===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.202
retrieving revision 1.203
diff -u -r1.202 -r1.203
--- src/usr.bin/ssh/servconf.c	2010/01/13 03:48:12	1.202
+++ src/usr.bin/ssh/servconf.c	2010/02/26 20:29:54	1.203
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.202 2010/01/13 03:48:12 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.203 2010/02/26 20:29:54 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -58,6 +58,7 @@
 	options->listen_addrs = NULL;
 	options->address_family = -1;
 	options->num_host_key_files = 0;
+	options->num_host_cert_files = 0;
 	options->pid_file = NULL;
 	options->server_key_bits = -1;
 	options->login_grace_time = -1;
@@ -140,6 +141,7 @@
 			    _PATH_HOST_DSA_KEY_FILE;
 		}
 	}
+	/* No certificates by default */
 	if (options->num_ports == 0)
 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
 	if (options->listen_addrs == NULL)
@@ -280,7 +282,7 @@
 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
-	sZeroKnowledgePasswordAuthentication,
+	sZeroKnowledgePasswordAuthentication, sHostCertificate,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -387,6 +389,7 @@
 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
 	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
+	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -773,6 +776,16 @@
 		}
 		break;
 
+	case sHostCertificate:
+		intptr = &options->num_host_cert_files;
+		if (*intptr >= MAX_HOSTKEYS)
+			fatal("%s line %d: too many host certificates "
+			    "specified (max %d).", filename, linenum,
+			    MAX_HOSTCERTS);
+		charptr = &options->host_cert_files[*intptr];
+		goto parse_filename;
+		break;
+
 	case sPidFile:
 		charptr = &options->pid_file;
 		goto parse_filename;
@@ -1603,6 +1616,8 @@
 	/* string array arguments */
 	dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
 	     o->host_key_files);
+	dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
+	     o->host_cert_files);
 	dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
 	dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
 	dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);