From b9ddc148636a0c18a2dd16e4afd16c18d31594dd Mon Sep 17 00:00:00 2001 From: FliegenKLATSCH Date: Thu, 2 Jul 2020 19:38:37 +0300 Subject: [PATCH] [SSHD-1024] Allow other signatures to use rsa variants --- .../org/apache/sshd/client/kex/DHGClient.java | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java index aefedb44a..b557a72c9 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java @@ -192,21 +192,19 @@ protected void verifyCertificate(Session session, OpenSshCertificate openSshKey) String keyAlg = KeyUtils.getKeyType(signatureKey); String keyId = openSshKey.getId(); - if (KeyPairProvider.SSH_RSA_CERT.equals(openSshKey.getKeyType())) { - // allow sha2 signatures for legacy reasons - String variant = openSshKey.getSignatureAlg(); - if ((!GenericUtils.isEmpty(variant)) - && KeyPairProvider.SSH_RSA.equals(KeyUtils.getCanonicalKeyType(variant))) { - if (log.isDebugEnabled()) { - log.debug("verifyCertificate({})[id={}] Allowing to use variant {} instead of {}", - session, keyId, variant, keyAlg); - } - keyAlg = variant; - } else { - throw new SshException( - SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, - "Found invalid signature alg " + variant + " for key ID=" + keyId); + // allow sha2 signatures for legacy reasons + String variant = openSshKey.getSignatureAlg(); + if ((!GenericUtils.isEmpty(variant)) + && KeyPairProvider.SSH_RSA.equals(KeyUtils.getCanonicalKeyType(variant))) { + if (log.isDebugEnabled()) { + log.debug("verifyCertificate({})[id={}] Allowing to use variant {} instead of {}", + session, keyId, variant, keyAlg); } + keyAlg = variant; + } else { + throw new SshException( + SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED, + "Found invalid signature alg " + variant + " for key ID=" + keyId); } Signature verif = ValidateUtils.checkNotNull(