[Bug 3351] RSA SHA256 certificates no longer work
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Oct 8 00:58:32 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3351
--- Comment #3 from denisenkom at gmail.com ---
Attached client log.
Certificate rejection happens on the client.
In sshconnect2.c this line is executed:
1857: sent = send_pubkey_test(ssh, id);
Then in send_pubkey_test function this line is executed:
1503: if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) {
Then in key_sig_algorithm function this line is executed:
1195: return match_list(sshkey_ssh_name(key),
Here sshkey_ssh_name returns "ssh-rsa-cert-v01 at openssh.com" and it is
compared against a list which is initialized by KEX_DEFAULT_PK_ALG,
which does not contain "ssh-rsa-cert-v01 at openssh.com". That check
fails and "no mutual signature supported" error is reported.
I was able to "fix" this problem by adding
"ssh-rsa-cert-v01 at openssh.com," into KEX_DEFAULT_PK_ALG in myproposal.h
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list