On Mon, 25 Aug 2014, Scott Neugroschl wrote: > In the patch, at line 2687 of http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-6.6p1-gsskex.patch, we have > > @@ -2488,6 +2495,48 @@ do_ssh2_kex(void) > myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( > list_hostkey_types()); > > +#ifdef GSSAPI > + { > + char *orig; > + char *gss = NULL; > + char *newstr = NULL; > + orig = myproposal[PROPOSAL_KEX_ALGS]; <<<=== HERE 1 > + > + /* > + * If we don't have a host key, then there's no point advertising > + * the other key exchange algorithms > + */ > + > + if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) <<<=== HERE 2 > + orig = NULL; > > Note that at the lines marked HERE 1 and HERE 2, orig refers to two > separate things. Is this inconsistency in reference intended? AFAIK yes - it's intended to change the KEX method proposal based on whether any hostkeys are loaded. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev