Package: libssh2-1 Version: 1.8.0-2.1 Severity: normal Dear Maintainer,
We are using libcurl for SFTP in our own software. Libcurl in turn relies on libssl2 for this feature. We already use libcurl for HTTP and HTTPS, so we would like to stick with that level so we have more common code. We have a tool containing our code for testing. With that we tested support for ECDSA client keys. This works with the OpenSSH tool "sftp", but not with our software. When we compare the server debug log (OpenSSH in debug mode, level debug3) with what we get from running the sftp tool, the authentification sequence stops earlier, before reaching success. We also have a unit test that runs our code in a loop and that shows memory leaks. Scanning the changelogs of libssh2, it seems that there are important updates for both of these problems in libssh2 in the current version 1.9. So before investigating further, we would like to ask, when we can expect that version to come to Debian and if there is something we can do to help. Regards, Benjamin Riefenstahl, mecom GmbH -- System Information: Debian Release: 10.3 APT prefers stable-debug APT policy: (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libssh2-1 depends on: ii libc6 2.28-10 ii libgcrypt20 1.8.4-5 ii zlib1g 1:1.2.11.dfsg-1 libssh2-1 recommends no packages. libssh2-1 suggests no packages. -- no debconf information -- mecom Medien-Communikations-Gesellschaft mbH Mittelweg 143, D 20148 Hamburg Tel: +49 40 411332 801 Fax: +49 40 451962 http://www.mecom.de Registergericht Hamburg, HRB 43177 Geschäftsführung: Barbara Bliefert, Norbert Schmidt-Banasch
