summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
e222db1)
The general plan is that if PuTTY knows a host key for a server, it
should preferentially ask for the same type of key so that there's some
chance of actually getting the same key again. This should mean that
when a server (or PuTTY) adds a new host key type, PuTTY doesn't
gratuitously switch to that key type and then warn the user about an
unrecognised key.
int verify_ssh_host_key(void *frontend, char *host, int port,
const char *keytype, char *keystr, char *fingerprint,
void (*callback)(void *ctx, int result), void *ctx);
int verify_ssh_host_key(void *frontend, char *host, int port,
const char *keytype, char *keystr, char *fingerprint,
void (*callback)(void *ctx, int result), void *ctx);
+/*
+ * have_ssh_host_key() just returns true if a key of that type is
+ * already chached and false otherwise.
+ */
+int have_ssh_host_key(const char *host, int port, const char *keytype);
/*
* askalg has the same set of return values as verify_ssh_host_key.
*/
/*
* askalg has the same set of return values as verify_ssh_host_key.
*/
if (!s->got_session_id) {
/*
* In the first key exchange, we list all the algorithms
if (!s->got_session_id) {
/*
* In the first key exchange, we list all the algorithms
- * we're prepared to cope with.
+ * we're prepared to cope with, but prefer those algorithms
+ * for which we have a host key for this host.
+ for (i = 0; i < lenof(hostkey_algs); i++) {
+ if (have_ssh_host_key(ssh->savedhost, ssh->savedport,
+ hostkey_algs[i]->keytype)) {
+ assert(n < MAXKEXLIST);
+ s->kexlists[KEXLIST_HOSTKEY][n].name =
+ hostkey_algs[i]->name;
+ s->kexlists[KEXLIST_HOSTKEY][n].u.hostkey = hostkey_algs[i];
+ n++;
+ }
+ }
for (i = 0; i < lenof(hostkey_algs); i++) {
assert(n < MAXKEXLIST);
s->kexlists[KEXLIST_HOSTKEY][n].name = hostkey_algs[i]->name;
for (i = 0; i < lenof(hostkey_algs); i++) {
assert(n < MAXKEXLIST);
s->kexlists[KEXLIST_HOSTKEY][n].name = hostkey_algs[i]->name;
+int have_ssh_host_key(const char *hostname, int port,
+ const char *keytype)
+{
+ /*
+ * If we have a host key, verify_host_key will return 0 or 2.
+ * If we don't have one, it'll return 1.
+ */
+ return verify_host_key(hostname, port, keytype, "") != 1;
+}
+
void store_host_key(const char *hostname, int port,
const char *keytype, const char *key)
{
void store_host_key(const char *hostname, int port,
const char *keytype, const char *key)
{
return 0; /* key matched OK in registry */
}
return 0; /* key matched OK in registry */
}
+int have_ssh_host_key(const char *hostname, int port,
+ const char *keytype)
+{
+ /*
+ * If we have a host key, verify_host_key will return 0 or 2.
+ * If we don't have one, it'll return 1.
+ */
+ return verify_host_key(hostname, port, keytype, "") != 1;
+}
+
void store_host_key(const char *hostname, int port,
const char *keytype, const char *key)
{
void store_host_key(const char *hostname, int port,
const char *keytype, const char *key)
{