nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-18 19:41:01 -05:00
Code Issues Projects Releases Wiki Activity

Permit configuring RSA signature types in certificates.

Browse Source 
As distinct from the type of signature generated by the SSH server
itself from the host key, this lets you exclude (and by default does
exclude) the old "ssh-rsa" SHA-1 signature type from the signature of
the CA on the certificate.
This commit is contained in:
Simon Tatham
2022-05-02 10:18:16 +01:00
parent e34e0220ab
commit dc7ba12253
12 changed files with 215 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ssh.h
View File

@ -848,7 +848,8 @@ struct ssh_keyalg {
/* The following methods can be NULL if !is_certificate */
void (*ca_public_blob)(ssh_key *key, BinarySink *);
bool (*check_cert)(ssh_key *key, bool host, ptrlen principal,
uint64_t time, BinarySink *error);
uint64_t time, const ca_options *opts,
BinarySink *error);
void (*cert_id_string)(ssh_key *key, BinarySink *);
/* 'Class methods' that don't deal with an ssh_key at all */
@ -904,8 +905,8 @@ static inline void ssh_key_cert_id_string(ssh_key *key, BinarySink *bs)
{ key->vt->cert_id_string(key, bs); }
static inline bool ssh_key_check_cert(
ssh_key *key, bool host, ptrlen principal, uint64_t time,
BinarySink *error)
{ return key->vt->check_cert(key, host, principal, time, error); }
const ca_options *opts, BinarySink *error)
{ return key->vt->check_cert(key, host, principal, time, opts, error); }
static inline int ssh_key_public_bits(const ssh_keyalg *self, ptrlen blob)
{ return self->pubkey_bits(self, blob); }
static inline const ssh_keyalg *ssh_key_alg(ssh_key *key)