diff --git a/ChangeLog b/ChangeLog index e2171ec1b..c04af4aa8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,11 @@ the proposal if the version of OpenSSL we're using doesn't support ECC. - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef ECC variable too. + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/06/05 22:17:50 + [sshconnect2.c] + fix inverted test that caused PKCS#11 keys that were explicitly listed + not to be preferred. Reported by Dirk-Willem van Gulik 20140527 - (djm) [cipher.c] Fix merge botch. diff --git a/sshconnect2.c b/sshconnect2.c index f71b7d226..658398436 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.207 2014/04/29 18:01:49 markus Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.208 2014/06/05 22:17:50 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -1183,7 +1183,7 @@ pubkey_prepare(Authctxt *authctxt) found = 0; TAILQ_FOREACH(id2, &files, next) { if (id2->key == NULL || - (id2->key->flags & KEY_FLAG_EXT) != 0) + (id2->key->flags & KEY_FLAG_EXT) == 0) continue; if (key_equal(id->key, id2->key)) { TAILQ_REMOVE(&files, id, next);