diff options
| author |   djm <djm@openbsd.org> | 2013-12-29 05:42:16 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2013-12-29 05:42:16 +0000 |
| commit | e39efb47c1ed2fc0d9d6de994f1f3d6e71b68ea3 (patch) | |
| tree | c7851e3181510b62af9ddd21ff9e48b5ca384d5c /usr.bin/ssh/ssh.c | |
| parent | don't refuse to load Ed25519 certificates (diff) | |
| download | wireguard-openbsd-e39efb47c1ed2fc0d9d6de994f1f3d6e71b68ea3.tar.xz wireguard-openbsd-e39efb47c1ed2fc0d9d6de994f1f3d6e71b68ea3.zip | |
don't forget to load Ed25519 certs too
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 7291734dfef..e0950c2cbcc 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.396 2013/12/06 13:39:49 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.397 2013/12/29 05:42:16 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -961,7 +961,7 @@ main(int ac, char **av) sensitive_data.external_keysign = 0; if (options.rhosts_rsa_authentication || options.hostbased_authentication) { - sensitive_data.nkeys = 8; + sensitive_data.nkeys = 9; sensitive_data.keys = xcalloc(sensitive_data.nkeys, sizeof(Key)); @@ -974,35 +974,39 @@ main(int ac, char **av) _PATH_HOST_ECDSA_KEY_FILE, "", NULL); sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL); - sensitive_data.keys[4] = key_load_private_type(KEY_DSA, + sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519, + _PATH_HOST_ED25519_KEY_FILE, "", NULL); + sensitive_data.keys[5] = key_load_private_type(KEY_DSA, _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA, + sensitive_data.keys[6] = key_load_private_type(KEY_ECDSA, _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[6] = key_load_private_type(KEY_RSA, + sensitive_data.keys[7] = key_load_private_type(KEY_RSA, _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); - sensitive_data.keys[7] = key_load_private_type(KEY_ED25519, + sensitive_data.keys[8] = key_load_private_type(KEY_ED25519, _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); PRIV_END; if (options.hostbased_authentication == 1 && sensitive_data.keys[0] == NULL && - sensitive_data.keys[4] == NULL && sensitive_data.keys[5] == NULL && sensitive_data.keys[6] == NULL && - sensitive_data.keys[7] == NULL) { + sensitive_data.keys[7] == NULL && + sensitive_data.keys[8] == NULL) { sensitive_data.keys[1] = key_load_cert( _PATH_HOST_DSA_KEY_FILE); sensitive_data.keys[2] = key_load_cert( _PATH_HOST_ECDSA_KEY_FILE); sensitive_data.keys[3] = key_load_cert( _PATH_HOST_RSA_KEY_FILE); - sensitive_data.keys[4] = key_load_public( - _PATH_HOST_DSA_KEY_FILE, NULL); + sensitive_data.keys[4] = key_load_cert( + _PATH_HOST_ED25519_KEY_FILE); sensitive_data.keys[5] = key_load_public( - _PATH_HOST_ECDSA_KEY_FILE, NULL); + _PATH_HOST_DSA_KEY_FILE, NULL); sensitive_data.keys[6] = key_load_public( - _PATH_HOST_RSA_KEY_FILE, NULL); + _PATH_HOST_ECDSA_KEY_FILE, NULL); sensitive_data.keys[7] = key_load_public( + _PATH_HOST_RSA_KEY_FILE, NULL); + sensitive_data.keys[8] = key_load_public( _PATH_HOST_ED25519_KEY_FILE, NULL); sensitive_data.external_keysign = 1; } |