summaryrefslogtreecommitdiff
path: root/auth2-hostbased.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2014-12-21 22:27:55 +0000
committerDamien Miller <djm@mindrot.org>2014-12-22 09:32:29 +1100
commit56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch)
tree700a872e702c686c1815bb1049eb93e88079b598 /auth2-hostbased.c
parent058f839fe15c51be8b3a844a76ab9a8db550be4f (diff)
upstream commit
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
Diffstat (limited to 'auth2-hostbased.c')
-rw-r--r--auth2-hostbased.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 6787e4ca4..b7ae35356 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-hostbased.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */ 1/* $OpenBSD: auth2-hostbased.c,v 1.19 2014/12/21 22:27:56 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -208,13 +208,14 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
208 if (host_status == HOST_OK) { 208 if (host_status == HOST_OK) {
209 if (key_is_cert(key)) { 209 if (key_is_cert(key)) {
210 fp = key_fingerprint(key->cert->signature_key, 210 fp = key_fingerprint(key->cert->signature_key,
211 SSH_FP_MD5, SSH_FP_HEX); 211 options.fingerprint_hash, SSH_FP_DEFAULT);
212 verbose("Accepted certificate ID \"%s\" signed by " 212 verbose("Accepted certificate ID \"%s\" signed by "
213 "%s CA %s from %s@%s", key->cert->key_id, 213 "%s CA %s from %s@%s", key->cert->key_id,
214 key_type(key->cert->signature_key), fp, 214 key_type(key->cert->signature_key), fp,
215 cuser, lookup); 215 cuser, lookup);
216 } else { 216 } else {
217 fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); 217 fp = key_fingerprint(key, options.fingerprint_hash,
218 SSH_FP_DEFAULT);
218 verbose("Accepted %s public key %s from %s@%s", 219 verbose("Accepted %s public key %s from %s@%s",
219 key_type(key), fp, cuser, lookup); 220 key_type(key), fp, cuser, lookup);
220 } 221 }