[Bug 2728] New: HostKeyAlias not respected for certificate authority host key validation

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jun 13 00:42:52 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2728

            Bug ID: 2728
           Summary: HostKeyAlias not respected for certificate authority
                    host key validation
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: antonio.e.russo at gmail.com

Created attachment 2994
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2994&action=edit
Patch to respect HostKeyAlias when using host certificates

When connecting to ssh server by IP address (or another DNS name), with
HostKeyAlias set to the name of the principal signed by the CA, one
gets:

> key_cert_check_authority: invalid certificate
> Certificate invalid: name is not a listed principal

The proposed patch changes this behavior by using
options.host_key_alias in the contingency that it is set.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list