diff options
author | djm@openbsd.org <djm@openbsd.org> | 2021-11-18 03:50:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-11-19 08:12:51 +1100 |
commit | c74aa0eb73bd1edf79947d92d9c618fc3424c4a6 (patch) | |
tree | 854e87f1d7b4a208af131148d5d708295fb2aed0 /ssh-pkcs11.c | |
parent | d902d728dfd81622454260e23bc09d5e5a9a795e (diff) | |
download | openssh-git-c74aa0eb73bd1edf79947d92d9c618fc3424c4a6.tar.gz |
upstream: ssh-keygen -Y find-principals was verifying key validity
when using ca certs but not with simple key lifetimes within the allowed
signers file.
Since it returns the first keys principal it finds this could
result in a principal with an expired key even though a valid
one is just below.
patch from Fabian Stelzer; feedback/ok djm markus
OpenBSD-Commit-ID: b108ed0a76b813226baf683ab468dc1cc79e0905
Diffstat (limited to 'ssh-pkcs11.c')
0 files changed, 0 insertions, 0 deletions