This PR adds capability to create and use rsa-sha2 certificates. diff --git a/ssh-rsa.c b/ssh-rsa.c index 49e71c8..69de09c 100644 --- a/ssh-rsa.c +++ b/ssh-rsa.c @@ -57,9 +57,11 @@ rsa_hash_alg_from_ident(const char *ident) if (strcmp(ident, "ssh-rsa") == 0 || strcmp(ident, "ssh-rsa-cert-v01@xxxxxxxxxxx") == 0) return SSH_DIGEST_SHA1; - if (strcmp(ident, "rsa-sha2-256") == 0) + if (strcmp(ident, "rsa-sha2-256") == 0 || + strcmp(ident, "rsa-sha2-256-cert-v01@xxxxxxxxxxx") == 0) return SSH_DIGEST_SHA256; - if (strcmp(ident, "rsa-sha2-512") == 0) + if (strcmp(ident, "rsa-sha2-512") == 0 || + strcmp(ident, "rsa-sha2-512-cert-v01@xxxxxxxxxxx") == 0) return SSH_DIGEST_SHA512; return -1; } diff --git a/sshkey.c b/sshkey.c index 7712fba..2d43887 100644 --- a/sshkey.c +++ b/sshkey.c @@ -110,6 +110,8 @@ static const struct keytype keytypes[] = { # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ { "ssh-rsa-cert-v01@xxxxxxxxxxx", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 }, + { "rsa-sha2-256-cert-v01@xxxxxxxxxxx", "RSA-CERT", KEY_RSA_CERT, 0, 1, 1 }, + { "rsa-sha2-512-cert-v01@xxxxxxxxxxx", "RSA-CERT", KEY_RSA_CERT, 0, 1, 1 }, { "ssh-dss-cert-v01@xxxxxxxxxxx", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 }, # ifdef OPENSSL_HAS_ECC { "ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx", "ECDSA-CERT", Please set email of commit to koops1997+github@xxxxxxxxx and name to Yegor Ievlev, so commit will be attributed to me on GitHub. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev