From 1209727244fd6416912de6ebd09938995a0c2934 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 17 May 2011 07:13:32 +0000 Subject: fatal() if asked to generate a legacy ECDSA cert (these don't exist) and fix the regress test that was trying to generate them :) --- usr.bin/ssh/key.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'usr.bin/ssh') diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index d37c832a021..00439009fa0 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */ +/* $OpenBSD: key.c,v 1.97 2011/05/17 07:13:31 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1754,6 +1754,9 @@ key_to_certified(Key *k, int legacy) k->type = legacy ? KEY_DSA_CERT_V00 : KEY_DSA_CERT; return 0; case KEY_ECDSA: + if (legacy) + fatal("%s: legacy ECDSA certificates are not supported", + __func__); k->cert = cert_new(); k->type = KEY_ECDSA_CERT; return 0; -- cgit v1.2.3