mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-11-23 18:23:25 +08:00
upstream: make ssh -Q CASignatureAlgorithms
only list signature
algorithms that are valid for CA signing. Previous behaviour was to list all signing algorithms, including certificate algorithms (OpenSSH certificates do not support CA chains). part of bz3577; ok dtucker@ OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59
This commit is contained in:
parent
a69062f169
commit
4e73cd0f4a
6
ssh.1
6
ssh.1
@ -33,8 +33,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.433 2022/11/28 01:37:36 djm Exp $
|
||||
.Dd $Mdocdate: November 28 2022 $
|
||||
.\" $OpenBSD: ssh.1,v 1.434 2023/06/21 05:08:32 djm Exp $
|
||||
.Dd $Mdocdate: June 21 2023 $
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -614,6 +614,8 @@ flag),
|
||||
(key exchange algorithms),
|
||||
.Ar key
|
||||
(key types),
|
||||
.Ar key-ca-sign
|
||||
(valid CA signature algorithms for certificates),
|
||||
.Ar key-cert
|
||||
(certificate key types),
|
||||
.Ar key-plain
|
||||
|
6
ssh.c
6
ssh.c
@ -1,4 +1,4 @@
|
||||
/* $OpenBSD: ssh.c,v 1.588 2023/04/26 01:36:03 djm Exp $ */
|
||||
/* $OpenBSD: ssh.c,v 1.589 2023/06/21 05:08:32 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@ -793,8 +793,10 @@ main(int ac, char **av)
|
||||
cp = sshkey_alg_list(1, 0, 0, '\n');
|
||||
else if (strcmp(optarg, "key-plain") == 0)
|
||||
cp = sshkey_alg_list(0, 1, 0, '\n');
|
||||
else if (strcmp(optarg, "key-ca-sign") == 0 ||
|
||||
strcasecmp(optarg, "CASignatureAlgorithms") == 0)
|
||||
cp = sshkey_alg_list(0, 1, 1, '\n');
|
||||
else if (strcmp(optarg, "key-sig") == 0 ||
|
||||
strcasecmp(optarg, "CASignatureAlgorithms") == 0 ||
|
||||
strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */
|
||||
strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 ||
|
||||
strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
|
||||
|
Loading…
Reference in New Issue
Block a user