===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect.c,v
retrieving revision 1.219
retrieving revision 1.220
diff -u -r1.219 -r1.220
--- src/usr.bin/ssh/sshconnect.c	2010/02/26 20:29:54	1.219
+++ src/usr.bin/ssh/sshconnect.c	2010/03/04 10:36:03	1.220
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.219 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.220 2010/03/04 10:36:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -846,6 +846,25 @@
 			logit("Warning: Permanently added '%.200s' (%s) to the "
 			    "list of known hosts.", hostp, type);
 		break;
+	case HOST_REVOKED:
+		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+		error("@       WARNING: REVOKED HOST KEY DETECTED!               @");
+		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
+		error("The %s host key for %s is marked as revoked.", type, host);
+		error("This could mean that a stolen key is being used to");
+		error("impersonate this host.");
+
+		/*
+		 * If strict host key checking is in use, the user will have
+		 * to edit the key manually and we can only abort.
+		 */
+		if (options.strict_host_key_checking) {
+			error("%s host key for %.200s was revoked and you have "
+			    "requested strict checking.", type, host);
+			goto fail;
+		}
+		goto continue_unsafe;
+
 	case HOST_CHANGED:
 		if (want_cert) {
 			/*
@@ -895,6 +914,7 @@
 			goto fail;
 		}
 
+ continue_unsafe:
 		/*
 		 * If strict host key checking has not been requested, allow
 		 * the connection but without MITM-able authentication or
@@ -994,7 +1014,7 @@
 	return 0;
 
 fail:
-	if (want_cert) {
+	if (want_cert && host_status != HOST_REVOKED) {
 		/*
 		 * No matching certificate. Downgrade cert to raw key and
 		 * search normally.