[Bug 1455] New: ssh client ignoring ad bit in dns response - OSX 10.5

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Apr 3 00:51:16 EST 2008


https://bugzilla.mindrot.org/show_bug.cgi?id=1455

           Summary: ssh client ignoring ad bit in dns response - OSX 10.5  
    Classification: Unclassified                                           
           Product: Portable OpenSSH                                       
           Version: 4.9p1                                                  
          Platform: ix86                                                   
        OS/Version: Mac OS X                                               
            Status: NEW                                                    
          Severity: normal                                                 
          Priority: P2                                                     
         Component: ssh                                                    
        AssignedTo: bitbucket at mindrot.org                                  
        ReportedBy: jake.knickerbocker at gmail.com                           


BIND_8_COMPAT appears to be required to be set by configure, and when
it is the ssh client is ignoring the ad bit set in the dns response,
resulting in a host key verification failure.

"debug1: found 1 insecure fingerprints in DNS"

Verified with a packet sniffer that the ad bit was indeed set in the
response.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list