From a4bee1934bf5e5575fea486628f4123d6a29dff8 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 15 Sep 2021 06:56:01 +0000
Subject: upstream: allow CanonicalizePermittedCNAMEs=none in ssh_config; ok

markus@

OpenBSD-Commit-ID: 668a82ba8e56d731b26ffc5703213bfe071df623
---
 ssh_config.5 | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'ssh_config.5')

diff --git a/ssh_config.5 b/ssh_config.5
index 3fd5a6c2..9d60887e 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.364 2021/09/03 07:43:23 dtucker Exp $
-.Dd $Mdocdate: September 3 2021 $
+.\" $OpenBSD: ssh_config.5,v 1.365 2021/09/15 06:56:01 djm Exp $
+.Dd $Mdocdate: September 15 2021 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -372,6 +372,11 @@ to be canonicalized to names in the
 or
 .Qq *.c.example.com
 domains.
+.Pp
+A single argument of
+.Qq none
+causes no CNAMEs to be considered for canonicalization.
+This is the default behaviour.
 .It Cm CASignatureAlgorithms
 Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
-- 
cgit v1.2.1