diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-10-07 02:22:23 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-10-07 13:34:11 +1100 |
commit | aa623142e426ca1ab9db77b06dcc9b1b70bd102b (patch) | |
tree | 5fa919cf2096ec5f2b1bf85eba0f50aea2021591 /clientloop.c | |
parent | f4f14e023cafee1cd9ebe4bb0db4029e6e1fafac (diff) | |
download | openssh-git-aa623142e426ca1ab9db77b06dcc9b1b70bd102b.tar.gz |
upstream: revert kex->flags cert hostkey downgrade back to a plain
key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less
plumbing.
ok markus@
OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
Diffstat (limited to 'clientloop.c')
-rw-r--r-- | clientloop.c | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/clientloop.c b/clientloop.c index de13adab..975a85ef 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.347 2020/10/03 08:12:59 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.348 2020/10/07 02:22:23 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2227,12 +2227,6 @@ client_input_hostkeys(struct ssh *ssh) debug("%s: wildcard known hosts name found, " "skipping UserKnownHostsFile update", __func__); goto out; - } else if (sshkey_type_is_cert(ssh->kex->hostkey_type) && - ctx->ca_available && - (ssh->kex->flags & KEX_HOSTCERT_CONVERT) == 0) { - debug("%s: server offered certificate host key, " - "skipping UserKnownHostsFile update", __func__); - goto out; } else if (ctx->nnew == 0 && ctx->nold != 0) { /* We have some keys to remove. Just do it. */ update_known_hosts(ctx); |