From 9209c7ea38bf6bf72f9fbbafce6acbcf92ca73ae Mon Sep 17 00:00:00 2001
From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Date: Sun, 6 Nov 2022 01:56:20 +0000
Subject: [PATCH] Tweak another certified-host-key-prompt.

Like 5f3b743eb0, specifically reassure the user that taking the
add-to-cache action will not cause the CA that signed the key to be
trusted in any wider context, in the case where there was no previous
certified key cached. (I don't know why I missed this out before.)
---
 ssh/common.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ssh/common.c b/ssh/common.c
index a1b4d77d..02bf7322 100644
--- a/ssh/common.c
+++ b/ssh/common.c
@@ -1023,6 +1023,12 @@ SeatPromptResult verify_ssh_host_key(
             text, SDT_PARA, "If you trust this host, %s to add the key to "
             "%s's cache and carry on connecting.",
             pds->hk_accept_action, appname);
+        if (key && ssh_key_alg(key)->is_certificate) {
+            seat_dialog_text_append(
+                text, SDT_PARA, "(Storing this certified key in the cache "
+                "will NOT cause its certification authority to be trusted "
+                "for any other key or host.)");
+        }
         seat_dialog_text_append(
             text, SDT_PARA, "If you want to carry on connecting just once, "
             "without adding the key to the cache, %s.",