On Fri, Mar 23, 2018 at 4:06 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: > Looks like a false positive from the warning code I added recently. > > Please try this: > > diff --git a/sshconnect2.c b/sshconnect2.c > index bf0b729..49eb205 100644 > --- a/sshconnect2.c > +++ b/sshconnect2.c > @@ -1006,6 +1006,8 @@ check_sigtype(const struct sshkey *key, const u_char *sig, size_t len) > char *sigtype = NULL; > const char *alg = key_sign_encode(key); > > + if (sshkey_is_cert(key)) > + return 0; > if ((r = sshkey_sigtype(sig, len, &sigtype)) != 0) > return r; > if (strcmp(sigtype, alg) != 0) { $ env SSH_AUTH_SOCK=/tmp/ssh.sock2 ./ssh-add -l 256 SHA256:byQi9IUy4F9Osg/977BQ/zyOHG2Yvlz0nSqpADvlZpQ (ED25519-CERT) $ env SSH_AUTH_SOCK=/tmp/ssh.sock2 ./ssh host pmoody@host:~$ looks good. Thanks! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev