diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-09-14 06:32:21 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-09-14 06:33:06 +0200 |
| commit | aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba (patch) | |
| tree | 931c66543aa73417ed66342ad988b7bade568149 /dns.c | |
| parent | adapt portable to channels API changes (diff) | |
| download | openssh-aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba.tar.xz openssh-aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba.zip | |
upstream commit
Revert commitid: gJtIN6rRTS3CHy9b.
-------------
identify the case where SSHFP records are missing but other DNS RR
types are present and display a more useful error message for this
case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
-------------
This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
are missing but the user already has the key in known_hosts
Spotted by dtucker@
Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
Diffstat (limited to 'dns.c')
| -rw-r--r-- | dns.c | 14 |
1 files changed, 6 insertions, 8 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.36 2017/09/01 05:53:56 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.37 2017/09/14 04:32:21 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -294,19 +294,17 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, free(dnskey_digest); } - if (*flags & DNS_VERIFY_FOUND) { + free(hostkey_digest); /* from sshkey_fingerprint_raw() */ + freerrset(fingerprints); + + if (*flags & DNS_VERIFY_FOUND) if (*flags & DNS_VERIFY_MATCH) debug("matching host key fingerprint found in DNS"); - else if (counter == fingerprints->rri_nrdatas) - *flags |= DNS_VERIFY_MISSING; else debug("mismatching host key fingerprint found in DNS"); - } else + else debug("no host key fingerprint found in DNS"); - free(hostkey_digest); /* from sshkey_fingerprint_raw() */ - freerrset(fingerprints); - return 0; } |