Bugzilla – Attachment 2450 Details for
Bug 2154
Avoid key lookup overhead when re-keying
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
updated patch
rekey-cache-previous.diff (text/plain), 1.66 KB, created by
Damien Miller
on 2014-07-03 14:21:14 AEST
(
hide
)
Description:
updated patch
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2014-07-03 14:21:14 AEST
Size:
1.66 KB
patch
obsolete
>diff --git sshconnect.c sshconnect.c >index d90d3a5..de800c7 100644 >--- sshconnect.c >+++ sshconnect.c >@@ -55,6 +55,7 @@ > > char *client_version_string = NULL; > char *server_version_string = NULL; >+Key *previous_host_key = NULL; > > static int matching_host_key_dns = 0; > >@@ -1191,7 +1192,7 @@ fail: > int > verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) > { >- int flags = 0; >+ int r = -1, flags = 0; > char *fp; > Key *plain = NULL; > >@@ -1199,6 +1200,11 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) > debug("Server host key: %s %s", key_type(host_key), fp); > free(fp); > >+ if (key_equal(previous_host_key, host_key)) { >+ debug("%s: server host key matches cached key", __func__); >+ return 0; >+ } >+ > if (options.verify_host_key_dns) { > /* > * XXX certs are not yet supported for DNS, so downgrade >@@ -1213,7 +1219,8 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) > flags & DNS_VERIFY_MATCH && > flags & DNS_VERIFY_SECURE) { > key_free(plain); >- return 0; >+ r = 0; >+ goto done; > } > if (flags & DNS_VERIFY_MATCH) { > matching_host_key_dns = 1; >@@ -1228,9 +1235,17 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key) > key_free(plain); > } > >- return check_host_key(host, hostaddr, options.port, host_key, RDRW, >+ r = check_host_key(host, hostaddr, options.port, host_key, RDRW, > options.user_hostfiles, options.num_user_hostfiles, > options.system_hostfiles, options.num_system_hostfiles); >+ >+done: >+ if (r == 0 && host_key != NULL) { >+ key_free(previous_host_key); >+ previous_host_key = key_from_private(host_key); >+ } >+ >+ return r; > } > > /*
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2450">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2154
:
2337
|
2338
|
2341
| 2450