diff options
| author |   djm <djm@openbsd.org> | 2010-04-16 01:47:25 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2010-04-16 01:47:25 +0000 |
| commit | c3ded031a669caee89e4ee23e0ecd423f58e6370 (patch) | |
| tree | f27d771cafedf0f8611b9fec535729f8b4765228 /usr.bin/ssh/sshconnect2.c | |
| parent | if there is no raid, do not allocate a 0-sized structure for sensors (diff) | |
| download | wireguard-openbsd-c3ded031a669caee89e4ee23e0ecd423f58e6370.tar.xz wireguard-openbsd-c3ded031a669caee89e4ee23e0ecd423f58e6370.zip | |
revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
following changes:
move the nonce field to the beginning of the certificate where it can
better protect against chosen-prefix attacks on the signature hash
Rename "constraints" field to "critical options"
Add a new non-critical "extensions" field
Add a serial number
The older format is still support for authentication and cert generation
(use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
ok markus@
Diffstat (limited to 'usr.bin/ssh/sshconnect2.c')
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index ba5875ed9d1..b680493d35d 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.181 2010/04/10 02:10:56 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.182 2010/04/16 01:47:26 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1134,8 +1134,11 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) u_int skip = 0; int ret = -1; int have_sig = 1; + char *fp; - debug3("sign_and_send_pubkey"); + fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); + debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); + xfree(fp); if (key_to_blob(id->key, &blob, &bloblen) == 0) { /* we cannot handle this key */ |