[Bug 3351] RSA SHA256 certificates no longer work

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Oct 8 00:58:32 AEDT 2021


--- Comment #3 from denisenkom at gmail.com ---
Attached client log.

Certificate rejection happens on the client.
In sshconnect2.c this line is executed:

1857:   sent = send_pubkey_test(ssh, id);

Then in send_pubkey_test function this line is executed:

1503:   if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) {

Then in key_sig_algorithm function this line is executed:

1195:   return match_list(sshkey_ssh_name(key),

Here sshkey_ssh_name returns "ssh-rsa-cert-v01 at openssh.com" and it is
compared against a list which is initialized by KEX_DEFAULT_PK_ALG,
which does not contain "ssh-rsa-cert-v01 at openssh.com".  That check
fails and "no mutual signature supported" error is reported.

I was able to "fix" this problem by adding
"ssh-rsa-cert-v01 at openssh.com," into KEX_DEFAULT_PK_ALG in myproposal.h

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list