Identities offers both key and certificate when both are present

[chriseldredge]

This PR modifies Agent.identities() to return certificates in addition to keys, rather than returning only the certificate. This makes Secretive behave similarly to OpenSSH ssh-agent and addresses difficulties using the agent in scenarios where a private key can be used for authentication against a given remote server directly without the certificate.

Fixes #452.

[maxgoedjen]

@chriseldredge nice – thanks!

I'm not personally a certs user so I don't have direct experience in the mechanics of this one – is it correct to returns they key identities before the certs ones? My intuition would be that the certs should be offered first, but I'm really not sure there.

[chriseldredge]

I’m not an expert either but can observe what happens in my configuration. As noted in #452, OpenSSH lists the public key first, so I mimicked that order.

I suspect this doesn’t matter much in practice, as most servers will either accept the certificate or the public key, usually not both, and in either situation the same private key gets used anyway.

[maxgoedjen]

I’m not an expert either but can observe what happens in my configuration. As noted in #452, OpenSSH lists the public key first, so I mimicked that order.

Good enough for me, thanks!