[mina-sshd] branch master updated: [SSHD-1024] Allow other signatures to use rsa variants

Thu, 02 Jul 2020 09:41:01 -0700 

This is an automated email from the ASF dual-hosted git repository.

lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git


The following commit(s) were added to refs/heads/master by this push:
     new b9ddc14  [SSHD-1024] Allow other signatures to use rsa variants
b9ddc14 is described below

commit b9ddc148636a0c18a2dd16e4afd16c18d31594dd
Author: FliegenKLATSCH <ch...@koras.de>
AuthorDate: Thu Jul 2 19:38:37 2020 +0300

    [SSHD-1024] Allow other signatures to use rsa variants
---
 .../java/org/apache/sshd/client/kex/DHGClient.java | 26 ++++++++++------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java 
b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
index aefedb4..b557a72 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
@@ -192,21 +192,19 @@ public class DHGClient extends 
AbstractDHClientKeyExchange {
         String keyAlg = KeyUtils.getKeyType(signatureKey);
         String keyId = openSshKey.getId();
 
-        if (KeyPairProvider.SSH_RSA_CERT.equals(openSshKey.getKeyType())) {
-            // allow sha2 signatures for legacy reasons
-            String variant = openSshKey.getSignatureAlg();
-            if ((!GenericUtils.isEmpty(variant))
-                    && 
KeyPairProvider.SSH_RSA.equals(KeyUtils.getCanonicalKeyType(variant))) {
-                if (log.isDebugEnabled()) {
-                    log.debug("verifyCertificate({})[id={}] Allowing to use 
variant {} instead of {}",
-                            session, keyId, variant, keyAlg);
-                }
-                keyAlg = variant;
-            } else {
-                throw new SshException(
-                        SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
-                        "Found invalid signature alg " + variant + " for key 
ID=" + keyId);
+        // allow sha2 signatures for legacy reasons
+        String variant = openSshKey.getSignatureAlg();
+        if ((!GenericUtils.isEmpty(variant))
+                && 
KeyPairProvider.SSH_RSA.equals(KeyUtils.getCanonicalKeyType(variant))) {
+            if (log.isDebugEnabled()) {
+                log.debug("verifyCertificate({})[id={}] Allowing to use 
variant {} instead of {}",
+                        session, keyId, variant, keyAlg);
             }
+            keyAlg = variant;
+        } else {
+            throw new SshException(
+                    SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
+                    "Found invalid signature alg " + variant + " for key ID=" 
+ keyId);
         }
 
         Signature verif = ValidateUtils.checkNotNull(

Reply via email to