03:37:52 +0000
committer	Damien Miller <djm@mindrot.org>	2021-07-23 14:07:19 +1000
commit	d0bb1ce731762c55acb95817df4d5fab526c7ecd (patch)
tree	d842850a20b4d61cd15e7ff9c9dc6474831797ca /auth2-hostbased.c
parent	44142068dc7ef783d135e91ff954e754d2ed432e (diff)
download	openssh-git-d0bb1ce731762c55acb95817df4d5fab526c7ecd.tar.gz