nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-06-30 19:12:48 -05:00
Code Issues Projects Releases Wiki Activity

Permit configuring RSA signature types in certificates.

Browse Source 
As distinct from the type of signature generated by the SSH server
itself from the host key, this lets you exclude (and by default does
exclude) the old "ssh-rsa" SHA-1 signature type from the signature of
the CA on the certificate.
This commit is contained in:
Simon Tatham
2022-05-02 10:18:16 +01:00
parent e34e0220ab
commit dc7ba12253
12 changed files with 215 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
unix/storage.c
View File

@ -666,6 +666,12 @@ host_ca *host_ca_load(const char *name)
hca->n_hostname_wildcards);
hca->hostname_wildcards[hca->n_hostname_wildcards++] =
dupstr(value);
} else if (!strcmp(line, "PermitRSASHA1")) {
hca->opts.permit_rsa_sha1 = atoi(value);
} else if (!strcmp(line, "PermitRSASHA256")) {
hca->opts.permit_rsa_sha256 = atoi(value);
} else if (!strcmp(line, "PermitRSASHA512")) {
hca->opts.permit_rsa_sha512 = atoi(value);
}
sfree(line);
@ -691,6 +697,10 @@ char *host_ca_save(host_ca *hca)
for (size_t i = 0; i < hca->n_hostname_wildcards; i++)
fprintf(fp, "MatchHosts=%s\n", hca->hostname_wildcards[i]);
fprintf(fp, "PermitRSASHA1=%d\n", (int)hca->opts.permit_rsa_sha1);
fprintf(fp, "PermitRSASHA256=%d\n", (int)hca->opts.permit_rsa_sha256);
fprintf(fp, "PermitRSASHA512=%d\n", (int)hca->opts.permit_rsa_sha512);
bool bad = ferror(fp);
if (fclose(fp) < 0)
bad = true;