| commit | 7d6a9fb660c808882d064e152d6070ffc3844c3f | [log] [download] |
|---|---|---|
| author | Damien Miller <djm@mindrot.org> | Sun Apr 20 13:23:43 2014 +1000 |
| committer | Damien Miller <djm@mindrot.org> | Sun Apr 20 13:23:43 2014 +1000 |
| tree | b3ba326eb0853c005d9c9d4c91b1c0f8dac8855e | |
| parent | fcd62c0b66b8415405ed0af29c236329eb88cc0f [diff] |
- djm@cvs.openbsd.org 2014/04/01 03:34:10
[sshconnect.c]
When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
certificate keys to plain keys and attempt SSHFP resolution.
Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
dialog by offering only certificate keys.
Reported by mcv21 AT cam.ac.uk