diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2023-06-21 07:08:32 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2023-06-21 07:13:55 +0200 |
| commit | 4e73cd0f4ab3e5b576c56cac9732da62c8fc0565 (patch) | |
| tree | 926ea22685f69c629fe9bdf01dd23fb3c869a000 /ssh.c | |
| parent | upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker (diff) | |
| download | openssh-4e73cd0f4ab3e5b576c56cac9732da62c8fc0565.tar.xz openssh-4e73cd0f4ab3e5b576c56cac9732da62c8fc0565.zip | |
upstream: make `ssh -Q CASignatureAlgorithms` only list signature
algorithms that are valid for CA signing. Previous behaviour was to list all
signing algorithms, including certificate algorithms (OpenSSH certificates do
not support CA chains). part of bz3577; ok dtucker@
OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.588 2023/04/26 01:36:03 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.589 2023/06/21 05:08:32 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -793,8 +793,10 @@ main(int ac, char **av) cp = sshkey_alg_list(1, 0, 0, '\n'); else if (strcmp(optarg, "key-plain") == 0) cp = sshkey_alg_list(0, 1, 0, '\n'); + else if (strcmp(optarg, "key-ca-sign") == 0 || + strcasecmp(optarg, "CASignatureAlgorithms") == 0) + cp = sshkey_alg_list(0, 1, 1, '\n'); else if (strcmp(optarg, "key-sig") == 0 || - strcasecmp(optarg, "CASignatureAlgorithms") == 0 || strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */ strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 || strcasecmp(optarg, "HostKeyAlgorithms") == 0 || |