diff options
author | djm@openbsd.org <djm@openbsd.org> | 2021-07-23 03:37:52 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-07-23 14:07:19 +1000 |
commit | d0bb1ce731762c55acb95817df4d5fab526c7ecd (patch) | |
tree | d842850a20b4d61cd15e7ff9c9dc6474831797ca /auth2-pubkey.c | |
parent | 44142068dc7ef783d135e91ff954e754d2ed432e (diff) |
upstream: Let allowed signers files used by ssh-keygen(1)
signatures support key lifetimes, and allow the verification mode to specify
a signature time to check at. This is intended for use by git to support
signing objects using ssh keys. ok dtucker@
OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r-- | auth2-pubkey.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c index d288d110..9e32259a 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.108 2021/06/08 06:54:40 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.109 2021/07/23 03:37:52 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -674,7 +674,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key, reason = "Certificate does not contain an authorized principal"; goto fail_reason; } - if (sshkey_cert_check_authority(key, 0, 0, 0, + if (sshkey_cert_check_authority_now(key, 0, 0, 0, keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0) goto fail_reason; @@ -794,7 +794,7 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key, } if (use_authorized_principals && principals_opts == NULL) fatal_f("internal error: missing principals_opts"); - if (sshkey_cert_check_authority(key, 0, 1, 0, + if (sshkey_cert_check_authority_now(key, 0, 1, 0, use_authorized_principals ? NULL : pw->pw_name, &reason) != 0) goto fail_reason; |