https://bugzilla.mindrot.org/show_bug.cgi?id=2436
--- Comment #4 from Damien Miller <[email protected]> --- Created attachment 2700 --> https://bugzilla.mindrot.org/attachment.cgi?id=2700&action=edit revised patch Here's a tweaked version of the patch. Changes are: - add_certificate_file() never used its "dir" argument; remove it and save some code - merge load_certificate_files() into load_public_identity_files(); much of the code is shared (especially % expansion) - if any CertificateFiles have been specified, skip trying to load key-cert.pub by default. I figure that if users are specifying certificates themselves then they don't want implicit behaviour to confuse things. - log (at debug2 level) which private key is being used for the certificate and cases where no private key was found for a given certificate - Simplify the matching of certificates to private keys in sign_and_send_pubkey() and use it for all certificates (i.e. both CertificateFile and implicit *-cert.pub ones). - Tweak the wording of the manpage a little and mention the interaction with IdentitiesOnly. I've left the ssh -z option in there for now. The alternative to an explicit flag is making users use -oCertificateFile=... -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
