|
Lines 55-60
Link Here
|
| 55 |
|
55 |
|
| 56 |
char *client_version_string = NULL; |
56 |
char *client_version_string = NULL; |
| 57 |
char *server_version_string = NULL; |
57 |
char *server_version_string = NULL; |
|
|
58 |
Key *previous_host_key = NULL; |
| 58 |
|
59 |
|
| 59 |
static int matching_host_key_dns = 0; |
60 |
static int matching_host_key_dns = 0; |
| 60 |
|
61 |
|
|
Lines 1191-1197
fail:
Link Here
|
| 1191 |
int |
1192 |
int |
| 1192 |
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) |
1193 |
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) |
| 1193 |
{ |
1194 |
{ |
| 1194 |
int flags = 0; |
1195 |
int r = -1, flags = 0; |
| 1195 |
char *fp; |
1196 |
char *fp; |
| 1196 |
Key *plain = NULL; |
1197 |
Key *plain = NULL; |
| 1197 |
|
1198 |
|
|
Lines 1199-1204
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
Link Here
|
| 1199 |
debug("Server host key: %s %s", key_type(host_key), fp); |
1200 |
debug("Server host key: %s %s", key_type(host_key), fp); |
| 1200 |
free(fp); |
1201 |
free(fp); |
| 1201 |
|
1202 |
|
|
|
1203 |
if (key_equal(previous_host_key, host_key)) { |
| 1204 |
debug("%s: server host key matches cached key", __func__); |
| 1205 |
return 0; |
| 1206 |
} |
| 1207 |
|
| 1202 |
if (options.verify_host_key_dns) { |
1208 |
if (options.verify_host_key_dns) { |
| 1203 |
/* |
1209 |
/* |
| 1204 |
* XXX certs are not yet supported for DNS, so downgrade |
1210 |
* XXX certs are not yet supported for DNS, so downgrade |
|
Lines 1213-1219
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
Link Here
|
| 1213 |
flags & DNS_VERIFY_MATCH && |
1219 |
flags & DNS_VERIFY_MATCH && |
| 1214 |
flags & DNS_VERIFY_SECURE) { |
1220 |
flags & DNS_VERIFY_SECURE) { |
| 1215 |
key_free(plain); |
1221 |
key_free(plain); |
| 1216 |
return 0; |
1222 |
r = 0; |
|
|
1223 |
goto done; |
| 1217 |
} |
1224 |
} |
| 1218 |
if (flags & DNS_VERIFY_MATCH) { |
1225 |
if (flags & DNS_VERIFY_MATCH) { |
| 1219 |
matching_host_key_dns = 1; |
1226 |
matching_host_key_dns = 1; |
|
Lines 1228-1236
verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
Link Here
|
| 1228 |
key_free(plain); |
1235 |
key_free(plain); |
| 1229 |
} |
1236 |
} |
| 1230 |
|
1237 |
|
| 1231 |
return check_host_key(host, hostaddr, options.port, host_key, RDRW, |
1238 |
r = check_host_key(host, hostaddr, options.port, host_key, RDRW, |
| 1232 |
options.user_hostfiles, options.num_user_hostfiles, |
1239 |
options.user_hostfiles, options.num_user_hostfiles, |
| 1233 |
options.system_hostfiles, options.num_system_hostfiles); |
1240 |
options.system_hostfiles, options.num_system_hostfiles); |
|
|
1241 |
|
| 1242 |
done: |
| 1243 |
if (r == 0 && host_key != NULL) { |
| 1244 |
key_free(previous_host_key); |
| 1245 |
previous_host_key = key_from_private(host_key); |
| 1246 |
} |
| 1247 |
|
| 1248 |
return r; |
| 1234 |
} |
1249 |
} |
| 1235 |
|
1250 |
|
| 1236 |
/* |
1251 |
/* |