Honor GSSAPIServerIdentity for GSSAPI Key Exchange (#1637167)

This commit is contained in:
Jakub Jelen 2018-10-17 13:04:00 +02:00
parent 6666c19414
commit e8876f1b1f
2 changed files with 11 additions and 5 deletions

View File

@ -528,7 +528,7 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
maxlen = strlen(avail) + 1;
first = xmalloc(maxlen);
last = xmalloc(maxlen);
@@ -290,21 +293,26 @@ ssh_kex2(char *host, struct sockaddr *ho
@@ -290,23 +293,28 @@ ssh_kex2(char *host, struct sockaddr *ho
#ifdef GSSAPI
if (options.gss_keyex) {
@ -536,7 +536,9 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
- * client to the key exchange algorithm proposal */
- orig = options.kex_algorithms;
-
- if (options.gss_trust_dns)
- if (options.gss_server_identity)
- gss_host = options.gss_server_identity;
- else if (options.gss_trust_dns)
- gss_host = (char *)get_canonical_hostname(active_state, 1);
- else
- gss_host = host;
@ -555,7 +557,9 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
+ * client to the key exchange algorithm proposal */
+ orig = options.kex_algorithms;
+
+ if (options.gss_trust_dns)
+ if (options.gss_server_identity)
+ gss_host = options.gss_server_identity;
+ else if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(active_state, 1);
+ else
+ gss_host = host;

View File

@ -2431,7 +2431,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
/*
* SSH2 key exchange
*/
@@ -162,9 +280,34 @@ ssh_kex2(char *host, struct sockaddr *ho
@@ -162,9 +280,36 @@ ssh_kex2(char *host, struct sockaddr *ho
struct kex *kex;
int r;
@ -2449,7 +2449,9 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
+ * client to the key exchange algorithm proposal */
+ orig = options.kex_algorithms;
+
+ if (options.gss_trust_dns)
+ if (options.gss_server_identity)
+ gss_host = options.gss_server_identity;
+ else if (options.gss_trust_dns)
+ gss_host = (char *)get_canonical_hostname(active_state, 1);
+ else
+ gss_host = host;