From 952ed3e2891d6511931b912675b13e27a1c785df Mon Sep 17 00:00:00 2001 From: djm Date: Wed, 22 Apr 2015 01:24:01 +0000 Subject: [PATCH] unknown certificate extensions are non-fatal, so don't fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok dtucker@ --- usr.bin/ssh/auth-options.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.bin/ssh/auth-options.c b/usr.bin/ssh/auth-options.c index b25a227e6af..3d7c334720c 100644 --- a/usr.bin/ssh/auth-options.c +++ b/usr.bin/ssh/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.65 2015/01/14 10:30:34 markus Exp $ */ +/* $OpenBSD: auth-options.c,v 1.66 2015/04/22 01:24:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -600,7 +600,7 @@ auth_cert_options(struct sshkey *k, struct passwd *pw) &cert_source_address_done) == -1) return -1; if (parse_option_list(k->cert->extensions, pw, - OPTIONS_EXTENSIONS, 1, + OPTIONS_EXTENSIONS, 0, &cert_no_port_forwarding_flag, &cert_no_agent_forwarding_flag, &cert_no_x11_forwarding_flag, -- 2.20.1