version 1.18, 2020/10/18 11:32:02 |
version 1.19, 2021/01/26 00:49:30 |
|
|
} else if (sigopts->ca && sshkey_is_cert(sign_key) && |
} else if (sigopts->ca && sshkey_is_cert(sign_key) && |
sshkey_equal_public(sign_key->cert->signature_key, found_key)) { |
sshkey_equal_public(sign_key->cert->signature_key, found_key)) { |
/* Match of certificate's CA key */ |
/* Match of certificate's CA key */ |
if ((r = sshkey_cert_check_authority(sign_key, 0, 1, |
if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 0, |
principal, &reason)) != 0) { |
principal, &reason)) != 0) { |
error("%s:%lu: certificate not authorized: %s", |
error("%s:%lu: certificate not authorized: %s", |
path, linenum, reason); |
path, linenum, reason); |
|
|
continue; |
continue; |
} |
} |
/* Check against principals list in certificate */ |
/* Check against principals list in certificate */ |
if ((r = sshkey_cert_check_authority(cert, 0, 1, |
if ((r = sshkey_cert_check_authority(cert, 0, 1, 0, |
cp, &reason)) != 0) { |
cp, &reason)) != 0) { |
debug("%s:%lu: principal \"%s\" not authorized: %s", |
debug("%s:%lu: principal \"%s\" not authorized: %s", |
path, linenum, cp, reason); |
path, linenum, cp, reason); |