version 1.349, 2019/09/06 07:53:40 |
version 1.350, 2019/09/16 03:23:02 |
|
|
} |
} |
} |
} |
|
|
if ((r = sshsig_check_allowed_keys(allowed_keys, sign_key, |
if (allowed_keys != NULL && |
principal, sig_namespace)) != 0) { |
(r = sshsig_check_allowed_keys(allowed_keys, sign_key, |
|
principal, sig_namespace)) != 0) { |
debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r)); |
debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r)); |
goto done; |
goto done; |
} |
} |
|
|
fatal("%s: sshkey_fingerprint failed", |
fatal("%s: sshkey_fingerprint failed", |
__func__); |
__func__); |
} |
} |
printf("Good \"%s\" signature for %s with %s key %s\n", |
if (principal == NULL) { |
sig_namespace, principal, |
printf("Good \"%s\" signature with %s key %s\n", |
sshkey_type(sign_key), fp); |
sig_namespace, sshkey_type(sign_key), fp); |
|
|
|
} else { |
|
printf("Good \"%s\" signature for %s with %s key %s\n", |
|
sig_namespace, principal, |
|
sshkey_type(sign_key), fp); |
|
} |
} else { |
} else { |
printf("Could not verify signature.\n"); |
printf("Could not verify signature.\n"); |
} |
} |
|
|
" ssh-keygen -Q -f krl_file file ...\n" |
" ssh-keygen -Q -f krl_file file ...\n" |
" ssh-keygen -Y sign -f sign_key -n namespace\n" |
" ssh-keygen -Y sign -f sign_key -n namespace\n" |
" ssh-keygen -Y verify -I signer_identity -s signature_file\n" |
" ssh-keygen -Y verify -I signer_identity -s signature_file\n" |
" -n namespace -f allowed_keys [-r revoked_keys]\n"); |
" -n namespace -f allowed_keys [-r revoked_keys]\n" |
|
" ssh-keygen -Y check-novalidate -s signature_file -n namespace\n"); |
exit(1); |
exit(1); |
} |
} |
|
|
|
|
exit(1); |
exit(1); |
} |
} |
return sign(identity_file, cert_principals, argc, argv); |
return sign(identity_file, cert_principals, argc, argv); |
|
} else if (strncmp(sign_op, "check-novalidate", 16) == 0) { |
|
if (ca_key_path == NULL) { |
|
error("Too few arguments for check-novalidate: " |
|
"missing signature file"); |
|
exit(1); |
|
} |
|
return verify(ca_key_path, cert_principals, |
|
NULL, NULL, NULL); |
} else if (strncmp(sign_op, "verify", 6) == 0) { |
} else if (strncmp(sign_op, "verify", 6) == 0) { |
if (ca_key_path == NULL) { |
if (ca_key_path == NULL) { |
error("Too few arguments for verify: " |
error("Too few arguments for verify: " |