more debugging for UpdateHostKeys signature failures

author djm <djm@openbsd.org>

Mon, 3 May 2021 00:16:45 +0000 (00:16 +0000)

committer djm <djm@openbsd.org>

Mon, 3 May 2021 00:16:45 +0000 (00:16 +0000)
author djm <djm@openbsd.org>
Mon, 3 May 2021 00:16:45 +0000 (00:16 +0000)
committer djm <djm@openbsd.org>
Mon, 3 May 2021 00:16:45 +0000 (00:16 +0000)
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c

index 68e03b5..ec60a62 100644 (file)
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.360 2021/04/30 04:29:53 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.361 2021/05/03 00:16:45 djm Exp $ */
  /*
   * Author: Tatu Ylonen <ylo@cs.hut.fi>
   * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2140,11 +2140,14 @@ client_global_hostkeys_private_confirm(struct ssh *ssh, int type,
                  */
                 use_kexsigtype = kexsigtype == KEY_RSA &&
                     sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA;
+               debug3_f("verify %s key %zu using %s sigalg",
+                   sshkey_type(ctx->keys[i]), i,
+                   use_kexsigtype ? ssh->kex->hostkey_alg : NULL);
                 if ((r = sshkey_verify(ctx->keys[i], sig, siglen,
                     sshbuf_ptr(signdata), sshbuf_len(signdata),
                     use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0,
                     NULL)) != 0) {
-                       error_f("server gave bad signature for %s key %zu",
+                       error_fr(r, "server gave bad signature for %s key %zu",
                             sshkey_type(ctx->keys[i]), i);
                         goto out;
                 }
author	djm <djm@openbsd.org>
	Mon, 3 May 2021 00:16:45 +0000 (00:16 +0000)
committer	djm <djm@openbsd.org>
	Mon, 3 May 2021 00:16:45 +0000 (00:16 +0000)