[openssh-commits] [openssh] 06/08: upstream: add security key types to list of keys allowed to act as

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 75f7f22a43799f6d25dffd9d6683de1601da05a3
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Dec 10 22:43:19 2019 +0000

    upstream: add security key types to list of keys allowed to act as
    
    CAs; spotted by Ron Frederick
    
    OpenBSD-Commit-ID: 9bb0dfff927b4f7aa70679f983f84c69d45656c3
---
 myproposal.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/myproposal.h b/myproposal.h
index d6e7977e..b393db8b 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.61 2019/11/12 19:33:08 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.62 2019/12/10 22:43:19 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -145,7 +145,9 @@
 /* Not a KEX value, but here so all the algorithm defaults are together */
 #define	SSH_ALLOWED_CA_SIGALGS	\
 	HOSTKEY_ECDSA_METHODS \
+	USERKEY_ECDSA_SK_METHODS \
 	"ssh-ed25519," \
+	"sk-ssh-ed25519 at openssh.com," \
 	"rsa-sha2-512," \
 	"rsa-sha2-256," \
 	"ssh-rsa"
@@ -194,7 +196,7 @@
 #define	KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
 #define KEX_CLIENT_MAC KEX_SERVER_MAC
 
-#define	SSH_ALLOWED_CA_SIGALGS	"ssh-ed25519"
+#define	SSH_ALLOWED_CA_SIGALGS	"ssh-ed25519,sk-ssh-ed25519 at openssh.com"
 
 #endif /* WITH_OPENSSL */
 

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.