fixed #358 - relax strict kex checks to match OpenSSH

Eugeny · Sep 29, 2024 · 3f7271b · 3f7271b
1 parent 459544a
commit 3f7271b
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/russh/src/client/encrypted.rs b/russh/src/client/encrypted.rs
@@ -26,7 +26,7 @@ use crate::negotiation::{Named, Select};
 use crate::parsing::{ChannelOpenConfirmation, ChannelType, OpenChannelMessage};
 use crate::session::{Encrypted, EncryptedState, GlobalRequestResponse, Kex, KexInit};
 use crate::{
-    auth, msg, negotiation, strict_kex_violation, Channel, ChannelId, ChannelMsg,
+    auth, msg, negotiation, Channel, ChannelId, ChannelMsg,
     ChannelOpenFailure, ChannelParams, CryptoVec, Sig,
 };
 
@@ -70,11 +70,9 @@ impl Session {
                     None
                 };
 
-                if let Some(kexinit) = kexinit {
-                    if let Some(ref algo) = kexinit.algo {
-                        if self.common.strict_kex && !algo.strict_kex {
-                            return Err(strict_kex_violation(msg::KEXINIT, 0).into());
-                        }
+                if let Some(mut kexinit) = kexinit {
+                    if let Some(ref mut algo) = kexinit.algo {
+                        algo.strict_kex = algo.strict_kex || self.common.strict_kex;
                     }
 
                     let dhdone = kexinit.client_parse(