From d0bb1ce731762c55acb95817df4d5fab526c7ecd Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 23 Jul 2021 03:37:52 +0000
Subject: upstream: Let allowed signers files used by ssh-keygen(1)

signatures support key lifetimes, and allow the verification mode to specify
a signature time to check at. This is intended for use by git to support
signing objects using ssh keys. ok dtucker@

OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
---
 auth2-hostbased.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'auth2-hostbased.c')

diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 002e7e4e..3a29126c 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.46 2021/01/27 10:05:28 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.47 2021/07/23 03:37:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -213,7 +213,7 @@ hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
 	debug2_f("access allowed by auth_rhosts2");
 
 	if (sshkey_is_cert(key) &&
-	    sshkey_cert_check_authority(key, 1, 0, 0, lookup, &reason)) {
+	    sshkey_cert_check_authority_now(key, 1, 0, 0, lookup, &reason)) {
 		error("%s", reason);
 		auth_debug_add("%s", reason);
 		return 0;
-- 
cgit v1.2.1