[openssh-commits] [openssh] 01/01: upstream: more debugging for UpdateHostKeys signature failures

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit ac31aa3c6341905935e75f0539cf4a61bbe99779
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon May 3 00:16:45 2021 +0000

    upstream: more debugging for UpdateHostKeys signature failures
    
    OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36
---
 clientloop.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/clientloop.c b/clientloop.c
index 7c91104f..cbfe098b 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.360 2021/04/30 04:29:53 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.361 2021/05/03 00:16:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2154,11 +2154,14 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
 		 */
 		use_kexsigtype = kexsigtype == KEY_RSA &&
 		    sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA;
+		debug3_f("verify %s key %zu using %s sigalg",
+		    sshkey_type(ctx->keys[i]), i,
+		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL);
 		if ((r = sshkey_verify(ctx->keys[i], sig, siglen,
 		    sshbuf_ptr(signdata), sshbuf_len(signdata),
 		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0,
 		    NULL)) != 0) {
-			error_f("server gave bad signature for %s key %zu",
+			error_fr(r, "server gave bad signature for %s key %zu",
 			    sshkey_type(ctx->keys[i]), i);
 			goto out;
 		}

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.