1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00

Tweak certified-host-key prompt.

Add a specific reassurance that taking the add-to-cache action will not
cause the CA that signed the key to be trusted in any wider context.
This commit is contained in:
Jacob Nevins 2022-10-21 20:04:16 +01:00
parent 344cde8ded
commit 5f3b743eb0

View File

@ -1037,6 +1037,12 @@ SeatPromptResult verify_ssh_host_key(
text, SDT_PARA, "If you were expecting this change and trust the "
"new key, %s to update %s's cache and carry on connecting.",
pds->hk_accept_action, appname);
if (key && ssh_key_alg(key)->is_certificate) {
seat_dialog_text_append(
text, SDT_PARA, "(Storing this certified key in the cache "
"will NOT cause its certification authority to be trusted "
"for any other key or host.)");
}
seat_dialog_text_append(
text, SDT_PARA, "If you want to carry on connecting but without "
"updating the cache, %s.", pds->hk_connect_once_action);