upstream: move check_host_cert() from sshconnect,c to sshkey.c and

refactor it to make it more generally usable and testable. ok markus@ OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4
author: djm@openbsd.org <djm@openbsd.org> 2021-01-26 00:49:30 +0000
committer: Damien Miller <djm@mindrot.org> 2021-01-26 12:21:48 +1100
commit: 3b44f2513cae89c920e8fe927b9bc910a1c8c65a (patch)
tree: c67b9a8583b9795bec5a5dd56f7a8556c8da2d5e /auth2-pubkey.c
parent: 1fe16fd61bb53944ec510882acc0491abd66ff76 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 6961b0c9..5a24af89 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.104 2021/01/22 02:44:58 dtucker Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.105 2021/01/26 00:49:30 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -674,7 +674,7 @@ check_authkey_line(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
 		reason = "Certificate does not contain an authorized principal";
 		goto fail_reason;
 	}
-	if (sshkey_cert_check_authority(key, 0, 0,
+	if (sshkey_cert_check_authority(key, 0, 0, 0,
 	   keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)
 		goto fail_reason;
 
@@ -793,7 +793,7 @@ user_cert_trusted_ca(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
 	}
 	if (use_authorized_principals && principals_opts == NULL)
 		fatal_f("internal error: missing principals_opts");
-	if (sshkey_cert_check_authority(key, 0, 1,
+	if (sshkey_cert_check_authority(key, 0, 1, 0,
 	    use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
 		goto fail_reason;
author	djm@openbsd.org <djm@openbsd.org>	2021-01-26 00:49:30 +0000
committer	Damien Miller <djm@mindrot.org>	2021-01-26 12:21:48 +1100
commit	3b44f2513cae89c920e8fe927b9bc910a1c8c65a (patch)
tree	c67b9a8583b9795bec5a5dd56f7a8556c8da2d5e /auth2-pubkey.c
parent	1fe16fd61bb53944ec510882acc0491abd66ff76 (diff)