search for: matching_host_key_dns

...te: Mon Jun 22 12:52:45 2015 +0200 Better diagnostic when DNSSEC validation fails. diff --git a/sshconnect.c b/sshconnect.c index f41960c..9f1eafa 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -71,6 +71,7 @@ char *server_version_string = NULL; Key *previous_host_key = NULL; static int matching_host_key_dns = 0; +static int dns_secure = 0; static pid_t proxy_command_pid = 0; @@ -972,13 +973,18 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, fatal("%s: sshkey_fingerprint fail", __func__); msg2[0] = '\0'; if (options.verify_host_key_dns) { -...

Have you seen this? https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742513 --mancha

...s of different type are already" - " known for this host."); - else - snprintf(msg1, sizeof(msg1), "."); - /* The default */ - fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); - msg2[0] = '\0'; - if (options.verify_host_key_dns) { - if (matching_host_key_dns) - snprintf(msg2, sizeof(msg2), - "Matching host key fingerprint" - " found in DNS.\n"); - else - snprintf(msg2, sizeof(msg2), - "No matching host key fingerprint" - " found in DNS.\n"); - } - snprintf(msg, sizeo...

...--- a/sshconnect.c +++ b/sshconnect.c @@ -69,9 +69,7 @@ #include "ssherr.h" #include "authfd.h" -char *client_version_string = NULL; -char *server_version_string = NULL; -struct sshkey *previous_host_key = NULL; +static struct sshkey *previous_host_key = NULL; static int matching_host_key_dns = 0; @@ -605,16 +603,16 @@ ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs, } static void -send_client_banner(int connection_out, int minor1) +send_client_banner(int connection_out, int minor1, char **client_version_stringp) { /* Send our own protocol version identifi...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,