Replace the old fingerprint of the host with a new.
Closes #5685
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
now so this causes a CURLE_DEFER error but
otherwise the connection will be left intact
etc */
+ CURLKHSTAT_FINE_REPLACE
};
enum curl_khmatch {
info from libcurl on the matching status and a custom pointer (set with
\fICURLOPT_SSH_KEYDATA(3)\fP). It MUST return one of the following return
codes to tell libcurl how to act:
-
+.IP CURLKHSTAT_FINE_REPLACE
+The new host+key is accepted and libcurl will replace the old host+key into
+the known_hosts file before continuing with the connection. This will also
+add the new host+key combo to the known_host pool kept in memory if it wasn't
+already present there. The adding of data to the file is done by completely
+replacing the file with a new copy, so the permissions of the file must allow
+this. (Added in 7.73.0)
.IP CURLKHSTAT_FINE_ADD_TO_FILE
The host+key is accepted and libcurl will append it to the known_hosts file
before continuing with the connection. This will also add the host+key combo
CURLKHSTAT_DEFER 7.19.6
CURLKHSTAT_FINE 7.19.6
CURLKHSTAT_FINE_ADD_TO_FILE 7.19.6
+CURLKHSTAT_FINE_REPLACE 7.73.0
CURLKHSTAT_REJECT 7.19.6
CURLKHTYPE_DSS 7.19.6
CURLKHTYPE_ECDSA 7.58.0
CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right now so
this causes a CURLE_DEFER error but otherwise the
connection will be left intact etc */
+ CURLKHSTAT_FINE_REPLACE, /* accept and replace the wrong key*/
CURLKHSTAT_LAST /* not for use, only a marker for last-in-list */
};
if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
/* we're asked to verify the host against a file */
struct ssh_conn *sshc = &conn->proto.sshc;
+ struct libssh2_knownhost *host = NULL;
int rc;
int keytype;
size_t keylen;
* What host name does OpenSSH store in its file if an IDN name is
* used?
*/
- struct libssh2_knownhost *host;
enum curl_khmatch keymatch;
curl_sshkeycallback func =
data->set.ssh_keyfunc?data->set.ssh_keyfunc:sshkeycallback;
/* DEFER means bail out but keep the SSH_HOSTKEY state */
result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
break;
+ case CURLKHSTAT_FINE_REPLACE:
+ /* remove old host+key that doesn't match */
+ if(host)
+ libssh2_knownhost_del(sshc->kh, host);
+ /*FALLTHROUGH*/
case CURLKHSTAT_FINE:
+ /*FALLTHROUGH*/
case CURLKHSTAT_FINE_ADD_TO_FILE:
/* proceed */
if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) {
if(addrc)
infof(data, "Warning adding the known host %s failed!\n",
conn->host.name);
- else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE) {
+ else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE ||
+ rc == CURLKHSTAT_FINE_REPLACE) {
/* now we write the entire in-memory list of known hosts to the
known_hosts file */
int wrc =
projects / thirdparty / curl.git / commitdiff
