ssh-keygen -Ql: avoid repeated SHA256: in output

Damien Miller djm at mindrot.org
Thu Apr 28 12:53:45 AEST 2022


applied - thanks!

On Mon, 25 Apr 2022, Lucas wrote:

> Lucas <lucas at sexy.is> wrote:
> > Hello list,
> > 
> > If a key is revoked by public key, when printing it, ssh-keygen adds a
> > hardcoded "SHA256:" prefix and then prints the result of
> > sshkey_fingerprint, which does already include that "SHA256:" prefix.
> > Patch below, with extra context lines.
> 
> Bump again. Is this the correct list or should I send it to tech@
> instead?
> 
> 
> diff c70493106c794797cfb174ed7460065b1a4a89f7 /usr/src
> blob - 1975ae6005abdad42436f049c7ed5511c66ea151
> file + usr.bin/ssh/krl.c
> --- usr.bin/ssh/krl.c
> +++ usr.bin/ssh/krl.c
> @@ -1382,15 +1382,15 @@ krl_dump(struct ssh_krl *krl, FILE *f)
>  		}
>  		if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
>  		    SSH_FP_DEFAULT)) == NULL) {
>  			ret = SSH_ERR_INVALID_FORMAT;
>  			error("sshkey_fingerprint failed");
>  			continue;
>  		}
> -		fprintf(f, "hash: SHA256:%s # %s\n", fp, sshkey_ssh_name(key));
> +		fprintf(f, "hash: %s # %s\n", fp, sshkey_ssh_name(key));
>  		free(fp);
>  		free(key);
>  	}
>  	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) {
>  		fp = tohex(rb->blob, rb->len);
>  		fprintf(f, "hash: SHA256:%s\n", fp);
>  		free(fp);
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 


More information about the openssh-unix-dev mailing list