upstream commit

Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
author: djm@openbsd.org <djm@openbsd.org> 2014-12-21 22:27:55 +0000
committer: Damien Miller <djm@mindrot.org> 2014-12-22 09:32:29 +1100
commit: 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch)
tree: 700a872e702c686c1815bb1049eb93e88079b598 /auth2-hostbased.c
parent: 058f839fe15c51be8b3a844a76ab9a8db550be4f (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 6787e4ca..b7ae3535 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.18 2014/07/15 15:54:14 millert Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.19 2014/12/21 22:27:56 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -208,13 +208,14 @@ hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
 	if (host_status == HOST_OK) {
 		if (key_is_cert(key)) {
 			fp = key_fingerprint(key->cert->signature_key,
-			    SSH_FP_MD5, SSH_FP_HEX);
+			    options.fingerprint_hash, SSH_FP_DEFAULT);
 			verbose("Accepted certificate ID \"%s\" signed by "
 			    "%s CA %s from %s@%s", key->cert->key_id,
 			    key_type(key->cert->signature_key), fp,
 			    cuser, lookup);
 		} else {
-			fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+			fp = key_fingerprint(key, options.fingerprint_hash,
+			    SSH_FP_DEFAULT);
 			verbose("Accepted %s public key %s from %s@%s",
 			    key_type(key), fp, cuser, lookup);
 		}
author	djm@openbsd.org <djm@openbsd.org>	2014-12-21 22:27:55 +0000
committer	Damien Miller <djm@mindrot.org>	2014-12-22 09:32:29 +1100
commit	56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 (patch)
tree	700a872e702c686c1815bb1049eb93e88079b598 /auth2-hostbased.c
parent	058f839fe15c51be8b3a844a76ab9a8db550be4f (diff)