diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-04 13:49:31 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-04 23:51:52 +1000 |
commit | 312d2f2861a2598ed08587cb6c45c0e98a85408f (patch) | |
tree | e3bdc4facef48a89cd76fa793d9e70211b7ff8d2 /sshconnect2.c | |
parent | 303af5803bd74bf05d375c04e1a83b40c30b2be5 (diff) |
upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index db95cb214..f3ccd53a9 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.274 2018/07/03 13:20:25 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.275 2018/07/04 13:49:31 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * Copyright (c) 2008 Damien Miller. All rights reserved. | 4 | * Copyright (c) 2008 Damien Miller. All rights reserved. |
@@ -158,7 +158,7 @@ void | |||
158 | ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 158 | ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
159 | { | 159 | { |
160 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; | 160 | char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; |
161 | char *s; | 161 | char *s, *all_key; |
162 | struct kex *kex; | 162 | struct kex *kex; |
163 | int r; | 163 | int r; |
164 | 164 | ||
@@ -178,9 +178,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | |||
178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = | 178 | myproposal[PROPOSAL_MAC_ALGS_CTOS] = |
179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; | 179 | myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; |
180 | if (options.hostkeyalgorithms != NULL) { | 180 | if (options.hostkeyalgorithms != NULL) { |
181 | if (kex_assemble_names(KEX_DEFAULT_PK_ALG, | 181 | all_key = sshkey_alg_list(0, 0, 1, ','); |
182 | &options.hostkeyalgorithms) != 0) | 182 | if (kex_assemble_names(&options.hostkeyalgorithms, |
183 | KEX_DEFAULT_PK_ALG, all_key) != 0) | ||
183 | fatal("%s: kex_assemble_namelist", __func__); | 184 | fatal("%s: kex_assemble_namelist", __func__); |
185 | free(all_key); | ||
184 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = | 186 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
185 | compat_pkalg_proposal(options.hostkeyalgorithms); | 187 | compat_pkalg_proposal(options.hostkeyalgorithms); |
186 | } else { | 188 | } else { |