Call for testing: OpenSSH 7.7
Peter Moody
mindrot at hda3.com
Sat Mar 24 10:20:29 AEDT 2018
On Fri, Mar 23, 2018 at 4:06 PM, Damien Miller <djm at mindrot.org> wrote:
> Looks like a false positive from the warning code I added recently.
>
> Please try this:
>
> diff --git a/sshconnect2.c b/sshconnect2.c
> index bf0b729..49eb205 100644
> --- a/sshconnect2.c
> +++ b/sshconnect2.c
> @@ -1006,6 +1006,8 @@ check_sigtype(const struct sshkey *key, const u_char *sig, size_t len)
> char *sigtype = NULL;
> const char *alg = key_sign_encode(key);
>
> + if (sshkey_is_cert(key))
> + return 0;
> if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0)
> return r;
> if (strcmp(sigtype, alg) != 0) {
$ env SSH_AUTH_SOCK=/tmp/ssh.sock2 ./ssh-add -l
256 SHA256:byQi9IUy4F9Osg/977BQ/zyOHG2Yvlz0nSqpADvlZpQ (ED25519-CERT)
$ env SSH_AUTH_SOCK=/tmp/ssh.sock2 ./ssh host
pmoody at host:~$
looks good.
Thanks!
More information about the openssh-unix-dev
mailing list