From 18e1a3022deebfa91ef022f09de3396d595f50b2 Mon Sep 17 00:00:00 2001 From: Nobuhiro Ban Date: Sun, 9 Nov 2014 15:30:06 +0100 Subject: SSH: use the port number as well for known_known checks ... if the libssh2 version is new enough. Bug: http://curl.haxx.se/bug/view.cgi?id=1448 --- lib/ssh.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'lib') diff --git a/lib/ssh.c b/lib/ssh.c index 6b849c611..6fefe8aee 100644 --- a/lib/ssh.c +++ b/lib/ssh.c @@ -99,6 +99,13 @@ # endif #endif +/* Feature detection based on version numbers to better work with + non-configure platforms */ +#if LIBSSH2_VERSION_NUM >= 0x010206 +/* libssh2_knownhost_checkp was added in 1.2.6 */ +#define HAVE_LIBSSH2_KNOWNHOST_CHECKP +#endif + #ifndef PATH_MAX #define PATH_MAX 1024 /* just an extra precaution since there are systems that have their definition hidden well */ @@ -546,6 +553,17 @@ static CURLcode ssh_knownhost(struct connectdata *conn) keybit = (keytype == LIBSSH2_HOSTKEY_TYPE_RSA)? LIBSSH2_KNOWNHOST_KEY_SSHRSA:LIBSSH2_KNOWNHOST_KEY_SSHDSS; +#ifdef HAVE_LIBSSH2_KNOWNHOST_CHECKP + keycheck = libssh2_knownhost_checkp(sshc->kh, + conn->host.name, + (conn->remote_port != PORT_SSH)? + conn->remote_port:-1, + remotekey, keylen, + LIBSSH2_KNOWNHOST_TYPE_PLAIN| + LIBSSH2_KNOWNHOST_KEYENC_RAW| + keybit, + &host); +#else keycheck = libssh2_knownhost_check(sshc->kh, conn->host.name, remotekey, keylen, @@ -553,6 +571,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn) LIBSSH2_KNOWNHOST_KEYENC_RAW| keybit, &host); +#endif infof(data, "SSH host check: %d, key: %s\n", keycheck, (keycheck <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)? -- cgit v1.2.3