Honor GSSAPIServerIdentity for GSSAPI Key Exchange (#1637167)
This commit is contained in:
parent
6666c19414
commit
e8876f1b1f
@ -528,7 +528,7 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
|
||||
maxlen = strlen(avail) + 1;
|
||||
first = xmalloc(maxlen);
|
||||
last = xmalloc(maxlen);
|
||||
@@ -290,21 +293,26 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
@@ -290,23 +293,28 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
|
||||
#ifdef GSSAPI
|
||||
if (options.gss_keyex) {
|
||||
@ -536,7 +536,9 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
|
||||
- * client to the key exchange algorithm proposal */
|
||||
- orig = options.kex_algorithms;
|
||||
-
|
||||
- if (options.gss_trust_dns)
|
||||
- if (options.gss_server_identity)
|
||||
- gss_host = options.gss_server_identity;
|
||||
- else if (options.gss_trust_dns)
|
||||
- gss_host = (char *)get_canonical_hostname(active_state, 1);
|
||||
- else
|
||||
- gss_host = host;
|
||||
@ -555,7 +557,9 @@ diff -up openssh-7.7p1/sshconnect2.c.fips openssh-7.7p1/sshconnect2.c
|
||||
+ * client to the key exchange algorithm proposal */
|
||||
+ orig = options.kex_algorithms;
|
||||
+
|
||||
+ if (options.gss_trust_dns)
|
||||
+ if (options.gss_server_identity)
|
||||
+ gss_host = options.gss_server_identity;
|
||||
+ else if (options.gss_trust_dns)
|
||||
+ gss_host = (char *)get_canonical_hostname(active_state, 1);
|
||||
+ else
|
||||
+ gss_host = host;
|
||||
|
@ -2431,7 +2431,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
|
||||
/*
|
||||
* SSH2 key exchange
|
||||
*/
|
||||
@@ -162,9 +280,34 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
@@ -162,9 +280,36 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||
struct kex *kex;
|
||||
int r;
|
||||
|
||||
@ -2449,7 +2449,9 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
|
||||
+ * client to the key exchange algorithm proposal */
|
||||
+ orig = options.kex_algorithms;
|
||||
+
|
||||
+ if (options.gss_trust_dns)
|
||||
+ if (options.gss_server_identity)
|
||||
+ gss_host = options.gss_server_identity;
|
||||
+ else if (options.gss_trust_dns)
|
||||
+ gss_host = (char *)get_canonical_hostname(active_state, 1);
|
||||
+ else
|
||||
+ gss_host = host;
|
||||
|
Loading…
Reference in New Issue
Block a user