openssh bugs - Aug 2012 - [Bug 2041] New: Check for SSHFP when certificate is offered.

https://bugzilla.mindrot.org/show_bug.cgi?id=2041

          Priority: P5
            Bug ID: 2041
          Assignee: unassigned-bugs at mindrot.org
           Summary: Check for SSHFP when certificate is offered.
          Severity: enhancement
    Classification: Unclassified
                OS: All
          Reporter: ondrej at caletka.cz
          Hardware: All
            Status: NEW
           Version: 6.1p1
         Component: ssh
           Product: Portable OpenSSH

Created attachment 2185
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2185&action=edit
Check for SSHFP when certificate is offered.

When the sshd offers a certificate to client (which is default, when
such a certificate is configured), the client refuses to do a SSHFP
validation for the key embedded in the certificate.

This patch fixes this by dropping certificate for the purpose of
checking SSHFP records, yet retaining certificate for other checks if
SSHFP authentication fails. It is therefore possible to fall back to
certificate authentication when for instance client does not have a
DNSSEC-enabled connectivity.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2041

Ond?ej Caletka <ondrej at caletka.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2185|0                           |1
        is obsolete|                            |

--- Comment #1 from Ond?ej Caletka <ondrej at caletka.cz> ---
Created attachment 2404
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2404&action=edit
Check for SSHFP when certificate is offered

This is the same patch, only rebased to OpenSSH 6.4p1 codebase.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.