libssh2: fix to ignore `known_hosts` if SHA256 host public key is set

Syncing behavior with MD5 host public keys.

libcurl implemented to force a host key type for hosts is present in
`known_hosts`, and disabled this logic when an MD5 host public key is
explicitly set. libcurl later received support for SHA256 host public
keys. This update missed to extend the `known_hosts` logic with the new
key type.

This caused test 3022 to fail if a pre-existing `known_hosts` listed
the test server IP (127.0.0.1) with a non-RSA host key algo.

Follow-up to d1e7d9197b7fe417fb4d62aad5ea8f15a06d906c #7646
Follow-up to 272282a05416e42d2cc4a847a31fd457bc6cc827 #4747

Closes #16805

diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index 2447d1ddf90d858a6992882fe77ad574d08e4018..c2e2223519cf46499db78d5b71e5a6396139c0d7 100644 (file)
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -796,7 +796,9 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data)
   int port = 0;
   bool found = FALSE;
 
-  if(sshc->kh && !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) {
+  if(sshc->kh &&
+     !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5] &&
+     !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256]) {
     /* lets try to find our host in the known hosts file */
     while(!libssh2_knownhost_get(sshc->kh, &store, store)) {
       /* For non-standard ports, the name will be enclosed in */