CVSROOT: /cvs Module name: src Changes by: d...@cvs.openbsd.org 2021/11/17 20:50:41
Modified files:
usr.bin/ssh : sshsig.c
Log message:
ssh-keygen -Y find-principals was verifying key validity when using
ca certs but not with simple key lifetimes within the allowed
signers file.
Since it returns the first keys principal it finds this could
result in a principal with an expired key even though a valid
one is just below.
patch from Fabian Stelzer; feedback/ok djm markus
