![[BACK]](https://ssr-www.pages.dev/icons/back.gif?kwid=1%2560uptfa-lsfmapg-lqd){kind=icon}
Up to [local] / src / usr.bin / ssh
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.7 / (download) - annotate - [select for diffs], Mon Dec 22 01:49:03 2025 UTC (6 days, 11 hours ago) by djm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
When certificate support was added to OpenSSH, certificates were originally specified to represent any principal if the principals list was empty. This was, in retrospect, a mistake as it created a fail-open situation if a CA could be convinced to accidentally sign a certificate with no principals. This actually happened in a 3rd- party CA product (CVE-2024-7594). Somewhat fortunately, the main pathway for using certificates in sshd (TrustedUserCAKeys) never supported empty-principals certificates, so the blast radius of such mistakes was substantially reduced. This change removes this footcannon and requires all certificates include principals sections. It also fixes interpretation of wildcard principals, and properly enables them for host certificates only. This is a behaviour change that will permanently break uses of certificates with empty principals sections. ok markus@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Aug 14 10:03:44 2025 UTC (4 months, 2 weeks ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_8_BASE,
OPENBSD_7_8
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
Cast serial no for %lld to prevent compiler warnings on some platforms.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Aug 6 04:53:04 2025 UTC (4 months, 3 weeks ago) by djm
Branch: MAIN
Changes since 1.4: +16 -7 lines
Diff to previous 1.4 (colored)
when refusing a certificate for user authentication, log enough information to identify the certificate in addition to the reason why it was being denied. Makes debugging certificate authz problems a bit easier. ok dlg@
Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 5 05:34:09 2023 UTC (2 years, 9 months ago) by dtucker
Branch: MAIN
CVS Tags: OPENBSD_7_7_BASE,
OPENBSD_7_7,
OPENBSD_7_6_BASE,
OPENBSD_7_6,
OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.3: +1 -2 lines
Diff to previous 1.3 (colored)
Remove unused compat.h includes. We've previously removed a lot of the really old compatibility code, and with it went the need to include compat.h in most of the files that have it.
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jul 1 03:52:57 2022 UTC (3 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.2: +9 -5 lines
Diff to previous 1.2 (colored)
bump up loglevel from debug to info when unable to open authorized keys/principals file for errno != ENOENT; bz2042 ok dtucker
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jun 3 04:47:21 2022 UTC (3 years, 6 months ago) by djm
Branch: MAIN
Changes since 1.1: +56 -1 lines
Diff to previous 1.1 (colored)
move auth_openprincipals() and auth_openkeyfile() over to auth2-pubkeyfile.c too; they make more sense there.
Revision 1.1 / (download) - annotate - [select for diffs], Fri May 27 05:02:46 2022 UTC (3 years, 7 months ago) by djm
Branch: MAIN
split the low-level file handling functions out from auth2-pubkey.c Put them in a new auth2-pubkeyfile.c to make it easier to refer to them (e.g. in unit/fuzz tests) without having to refer to everything else pubkey auth brings in. ok dtucker@