upstream: revert kex->flags cert hostkey downgrade back to a plain

key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less plumbing. ok markus@ OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed
author: djm@openbsd.org <djm@openbsd.org> 2020-10-07 04:22:23 +0200
committer: Damien Miller <djm@mindrot.org> 2020-10-07 04:34:11 +0200
commit: aa623142e426ca1ab9db77b06dcc9b1b70bd102b (patch)
tree: 5fa919cf2096ec5f2b1bf85eba0f50aea2021591 /sshconnect2.c
parent: upstream: simply disable UpdateHostkeys when a certificate (diff)
download: openssh-aa623142e426ca1ab9db77b06dcc9b1b70bd102b.tar.xz
openssh-aa623142e426ca1ab9db77b06dcc9b1b70bd102b.zip
1 files changed, 2 insertions, 7 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index ec539afb3..6da2248f5 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.328 2020/10/04 09:45:01 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.329 2020/10/07 02:22:23 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -97,13 +97,8 @@ struct sockaddr *xxx_hostaddr;
 static int
 verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
 {
-	int cert_downgraded = 0;
-
-	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
-	    &cert_downgraded) == -1)
+	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
 		fatal("Host key verification failed.");
-	if (cert_downgraded)
-		ssh->kex->flags |= KEX_HOSTCERT_CONVERT;
 	return 0;
 }
author	djm@openbsd.org <djm@openbsd.org>	2020-10-07 04:22:23 +0200
committer	Damien Miller <djm@mindrot.org>	2020-10-07 04:34:11 +0200
commit	aa623142e426ca1ab9db77b06dcc9b1b70bd102b (patch)
tree	5fa919cf2096ec5f2b1bf85eba0f50aea2021591 /sshconnect2.c
parent	upstream: simply disable UpdateHostkeys when a certificate (diff)
download	openssh-aa623142e426ca1ab9db77b06dcc9b1b70bd102b.tar.xz openssh-aa623142e426ca1ab9db77b06dcc9b1b70bd102b.zip