version 1.304, 2018/07/27 05:34:42 |
version 1.305, 2018/09/20 03:30:44 |
|
|
} |
} |
|
|
static int |
static int |
check_host_cert(const char *host, const struct sshkey *host_key) |
check_host_cert(const char *host, const struct sshkey *key) |
{ |
{ |
const char *reason; |
const char *reason; |
|
int r; |
|
|
if (sshkey_cert_check_authority(host_key, 1, 0, host, &reason) != 0) { |
if (sshkey_cert_check_authority(key, 1, 0, host, &reason) != 0) { |
error("%s", reason); |
error("%s", reason); |
return 0; |
return 0; |
} |
} |
if (sshbuf_len(host_key->cert->critical) != 0) { |
if (sshbuf_len(key->cert->critical) != 0) { |
error("Certificate for %s contains unsupported " |
error("Certificate for %s contains unsupported " |
"critical options(s)", host); |
"critical options(s)", host); |
return 0; |
return 0; |
} |
} |
|
if ((r = sshkey_check_cert_sigtype(key, |
|
options.ca_sign_algorithms)) != 0) { |
|
logit("%s: certificate signature algorithm %s: %s", __func__, |
|
(key->cert == NULL || key->cert->signature_type == NULL) ? |
|
"(null)" : key->cert->signature_type, ssh_err(r)); |
|
return 0; |
|
} |
|
|
return 1; |
return 1; |
} |
} |
|
|