diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2021-01-26 00:49:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2021-01-26 12:21:48 +1100 |
| commit | 3b44f2513cae89c920e8fe927b9bc910a1c8c65a (patch) | |
| tree | c67b9a8583b9795bec5a5dd56f7a8556c8da2d5e /sshsig.c | |
| parent | 1fe16fd61bb53944ec510882acc0491abd66ff76 (diff) | |
| download | openssh-git-3b44f2513cae89c920e8fe927b9bc910a1c8c65a.tar.gz | |
upstream: move check_host_cert() from sshconnect,c to sshkey.c and
refactor it to make it more generally usable and testable.
ok markus@
OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
Diffstat (limited to 'sshsig.c')
| -rw-r--r-- | sshsig.c | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.c,v 1.18 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: sshsig.c,v 1.19 2021/01/26 00:49:30 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -809,7 +809,7 @@ check_allowed_keys_line(const char *path, u_long linenum, char *line, } else if (sigopts->ca && sshkey_is_cert(sign_key) && sshkey_equal_public(sign_key->cert->signature_key, found_key)) { /* Match of certificate's CA key */ - if ((r = sshkey_cert_check_authority(sign_key, 0, 1, + if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 0, principal, &reason)) != 0) { error("%s:%lu: certificate not authorized: %s", path, linenum, reason); @@ -892,7 +892,7 @@ cert_filter_principals(const char *path, u_long linenum, continue; } /* Check against principals list in certificate */ - if ((r = sshkey_cert_check_authority(cert, 0, 1, + if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, cp, &reason)) != 0) { debug("%s:%lu: principal \"%s\" not authorized: %s", path, linenum, cp, reason); |