diff options
author | Christopher Speller <crspeller@gmail.com> | 2017-06-21 19:06:17 -0700 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2017-06-21 19:06:17 -0700 |
commit | 42f28ab8e374137fe3f5d25424489d879d4724f8 (patch) | |
tree | 20353f2446b506d32e6d353b72a57bf48f070389 /vendor/golang.org/x/crypto/ssh/certs.go | |
parent | 6b39c308d882a0aeac533f8ab1d90b48a2ae4b5a (diff) | |
download | chat-42f28ab8e374137fe3f5d25424489d879d4724f8.tar.gz chat-42f28ab8e374137fe3f5d25424489d879d4724f8.tar.bz2 chat-42f28ab8e374137fe3f5d25424489d879d4724f8.zip |
Updating server dependancies (#6712)
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/certs.go')
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/certs.go | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go index 2fc8af1b1..b1f022078 100644 --- a/vendor/golang.org/x/crypto/ssh/certs.go +++ b/vendor/golang.org/x/crypto/ssh/certs.go @@ -298,8 +298,17 @@ func (c *CertChecker) CheckHostKey(addr string, remote net.Addr, key PublicKey) if cert.CertType != HostCert { return fmt.Errorf("ssh: certificate presented as a host key has type %d", cert.CertType) } + if !c.IsHostAuthority(cert.SignatureKey, addr) { + return fmt.Errorf("ssh: no authorities for hostname: %v", addr) + } + + hostname, _, err := net.SplitHostPort(addr) + if err != nil { + return err + } - return c.CheckCert(addr, cert) + // Pass hostname only as principal for host certificates (consistent with OpenSSH) + return c.CheckCert(hostname, cert) } // Authenticate checks a user certificate. Authenticate can be used as @@ -316,6 +325,9 @@ func (c *CertChecker) Authenticate(conn ConnMetadata, pubKey PublicKey) (*Permis if cert.CertType != UserCert { return nil, fmt.Errorf("ssh: cert has type %d", cert.CertType) } + if !c.IsUserAuthority(cert.SignatureKey) { + return nil, fmt.Errorf("ssh: certificate signed by unrecognized authority") + } if err := c.CheckCert(conn.User(), cert); err != nil { return nil, err @@ -364,16 +376,6 @@ func (c *CertChecker) CheckCert(principal string, cert *Certificate) error { } } - // if this is a host cert, principal is the remote hostname as passed - // to CheckHostCert. - if cert.CertType == HostCert && !c.IsHostAuthority(cert.SignatureKey, principal) { - return fmt.Errorf("ssh: no authorities for hostname: %v", principal) - } - - if cert.CertType == UserCert && !c.IsUserAuthority(cert.SignatureKey) { - return fmt.Errorf("ssh: certificate signed by unrecognized authority") - } - clock := c.Clock if clock == nil { clock = time.Now |