Bugzilla – Attachment 2555 Details for
Bug 2359
[PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
First-draft proposed patch
0001-Allow-HostKeyAlias-to-match-a-host-certificate-princ.patch (text/plain), 955 bytes, created by
Charles Duffy
on 2015-02-24 04:59:00 AEDT
(
hide
)
Description:
First-draft proposed patch
Filename:
MIME Type:
Creator:
Charles Duffy
Created:
2015-02-24 04:59:00 AEDT
Size:
955 bytes
patch
obsolete
>From 367fd8323d864daaf486047850f93c2167c66f37 Mon Sep 17 00:00:00 2001 >From: Charles Duffy <charles@threatgrid.com> >Date: Tue, 17 Feb 2015 09:49:32 -0600 >Subject: [PATCH] Allow HostKeyAlias to match a host certificate principal if > HostName does not > >--- > sshconnect.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/sshconnect.c b/sshconnect.c >index df921be..666c3ff 100644 >--- a/sshconnect.c >+++ b/sshconnect.c >@@ -902,7 +902,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, > debug("Found %s in %s:%lu", want_cert ? "CA key" : "key", > host_found->file, host_found->line); > if (want_cert && !check_host_cert(hostname, host_key)) >- goto fail; >+ if (options.host_key_alias == NULL || !check_host_cert(options.host_key_alias, host_key)) >+ goto fail; > if (options.check_host_ip && ip_status == HOST_NEW) { > if (readonly || want_cert) > logit("%s host key for IP address " >-- >2.0.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2555">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2359
: 2555