simon-git: putty (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Fri Apr 29 22:50:45 BST 2022
TL;DR:
95830489 Fix rekeying when using a certified host key.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2022-04-29 22:50:45
commit 958304897d7bcb99438c4254c29dd18d0f20b61d
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=958304897d7bcb99438c4254c29dd18d0f20b61d;hp=1dfa0f538b269482cc42fdc02ff39d21370c2b92
Author: Simon Tatham <anakin at pobox.com>
Date: Fri Apr 29 22:44:40 2022 +0100
Fix rekeying when using a certified host key.
In a rekey, we expect to see the same host key again, which we enforce
by comparing its cache string, which we happened to have handy. But
certified host keys don't have cache strings, so this no longer works
reliably - the 'assert(s->keystr)' fails.
(This is what I get for making a zillion short-lived test connections
and not leaving any of them running for more than 2 minutes!)
Instead, we now keep the official public blob of the host key from the
first key exchange, and compare that to the public blob of the one in
the rekey.
ssh/kex2-client.c | 16 ++++++++++------
ssh/transport2.c | 1 -
ssh/transport2.h | 4 ++--
3 files changed, 12 insertions(+), 9 deletions(-)
More information about the tartarus-commits
mailing list