We need to trim \r from the output of 'ssh-keygen -Y find-principals' on Windows, or we end up calling 'ssh-keygen -Y verify' with a bogus signer identity. ssh-keygen.c:2841 contains a call to puts(3), which confirms this hypothesis. Signature verification passes with the fix. Helped-by: Pedro Martelletto <pedro@xxxxxxxxxx> Signed-off-by: Fabian Stelzer <fs@xxxxxxxxxxxx> --- gpg-interface.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/gpg-interface.c b/gpg-interface.c index b52eb0e2e0..d5eca417e8 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -509,7 +509,10 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc, if (!*line) break; - trust_size = strcspn(line, "\n"); + trust_size = strcspn(line, "\n"); /* truncate at LF */ + if (trust_size && trust_size != strlen(line) && + line[trust_size - 1] == '\r') + trust_size--; /* the LF was part of CRLF at the end */ principal = xmemdupz(line, trust_size); child_process_init(&ssh_keygen); -- 2.33.1
