diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2021-01-22 02:44:59 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2021-01-22 02:44:59 +0000 |
| commit | 93d7e143add6d68247ed22f4a78298a2b9592164 (patch) | |
| tree | 7062af29e509e03cc6dcd9bb4f48985b999c2329 /usr.bin/ssh/sshconnect2.c | |
| parent | 4ee16b98d7957af264d2168ac83109e9d6506cfe (diff) | |
Rename PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms.
While the two were originally equivalent, this actually specifies the
signature algorithms that are accepted. Some key types (eg RSA) can be
used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) so the old name is
becoming increasingly misleading. The old name is retained as an alias.
Prompted by bz#3253, help & ok djm@, man page help jmc@
Diffstat (limited to 'usr.bin/ssh/sshconnect2.c')
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 87011733011..57b7148a4df 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.341 2021/01/08 02:57:24 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.342 2021/01/22 02:44:58 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1184,16 +1184,16 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key) (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) { /* Filter base key signature alg against our configuration */ return match_list(sshkey_ssh_name(key), - options.pubkey_key_types, NULL); + options.pubkey_accepted_algos, NULL); } /* * For RSA keys/certs, since these might have a different sig type: - * find the first entry in PubkeyAcceptedKeyTypes of the right type + * find the first entry in PubkeyAcceptedAlgorithms of the right type * that also appears in the supported signature algorithms list from * the server. */ - oallowed = allowed = xstrdup(options.pubkey_key_types); + oallowed = allowed = xstrdup(options.pubkey_accepted_algos); while ((cp = strsep(&allowed, ",")) != NULL) { if (sshkey_type_from_name(cp) != key->type) continue; @@ -1590,25 +1590,25 @@ static int key_type_allowed_by_config(struct sshkey *key) { if (match_pattern_list(sshkey_ssh_name(key), - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; /* RSA keys/certs might be allowed by alternate signature types */ switch (key->type) { case KEY_RSA: if (match_pattern_list("rsa-sha2-512", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; if (match_pattern_list("rsa-sha2-256", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; break; case KEY_RSA_CERT: if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com", - options.pubkey_key_types, 0) == 1) + options.pubkey_accepted_algos, 0) == 1) return 1; break; } @@ -1750,11 +1750,11 @@ pubkey_prepare(Authctxt *authctxt) } /* append remaining keys from the config file */ TAILQ_CONCAT(preferred, &files, next); - /* finally, filter by PubkeyAcceptedKeyTypes */ + /* finally, filter by PubkeyAcceptedAlgorithms */ TAILQ_FOREACH_SAFE(id, preferred, next, id2) { if (id->key != NULL && !key_type_allowed_by_config(id->key)) { debug("Skipping %s key %s - " - "not in PubkeyAcceptedKeyTypes", + "corresponding algo not in PubkeyAcceptedAlgorithms", sshkey_ssh_name(id->key), id->filename); TAILQ_REMOVE(preferred, id, next); sshkey_free(id->key); |