[Bug 2728] New: HostKeyAlias not respected for certificate authority host key validation

bugzilla-daemon Mon, 12 Jun 2017 07:43:16 -0700

https://bugzilla.mindrot.org/show_bug.cgi?id=2728


            Bug ID: 2728
           Summary: HostKeyAlias not respected for certificate authority
                    host key validation
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 2994
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2994&action=edit
Patch to respect HostKeyAlias when using host certificates

When connecting to ssh server by IP address (or another DNS name), with
HostKeyAlias set to the name of the principal signed by the CA, one
gets:

> key_cert_check_authority: invalid certificate
> Certificate invalid: name is not a listed principal

The proposed patch changes this behavior by using
options.host_key_alias in the contingency that it is set.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2728] New: HostKeyAlias not respected for certificate authority host key validation

Reply via email to