| Summary: | ssh uses obsolete SIG RRtype | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Simon Vallet <svallet> | ||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | normal | CC: | djm | ||||
| Priority: | P2 | ||||||
| Version: | -current | ||||||
| Hardware: | Other | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 1353 | ||||||
| Attachments: |
|
||||||
fixed as part of a sync from OpenBSD's getrrsetbyname implementation, which recently picked up a similar change. openssh-4.8 will include this. Fix shipped in 4.9/4.9p1 release. |
Created attachment 1296 [details] Patch against CVS ssh uses an obsolete RRtype to check for signatures on SSHFP records : SIG (RRtype 24) is obsolete for RR signature records since RFC 3755 (see ยง3 there). The minimal patch below fixes the problem by using RRSIG (RRtype 46) instead.