mirror of git://anongit.mindrot.org/openssh.git
upstream: allow an empty attestation certificate returned by a
security key enrollment - these are possible for tokens that only offer self- attestation. This also needs support from the middleware. ok markus@ OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc
This commit is contained in:
parent
e44bb61824
commit
fccff339ca
5
ssh-sk.c
5
ssh-sk.c
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssh-sk.c,v 1.9 2019/11/12 19:34:40 markus Exp $ */
|
||||
/* $OpenBSD: ssh-sk.c,v 1.10 2019/11/12 22:38:19 djm Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2019 Google LLC
|
||||
*
|
||||
|
@ -300,7 +300,8 @@ sshsk_enroll(int type, const char *provider_path, const char *application,
|
|||
}
|
||||
/* Check response validity */
|
||||
if (resp->public_key == NULL || resp->key_handle == NULL ||
|
||||
resp->signature == NULL || resp->attestation_cert == NULL) {
|
||||
resp->signature == NULL ||
|
||||
(resp->attestation_cert == NULL && resp->attestation_cert_len != 0)) {
|
||||
error("%s: sk_enroll response invalid", __func__);
|
||||
r = SSH_ERR_INVALID_FORMAT;
|
||||
goto out;
|
||||
|
|
Loading…
Reference in New Issue