From 42aa6f597e09df17f6a6ec19737ff3d36b47adb7 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Jan 13 2023 14:24:38 +0000 Subject: Do not try to use SHA1 for host key ownership proof when we don't support it server-side Related: rhbz#2088750 --- diff --git a/openssh-8.7p1-nohostsha1proof.patch b/openssh-8.7p1-nohostsha1proof.patch index 4f173f1..a5323e4 100644 --- a/openssh-8.7p1-nohostsha1proof.patch +++ b/openssh-8.7p1-nohostsha1proof.patch @@ -72,7 +72,7 @@ diff -up openssh-8.7p1/sshd.c.sshrsacheck openssh-8.7p1/sshd.c key = NULL; continue; } -+ if (sshkey_type_plain(key->type) == KEY_RSA || sshkey_type_plain(key->type) == KEY_RSA_CERT) { ++ if (key && (sshkey_type_plain(key->type) == KEY_RSA || sshkey_type_plain(key->type) == KEY_RSA_CERT)) { + size_t sign_size = 0; + u_char *tmp = NULL; + u_char data[] = "Test SHA1 vector";