[Bug 2799] RSA Signatures using SHA2 provided by different ssh-agent are not properly verified
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 8 14:23:50 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2799
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I don't think the "Check signature algorithm while verifying RSA
signatures" patch is correct: key types and signature types are allowed
to be different, and the patch doesn't actually supply the signature
type in many cases where we could (esp. KEX).
I'll have a look at this now.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list