- djm@cvs.openbsd.org 2010/05/11 02:58:04

[auth-rsa.c] don't accept certificates marked as "cert-authority" here; ok markus@
author: Damien Miller <djm@mindrot.org> 2010-05-21 14:56:25 +1000
committer: Damien Miller <djm@mindrot.org> 2010-05-21 14:56:25 +1000
commit: 3b903827ebe16c97f705cb3b6ef6e9702d770087 (patch)
tree: 4c10236ed3ef5c75eba44e4e0586ca3634ff88cf /auth-rsa.c
parent: 3bcce80b544174b70dfd6e0a4e9f1488ca6fa69b (diff)
download: openssh-git-3b903827ebe16c97f705cb3b6ef6e9702d770087.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/auth-rsa.c b/auth-rsa.c
index 326937ac..ef6767bf 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.75 2010/04/16 01:47:26 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.76 2010/05/11 02:58:04 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -256,7 +256,8 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
 		 */
 		if (!auth_parse_options(pw, key_options, file, linenum))
 			continue;
-
+		if (key_is_cert_authority)
+			continue;
 		/* break out, this key is allowed */
 		allowed = 1;
 		break;
author	Damien Miller <djm@mindrot.org>	2010-05-21 14:56:25 +1000
committer	Damien Miller <djm@mindrot.org>	2010-05-21 14:56:25 +1000
commit	3b903827ebe16c97f705cb3b6ef6e9702d770087 (patch)
tree	4c10236ed3ef5c75eba44e4e0586ca3634ff88cf /auth-rsa.c
parent	3bcce80b544174b70dfd6e0a4e9f1488ca6fa69b (diff)
download	openssh-git-3b903827ebe16c97f705cb3b6ef6e9702d770087.tar.gz