Bugzilla – Attachment 2341 Details for
Bug 2154
Avoid key lookup overhead when re-keying
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Cache the key after the initial check
cache-server-host-key.diff (text/plain), 1.71 KB, created by
Iain Morgan
on 2013-09-20 07:27:42 AEST
(
hide
)
Description:
Cache the key after the initial check
Filename:
MIME Type:
Creator:
Iain Morgan
Created:
2013-09-20 07:27:42 AEST
Size:
1.71 KB
patch
obsolete
>Index: sshconnect.c >=================================================================== >RCS file: /cvs/openssh/sshconnect.c,v >retrieving revision 1.212 >diff -u -r1.212 sshconnect.c >--- sshconnect.c 20 Aug 2013 16:44:25 -0000 1.212 >+++ sshconnect.c 19 Sep 2013 20:58:22 -0000 >@@ -65,6 +65,7 @@ > > char *client_version_string = NULL; > char *server_version_string = NULL; >+Key *previous_host_key = NULL; > > static int matching_host_key_dns = 0; > >@@ -1222,12 +1223,18 @@ > verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) > { > int flags = 0; >+ int result; > char *fp; > > fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); > debug("Server host key: %s %s", key_type(host_key), fp); > free(fp); > >+ if (key_equal(previous_host_key, host_key)) { >+ debug("Server host key matches cached key"); >+ return 0; >+ } >+ > /* XXX certs are not yet supported for DNS */ > if (!key_is_cert(host_key) && options.verify_host_key_dns && > verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) { >@@ -1235,8 +1242,10 @@ > > if (options.verify_host_key_dns == 1 && > flags & DNS_VERIFY_MATCH && >- flags & DNS_VERIFY_SECURE) >- return 0; >+ flags & DNS_VERIFY_SECURE) { >+ result = 0; >+ goto done; >+ } > > if (flags & DNS_VERIFY_MATCH) { > matching_host_key_dns = 1; >@@ -1248,9 +1257,15 @@ > } > } > >- return check_host_key(host, hostaddr, options.port, host_key, RDRW, >+ result = check_host_key(host, hostaddr, options.port, host_key, RDRW, > options.user_hostfiles, options.num_user_hostfiles, > options.system_hostfiles, options.num_system_hostfiles); >+ >+done: >+ if (result == 0 && previous_host_key == NULL) >+ previous_host_key = key_from_private(host_key); >+ >+ return result; > } > > /*
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2341">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2154
:
2337
|
2338
|
2341
|
2450