diff options
author | djm@openbsd.org <djm@openbsd.org> | 2014-12-21 22:27:55 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-12-22 09:32:29 +1100 |
commit | 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch) | |
tree | 700a872e702c686c1815bb1049eb93e88079b598 /auth2-hostbased.c | |
parent | 058f839fe15c51be8b3a844a76ab9a8db550be4f (diff) |
upstream commit
Add FingerprintHash option to control algorithm used for
key fingerprints. Default changes from MD5 to SHA256 and format from hex to
base64.
Feedback and ok naddy@ markus@
Diffstat (limited to 'auth2-hostbased.c')
-rw-r--r-- | auth2-hostbased.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c index 6787e4ca4..b7ae35356 100644 --- a/auth2-hostbased.c +++ b/auth2-hostbased.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2-hostbased.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */ | 1 | /* $OpenBSD: auth2-hostbased.c,v 1.19 2014/12/21 22:27:56 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -208,13 +208,14 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, | |||
208 | if (host_status == HOST_OK) { | 208 | if (host_status == HOST_OK) { |
209 | if (key_is_cert(key)) { | 209 | if (key_is_cert(key)) { |
210 | fp = key_fingerprint(key->cert->signature_key, | 210 | fp = key_fingerprint(key->cert->signature_key, |
211 | SSH_FP_MD5, SSH_FP_HEX); | 211 | options.fingerprint_hash, SSH_FP_DEFAULT); |
212 | verbose("Accepted certificate ID \"%s\" signed by " | 212 | verbose("Accepted certificate ID \"%s\" signed by " |
213 | "%s CA %s from %s@%s", key->cert->key_id, | 213 | "%s CA %s from %s@%s", key->cert->key_id, |
214 | key_type(key->cert->signature_key), fp, | 214 | key_type(key->cert->signature_key), fp, |
215 | cuser, lookup); | 215 | cuser, lookup); |
216 | } else { | 216 | } else { |
217 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 217 | fp = key_fingerprint(key, options.fingerprint_hash, |
218 | SSH_FP_DEFAULT); | ||
218 | verbose("Accepted %s public key %s from %s@%s", | 219 | verbose("Accepted %s public key %s from %s@%s", |
219 | key_type(key), fp, cuser, lookup); | 220 | key_type(key), fp, cuser, lookup); |
220 | } | 221 | } |