1 files changed, 23 insertions, 27 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index e2ea82656..32e9b0df2 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -168,26 +168,6 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
        xxx_host = host;
        xxx_hostaddr = hostaddr;
-#ifdef GSSAPI
-        if (options.gss_keyex) {
-                /* Add the GSSAPI mechanisms currently supported on this 
-                 * client to the key exchange algorithm proposal */
-                orig = myproposal[PROPOSAL_KEX_ALGS];
-                if (options.gss_trust_dns)
-                        gss_host = (char *)get_canonical_hostname(1);
-                else
-                        gss_host = host;
-                gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
-                if (gss) {
-                        debug("Offering GSSAPI proposal: %s", gss);
-                        xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
-                            "%s,%s", gss, orig);
-                }
-        }
-#endif
        myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
            options.kex_algorithms);
        myproposal[PROPOSAL_ENC_ALGS_CTOS] =
@@ -219,13 +199,29 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
        }
 #ifdef GSSAPI
-        /* If we've got GSSAPI algorithms, then we also support the
+        if (options.gss_keyex) {
-         * 'null' hostkey, as a last resort */
+                /* Add the GSSAPI mechanisms currently supported on this
-        if (options.gss_keyex && gss) {
+                 * client to the key exchange algorithm proposal */
-                orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
+                orig = myproposal[PROPOSAL_KEX_ALGS];
-                xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], 
-                    "%s,null", orig);
+                if (options.gss_trust_dns)
-                free(gss);
+                        gss_host = (char *)get_canonical_hostname(1);
+                else
+                        gss_host = host;
+                gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
+                if (gss) {
+                        debug("Offering GSSAPI proposal: %s", gss);
+                        xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
+                            "%s,%s", gss, orig);
+                        /* If we've got GSSAPI algorithms, then we also
+                         * support the 'null' hostkey, as a last resort */
+                        orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
+                        xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
+                            "%s,null", orig);
+                        free(gss);
+                }
        }
 #endif

diff --git a/sshconnect2.c b/sshconnect2.c index e2ea82656..32e9b0df2 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -168,26 +168,6 @@ ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
168	xxx_host = host;	168	xxx_host = host;
169	xxx_hostaddr = hostaddr;	169	xxx_hostaddr = hostaddr;
170		170
171	#ifdef GSSAPI
172	if (options.gss_keyex) {
173	/* Add the GSSAPI mechanisms currently supported on this
174	* client to the key exchange algorithm proposal */
175	orig = myproposal[PROPOSAL_KEX_ALGS];
176
177	if (options.gss_trust_dns)
178	gss_host = (char *)get_canonical_hostname(1);
179	else
180	gss_host = host;
181
182	gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
183	if (gss) {
184	debug("Offering GSSAPI proposal: %s", gss);
185	xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
186	"%s,%s", gss, orig);
187	}
188	}
189	#endif
190
191	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(	171	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
192	options.kex_algorithms);	172	options.kex_algorithms);
193	myproposal[PROPOSAL_ENC_ALGS_CTOS] =	173	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
@@ -219,13 +199,29 @@ ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
219	}	199	}
220		200
221	#ifdef GSSAPI	201	#ifdef GSSAPI
222	/* If we've got GSSAPI algorithms, then we also support the	202	if (options.gss_keyex) {
223	* 'null' hostkey, as a last resort */	203	/* Add the GSSAPI mechanisms currently supported on this
224	if (options.gss_keyex && gss) {	204	* client to the key exchange algorithm proposal */
225	orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];	205	orig = myproposal[PROPOSAL_KEX_ALGS];
226	xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],	206
227	"%s,null", orig);	207	if (options.gss_trust_dns)
228	free(gss);	208	gss_host = (char *)get_canonical_hostname(1);
		209	else
		210	gss_host = host;
		211
		212	gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
		213	if (gss) {
		214	debug("Offering GSSAPI proposal: %s", gss);
		215	xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
		216	"%s,%s", gss, orig);
		217
		218	/* If we've got GSSAPI algorithms, then we also
		219	* support the 'null' hostkey, as a last resort */
		220	orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
		221	xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
		222	"%s,null", orig);
		223	free(gss);
		224	}
229	}	225	}
230	#endif	226	#endif
231		227