version 1.285, 2022/01/01 04:18:06 |
version 1.286, 2022/01/12 03:30:32 |
|
|
const struct dest_constraint_hop *dch) |
const struct dest_constraint_hop *dch) |
{ |
{ |
const char *reason = NULL; |
const char *reason = NULL; |
|
const char *hostname = dch->hostname ? dch->hostname : "(ORIGIN)"; |
u_int i; |
u_int i; |
char *fp; |
char *fp; |
|
|
|
|
SSH_FP_DEFAULT)) == NULL) |
SSH_FP_DEFAULT)) == NULL) |
fatal_f("fingerprint failed"); |
fatal_f("fingerprint failed"); |
debug3_f("%s: entering hostname %s, requested key %s %s, %u keys avail", |
debug3_f("%s: entering hostname %s, requested key %s %s, %u keys avail", |
tag, dch->hostname, sshkey_type(key), fp, dch->nkeys); |
tag, hostname, sshkey_type(key), fp, dch->nkeys); |
free(fp); |
free(fp); |
for (i = 0; i < dch->nkeys; i++) { |
for (i = 0; i < dch->nkeys; i++) { |
if (dch->keys[i] == NULL) |
if (dch->keys[i] == NULL) |
|
|
return -1; /* shouldn't happen */ |
return -1; /* shouldn't happen */ |
if (!sshkey_equal(key->cert->signature_key, dch->keys[i])) |
if (!sshkey_equal(key->cert->signature_key, dch->keys[i])) |
continue; |
continue; |
if (sshkey_cert_check_host(key, dch->hostname, 1, |
if (sshkey_cert_check_host(key, hostname, 1, |
SSH_ALLOWED_CA_SIGALGS, &reason) != 0) { |
SSH_ALLOWED_CA_SIGALGS, &reason) != 0) { |
debug_f("cert %s / hostname %s rejected: %s", |
debug_f("cert %s / hostname %s rejected: %s", |
key->cert->key_id, dch->hostname, reason); |
key->cert->key_id, hostname, reason); |
continue; |
continue; |
} |
} |
return 0; |
return 0; |