summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/hostfile.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/ssh/hostfile.c')
-rw-r--r--usr.bin/ssh/hostfile.c31
1 files changed, 27 insertions, 4 deletions
diff --git a/usr.bin/ssh/hostfile.c b/usr.bin/ssh/hostfile.c
index 65557b9b26d..ad52439d54b 100644
--- a/usr.bin/ssh/hostfile.c
+++ b/usr.bin/ssh/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.46 2009/10/11 23:03:15 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.47 2010/02/26 20:29:54 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -196,7 +196,7 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
{
FILE *f;
char line[8192];
- int linenum = 0;
+ int linenum = 0, want_cert = key_is_cert(key);
u_int kbits;
char *cp, *cp2, *hashed_host;
HostStatus end_return;
@@ -226,6 +226,23 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
if (!*cp || *cp == '#' || *cp == '\n')
continue;
+ /*
+ * Ignore CA keys when looking for raw keys.
+ * Ignore raw keys when looking for CA keys.
+ */
+ if (strncasecmp(cp, CA_MARKER, sizeof(CA_MARKER) - 1) == 0 &&
+ (cp[sizeof(CA_MARKER) - 1] == ' ' ||
+ cp[sizeof(CA_MARKER) - 1] == '\t')) {
+ if (want_cert) {
+ /* Skip the marker and following whitespace */
+ cp += sizeof(CA_MARKER);
+ for (; *cp == ' ' || *cp == '\t'; cp++)
+ ;
+ } else
+ continue;
+ } else if (want_cert)
+ continue;
+
/* Find the end of the host name portion. */
for (cp2 = cp; *cp2 && *cp2 != ' ' && *cp2 != '\t'; cp2++)
;
@@ -270,8 +287,14 @@ check_host_in_hostfile_by_key_or_type(const char *filename,
continue;
/* Check if the current key is the same as the given key. */
- if (key_equal(key, found)) {
- /* Ok, they match. */
+ if (want_cert && key_equal(key->cert->signature_key, found)) {
+ /* Found CA cert for key */
+ debug3("check_host_in_hostfile: CA match line %d",
+ linenum);
+ fclose(f);
+ return HOST_OK;
+ } else if (!want_cert && key_equal(key, found)) {
+ /* Found identical key */
debug3("check_host_in_hostfile: match line %d", linenum);
fclose(f);
return HOST_OK;