[Bug 3577] CASignatureAlgorithms supports -cert algorithms when used alongside with other options
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Jun 21 12:25:56 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3701| |ok?(dtucker at dtucker.net)
Flags| |
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Created attachment 3701
--> https://bugzilla.mindrot.org/attachment.cgi?id=3701&action=edit
show only valid CA signing algorithms for -Q CASignatureAlgorithms
> The patch indeed fixes the configuration-file behavior. It doesn't fix
> `ssh -Q CASignatureAlgorithms` still producing the wrong output, however.
Yeah, it was using the list of all signature algorithms.
> Also: You introduced a new variable ca_only that is true for
> CASignatureAlgorithms and false for all others. Shouldn't it then perhaps
> be named more something like no_ca, as CASignatureAlgorithms does not
> accept only ca alogrithms, but rather the exact opposite or what did I miss?
ca_only = algorithms that are valid for CAs to sign certificates.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list