From 8152c6aba49a4ffb9658f3c2e0ef74e670fd49ec Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 7 Feb 2019 16:05:32 +0100
Subject: [PATCH] knownhosts: Ignore OpenSSH markers related to certificates

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/knownhosts.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/knownhosts.c b/src/knownhosts.c
index dd302123..bc5e6176 100644
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@@ -233,6 +233,12 @@ static int ssh_known_hosts_read_entries(const char *match,
             continue;
         }
 
+        /* Skip lines starting with markers (@cert-authority, @revoked):
+         * we do not completely support them anyway */
+        if (p[0] == '@') {
+            continue;
+        }
+
         rc = ssh_known_hosts_parse_line(match,
                                         line,
                                         &entry);