diff options
| author | Mats Lindestam <matslm@axis.com> | 2021-09-26 23:20:53 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2021-09-26 23:20:53 +0200 |
| commit | d1e7d9197b7fe417fb4d62aad5ea8f15a06d906c (patch) | |
| tree | 549f3d1e4f04ecc8c499aafa4d21bd968b32a461 /src | |
| parent | 1ca62bb5ce3f37174d4bf3f9f70674c4af4396df (diff) | |
| download | curl-d1e7d9197b7fe417fb4d62aad5ea8f15a06d906c.tar.gz | |
libssh2: add SHA256 fingerprint support
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
Diffstat (limited to 'src')
| -rw-r--r-- | src/tool_cfgable.c | 1 | ||||
| -rw-r--r-- | src/tool_cfgable.h | 1 | ||||
| -rw-r--r-- | src/tool_getparam.c | 4 | ||||
| -rw-r--r-- | src/tool_help.c | 3 | ||||
| -rw-r--r-- | src/tool_operate.c | 5 |
5 files changed, 14 insertions, 0 deletions
diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c index c3f7cecb1..34e17ce55 100644 --- a/src/tool_cfgable.c +++ b/src/tool_cfgable.c @@ -131,6 +131,7 @@ static void free_config_fields(struct OperationConfig *config) Curl_safefree(config->proxy_key_passwd); Curl_safefree(config->pubkey); Curl_safefree(config->hostpubmd5); + Curl_safefree(config->hostpubsha256); Curl_safefree(config->engine); Curl_safefree(config->etag_save_file); Curl_safefree(config->etag_compare_file); diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index b00aacb76..eff55f95d 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -158,6 +158,7 @@ struct OperationConfig { char *proxy_key_passwd; char *pubkey; char *hostpubmd5; + char *hostpubsha256; char *engine; char *etag_save_file; char *etag_compare_file; diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 73ba8f537..1de79634c 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -241,6 +241,7 @@ static const struct LongShort aliases[]= { {"Eg", "capath", ARG_FILENAME}, {"Eh", "pubkey", ARG_STRING}, {"Ei", "hostpubmd5", ARG_STRING}, + {"EF", "hostpubsha256", ARG_STRING}, {"Ej", "crlfile", ARG_FILENAME}, {"Ek", "tlsuser", ARG_STRING}, {"El", "tlspassword", ARG_STRING}, @@ -1602,6 +1603,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ if(!config->hostpubmd5 || strlen(config->hostpubmd5) != 32) return PARAM_BAD_USE; break; + case 'F': /* --hostpubsha256 sha256 of the host public key */ + GetStr(&config->hostpubsha256, nextarg); + break; case 'j': /* CRL file */ GetStr(&config->crlfile, nextarg); break; diff --git a/src/tool_help.c b/src/tool_help.c index cc23b12e2..46969e77f 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -346,6 +346,9 @@ static const struct helptxt helptext[] = { {" --hostpubmd5 <md5>", "Acceptable MD5 hash of the host public key", CURLHELP_SFTP | CURLHELP_SCP}, + {" --hostpubsha256 <sha256>", + "Acceptable SHA256 hash of the host public key", + CURLHELP_SFTP | CURLHELP_SCP}, {" --hsts <file name>", "Enable HSTS with this cache file", CURLHELP_HTTP}, diff --git a/src/tool_operate.c b/src/tool_operate.c index ca53d29f7..5d24ccb7d 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1408,6 +1408,11 @@ static CURLcode single_transfer(struct GlobalConfig *global, my_setopt_str(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, config->hostpubmd5); + /* new in libcurl 7.80.0: SSH host key sha256 checking allows us + to fail if we are not talking to who we think we should */ + my_setopt_str(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, + config->hostpubsha256); + /* new in libcurl 7.56.0 */ if(config->ssh_compression) my_setopt(curl, CURLOPT_SSH_COMPRESSION, 1L); |