From 8d2c643fcb3b475a1bb3c7540b9d634cf16b9f05 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sun, 1 May 2022 11:29:54 +0100
Subject: [PATCH] CA config: protect against saving a key with no wildcards.

---
 ssh/ca-config.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ssh/ca-config.c b/ssh/ca-config.c
index 0f82bb35..056622a2 100644
--- a/ssh/ca-config.c
+++ b/ssh/ca-config.c
@@ -189,6 +189,11 @@ static void ca_save_handler(dlgcontrol *ctrl, dlgparam *dp,
 {
     struct ca_state *st = (struct ca_state *)ctrl->context.p;
     if (event == EVENT_ACTION) {
+        if (!count234(st->host_wcs)) {
+            dlg_error_msg(dp, "No hostnames configured for this key");
+            return;
+        }
+
         strbuf *pubkey;
         {
             const char *error;