diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-10-03 10:11:28 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-10-03 10:31:49 +0200 |
| commit | 13cee44ef907824083d89cb9395adbbd552e46c1 (patch) | |
| tree | 7b742893adfac8c1243f912b1b403686d5ad0fa7 /kex.h | |
| parent | upstream: prefer ed25519 signature algorithm variants to ECDSA; ok (diff) | |
| download | openssh-13cee44ef907824083d89cb9395adbbd552e46c1.tar.xz openssh-13cee44ef907824083d89cb9395adbbd552e46c1.zip | |
upstream: record when the host key checking code downgrades a
certificate host key to a plain key. This occurs when the user connects to a
host with a certificate host key but no corresponding CA key configured in
known_hosts; feedback and ok markus@
OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901
Diffstat (limited to 'kex.h')
| -rw-r--r-- | kex.h | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.109 2019/09/06 05:23:55 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.110 2020/10/03 08:11:28 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -105,8 +105,10 @@ enum kex_exchange { KEX_MAX }; -#define KEX_INIT_SENT 0x0001 -#define KEX_INITIAL 0x0002 +/* kex->flags values */ +#define KEX_INIT_SENT 0x0001 /* KEXINIT sent */ +#define KEX_INITIAL 0x0002 /* Initial KEX, not rekey */ +#define KEX_HOSTCERT_CONVERT 0x0004 /* Client downgraded hostcert->plain */ struct sshenc { char *name; |