diff options
Diffstat (limited to 'sshconnect2.c')
| -rw-r--r-- | sshconnect2.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 108fd970..de89b761 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.341 2021/01/08 02:57:24 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.342 2021/01/22 02:44:58 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1191,16 +1191,16 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_ssh_name(key), - options.pubkey_key_types, NULL); + options.pubkey_accepted_algos, NULL); } /* * For RSA keys/certs, since these might have a different sig type: - * find the first entry in PubkeyAcceptedKeyTypes of the right type + * find the first entry in PubkeyAcceptedAlgorithms of the right type * that also appears in the supported signature algorithms list from * the server. */ - oallowed = allowed = xstrdup(options.pubkey_key_types); + oallowed = allowed = xstrdup(options.pubkey_accepted_algos); while ((cp = strsep(&allowed, ",")) != NULL) { if (sshkey_type_from_name(cp) != key->type) continue; @@ -1597,25 +1597,25 @@ static int key_type_allowed_by_config(struct sshkey *key) { if (match_pattern_list(sshkey_ssh_name(key), - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; /* RSA keys/certs might be allowed by alternate signature types */ switch (key->type) { case KEY_RSA: if (match_pattern_list("rsa-sha2-512", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; if (match_pattern_list("rsa-sha2-256", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; break; case KEY_RSA_CERT: if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; break; } @@ -1757,11 +1757,11 @@ pubkey_prepare(Authctxt *authctxt) } /* append remaining keys from the config file */ TAILQ_CONCAT(preferred, &files, next); - /* finally, filter by PubkeyAcceptedKeyTypes */ + /* finally, filter by PubkeyAcceptedAlgorithms */ TAILQ_FOREACH_SAFE(id, preferred, next, id2) { if (id->key != NULL && !key_type_allowed_by_config(id->key)) { debug("Skipping %s key %s - " - "not in PubkeyAcceptedKeyTypes", + "corresponding algo not in PubkeyAcceptedAlgorithms", sshkey_ssh_name(id->key), id->filename); TAILQ_REMOVE(preferred, id, next); sshkey_free(id->key); |