diff options
| author | Nicola Murino <nicola.murino@gmail.com> | 2023-07-16 14:25:08 +0200 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2023-11-23 17:23:14 +0000 |
| commit | 1c17e20020f974158d1b45be166660c999d6269b (patch) | |
| tree | faf0ede16173b4db863bdef8fccbe7b6b93fad55 /ssh/common.go | |
| parent | 270bf2552c05c1943a1c950e3afa3a15663e0277 (diff) | |
| download | go-x-crypto-1c17e20020f974158d1b45be166660c999d6269b.tar.xz | |
ssh: fix certificate authentication with OpenSSH 7.2-7.7
OpenSSH 7.2-7.7 advertises support for rsa-sha2-256 and rsa-sha2-512
in the "server-sig-algs" extension but doesn't support these
algorithms for certificate authentication, so if the server rejects
the key try to use the obtained algorithm as if "server-sig-algs" had
not been implemented.
Fixes golang/go#58371
Change-Id: Id49960d3dedd32a21e2c6c2689b1696e05398286
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/510155
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Nicola Murino <nicola.murino@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicola Murino <nicola.murino@gmail.com>
Diffstat (limited to 'ssh/common.go')
| -rw-r--r-- | ssh/common.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ssh/common.go b/ssh/common.go index dd2ab0d..7e9c2cb 100644 --- a/ssh/common.go +++ b/ssh/common.go @@ -127,6 +127,14 @@ func isRSA(algo string) bool { return contains(algos, underlyingAlgo(algo)) } +func isRSACert(algo string) bool { + _, ok := certKeyAlgoNames[algo] + if !ok { + return false + } + return isRSA(algo) +} + // supportedPubKeyAuthAlgos specifies the supported client public key // authentication algorithms. Note that this doesn't include certificate types // since those use the underlying algorithm. This list is sent to the client if |