- (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
implementation does not have krb5_cc_new_unique, similar to what we do
in auth-krb5.c.
+ - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
+ skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2014/01/20 00:08:48
[digest.c]
printf '@cert-authority '
printf "$HOSTS "
cat $OBJ/host_ca_key.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_rsa.pub
- if test "x$TEST_SSH_ECC" = "xyes"; then
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_ecdsa-sha2-nistp256.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_ecdsa-sha2-nistp384.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_ecdsa-sha2-nistp521.pub
- fi
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_ed25519.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_dsa.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_rsa_v00.pub
- printf '@revoked '
- printf "* "
- cat $OBJ/cert_host_key_dsa_v00.pub
+ for ktype in $PLAIN_TYPES rsa_v00 dsa_v00; do
+ test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey"
+ printf "@revoked * `cat $OBJ/cert_host_key_${ktype}.pub`\n"
+ done
) > $OBJ/known_hosts-cert
for privsep in yes no ; do
for ktype in $PLAIN_TYPES rsa_v00 dsa_v00; do
projects / thirdparty / openssh-portable.git / commitdiff
