[Bug 2728] New: HostKeyAlias not respected for certificate authority host key validation
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jun 13 00:42:52 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2728
Bug ID: 2728
Summary: HostKeyAlias not respected for certificate authority
host key validation
Product: Portable OpenSSH
Version: 7.5p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: antonio.e.russo at gmail.com
Created attachment 2994
--> https://bugzilla.mindrot.org/attachment.cgi?id=2994&action=edit
Patch to respect HostKeyAlias when using host certificates
When connecting to ssh server by IP address (or another DNS name), with
HostKeyAlias set to the name of the principal signed by the CA, one
gets:
> key_cert_check_authority: invalid certificate
> Certificate invalid: name is not a listed principal
The proposed patch changes this behavior by using
options.host_key_alias in the contingency that it is set.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list