[openssh-commits] [openssh] 02/05: upstream: don't try to pledge() the client if a PKCS11Provider is

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit d926a84d17fb28bc94219e68575cb4847af02e9a
Author: djm at openbsd.org <djm at openbsd.org>
AuthorDate: Wed Oct 15 23:55:01 2025 +0000

    upstream: don't try to pledge() the client if a PKCS11Provider is
    
    in use
    
    OpenBSD-Commit-ID: 445b2bf4b1e36e515f4d888f35244fd2dcfbb566
---
 clientloop.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 49d048d85..15bf7c1e8 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.415 2025/09/25 06:23:19 jsg Exp $ */
+/* $OpenBSD: clientloop.c,v 1.416 2025/10/15 23:55:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -942,7 +942,7 @@ client_repledge(void)
 	/* Might be able to tighten pledge now that session is established */
 	if (options.control_master || options.control_path != NULL ||
 	    options.forward_x11 || options.fork_after_authentication ||
-	    can_update_hostkeys() ||
+	    options.pkcs11_provider != NULL || can_update_hostkeys() ||
 	    (session_ident != -1 && !session_setup_complete)) {
 		/* Can't tighten */
 		return;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.