Bugzilla – Attachment 2899 Details for
Bug 2617
sign_and_send_pubkey: no separate private key for certificate
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
try to support IdentityFile w/ no key.pub with CertificateFile
bz2617.diff (text/plain), 1.60 KB, created by
Damien Miller
on 2016-12-02 16:51:15 AEDT
(
hide
)
Description:
try to support IdentityFile w/ no key.pub with CertificateFile
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2016-12-02 16:51:15 AEDT
Size:
1.60 KB
patch
obsolete
>diff --git a/sshconnect2.c b/sshconnect2.c >index 7a8b7ea..d56f4ec 100644 >--- a/sshconnect2.c >+++ b/sshconnect2.c >@@ -1042,6 +1042,25 @@ identity_sign(struct identity *id, u_char **sigp, size_t *lenp, > } > > static int >+id_filename_matches(Identity *id, Identity *private_id) >+{ >+ const char *suffixes[] = { ".pub", "-cert.pub", NULL }; >+ size_t len = strlen(id->filename), plen = strlen(private_id->filename); >+ size_t i, slen; >+ >+ if (strcmp(id->filename, private_id->filename) == 0) >+ return 1; >+ for (i = 0; suffixes[i]; i++) { >+ slen = strlen(suffixes[i]); >+ if (len > slen && plen == len - slen && >+ strcmp(id->filename + (len - slen), suffixes[i]) == 0 && >+ memcmp(id->filename, private_id->filename, plen) == 0) >+ return 1; >+ } >+ return 0; >+} >+ >+static int > sign_and_send_pubkey(Authctxt *authctxt, Identity *id) > { > Buffer b; >@@ -1103,6 +1122,24 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) > break; > } > } >+ /* >+ * Exact key matches are preferred, but also allow >+ * filename matches for non-PKCS#11/agent keys that >+ * didn't load public keys. This supports the case >+ * of keeping just a private key file and public >+ * certificate on disk. >+ */ >+ if (!matched && !id->isprivate && id->agent_fd == -1 && >+ (id->key->flags & SSHKEY_FLAG_EXT) == 0) { >+ TAILQ_FOREACH(private_id, &authctxt->keys, next) { >+ if (private_id->key == NULL && >+ id_filename_matches(id, private_id)) { >+ id = private_id; >+ matched = 1; >+ break; >+ } >+ } >+ } > if (matched) { > debug2("%s: using private key \"%s\"%s for " > "certificate", __func__, id->filename,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2899">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2617
:
2884
|
2886
| 2899 |
2901
|
2902
|
2903
|
2904
|
2905
|
2906
|
2909