diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-01-07 18:49:58 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-01-09 13:17:31 +0100 |
commit | 27fe60954c29e548c30af239d92ab4faaf8cf788 (patch) | |
tree | aa2c192ae5b664912e3ae4d1df15c1068a69ee3e /src/server.c | |
parent | ca62632170c311923026f978c57d2e0a0be3e0e1 (diff) | |
download | libssh-27fe60954c29e548c30af239d92ab4faaf8cf788.tar.gz libssh-27fe60954c29e548c30af239d92ab4faaf8cf788.tar.xz libssh-27fe60954c29e548c30af239d92ab4faaf8cf788.zip |
server: Correctly handle extensions
If the server had an RSA host key, it provided unconditionally SHA2
signatures without consulting the client proposed list of supported host
keys.
This commit implements more fine-grained detection of the extension
to provide the client with valid signatures according to RFC 8332
Section 3.1.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/server.c')
-rw-r--r-- | src/server.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/server.c b/src/server.c index c3e92ba6..a586964f 100644 --- a/src/server.c +++ b/src/server.c @@ -496,7 +496,7 @@ static void ssh_server_connection_callback(ssh_session session){ * our supported extensions now. This is the first message after * sending NEWKEYS message and after turning on crypto. */ - if (session->extensions && + if (session->extensions & SSH_EXT_NEGOTIATION && session->session_state != SSH_SESSION_STATE_AUTHENTICATED) { ssh_server_send_extensions(session); } |