From be1da16e49da78a914dc2013cb664c0b4ea07199 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 14 Jun 2019 03:51:47 +0000
Subject: upstream: process agent requests for RSA certificate private keys
 using

correct signature algorithm when requested. Patch from Jakub Jelen in bz3016
ok dtucker markus

OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
---
 ssh-agent.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssh-agent.c b/ssh-agent.c
index d06ecfd9..8e5550ac 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -269,6 +269,11 @@ agent_decode_alg(struct sshkey *key, u_int flags)
 			return "rsa-sha2-256";
 		else if (flags & SSH_AGENT_RSA_SHA2_512)
 			return "rsa-sha2-512";
+	} else if (key->type == KEY_RSA_CERT) {
+		if (flags & SSH_AGENT_RSA_SHA2_256)
+			return "rsa-sha2-256-cert-v01@openssh.com";
+		else if (flags & SSH_AGENT_RSA_SHA2_512)
+			return "rsa-sha2-512-cert-v01@openssh.com";
 	}
 	return NULL;
 }
-- 
cgit v1.2.3