From e4dc69e5b2fd71dcaf8bd5d054eb936deb78d1fa Mon Sep 17 00:00:00 2001
From: Han-Wen Nienhuys <hanwen@google.com>
Date: Wed, 17 Oct 2018 10:28:34 +0200
Subject: ssh: return specific error for invalid signature algorithm

Previously, this would return the default error "no auth passed yet".

Not only is the new error more specific, it makes it easier to verify
the control flow of server authentication code.

Change-Id: I6c8de4e3f91da74274acbe9d87ec4f6158b4a94f
Reviewed-on: https://go-review.googlesource.com/c/142897
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 ssh/server.go | 1 +
 1 file changed, 1 insertion(+)

(limited to 'ssh/server.go')

diff --git a/ssh/server.go b/ssh/server.go
index 122c03e..e86e896 100644
--- a/ssh/server.go
+++ b/ssh/server.go
@@ -484,6 +484,7 @@ userAuthLoop:
 				// sig.Format.  This is usually the same, but
 				// for certs, the names differ.
 				if !isAcceptableAlgo(sig.Format) {
+					authErr = fmt.Errorf("ssh: algorithm %q not accepted", sig.Format)
 					break
 				}
 				signedData := buildDataSignedForAuth(sessionID, userAuthReq, algoBytes, pubKeyData)
-- 
cgit v1.3