[Bug 2799] RSA Signatures using SHA2 provided by different ssh-agent are not properly verified

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 8 14:23:50 AEDT 2017


--- Comment #4 from Damien Miller <djm at mindrot.org> ---
I don't think the "Check signature algorithm while verifying RSA
signatures" patch is correct: key types and signature types are allowed
to be different, and the patch doesn't actually supply the signature
type in many cases where we could (esp. KEX).

I'll have a look at this now.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list