Re: no mutual signature algorithm with RSA user certs client 7.8, server 7.4

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Thu, Oct 11, 2018 at 12:13 PM Damien Miller <djm@xxxxxxxxxxx> wrote:
> Could you try this?
>
> diff --git a/sshconnect2.c b/sshconnect2.c
> index f104408..1d2906f 100644
> --- a/sshconnect2.c
> +++ b/sshconnect2.c
> @@ -1080,7 +1080,8 @@ key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
>          * newer (SHA2) algorithms.
>          */
>         if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
> -           (key->type != KEY_RSA && key->type != KEY_RSA_CERT)) {
> +           (key->type != KEY_RSA && key->type != KEY_RSA_CERT) ||
> +           (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
>                 /* Filter base key signature alg against our configuration */
>                 return match_list(sshkey_ssh_name(key),
>                     options.pubkey_key_types, NULL);

That fixes it for me, thank you. Would you still like a copy of the
previous failing client trace?
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux