From cd7eb9e0f2063e5733e2481569bcbc2883704d20 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Sun, 23 Mar 2025 21:53:49 +0100 Subject: [PATCH] libssh2: fix to ignore `known_hosts` if SHA256 host public key is set Syncing behavior with MD5 host public keys. libcurl implemented to force a host key type for hosts is present in `known_hosts`, and disabled this logic when an MD5 host public key is explicitly set. libcurl later received support for SHA256 host public keys. This update missed to extend the `known_hosts` logic with the new key type. This caused test 3022 to fail if a pre-existing `known_hosts` listed the test server IP (127.0.0.1) with a non-RSA host key algo. Follow-up to d1e7d9197b7fe417fb4d62aad5ea8f15a06d906c #7646 Follow-up to 272282a05416e42d2cc4a847a31fd457bc6cc827 #4747 Closes #16805 --- lib/vssh/libssh2.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c index 2447d1ddf9..c2e2223519 100644 --- a/lib/vssh/libssh2.c +++ b/lib/vssh/libssh2.c @@ -796,7 +796,9 @@ static CURLcode ssh_force_knownhost_key_type(struct Curl_easy *data) int port = 0; bool found = FALSE; - if(sshc->kh && !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5]) { + if(sshc->kh && + !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_MD5] && + !data->set.str[STRING_SSH_HOST_PUBLIC_KEY_SHA256]) { /* lets try to find our host in the known hosts file */ while(!libssh2_knownhost_get(sshc->kh, &store, store)) { /* For non-standard ports, the name will be enclosed in */ -- 2.47.3