diff options
| author | Christopher Speller <crspeller@gmail.com> | 2017-05-17 16:51:25 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-05-17 16:51:25 -0400 |
| commit | d103ed6ca97ca5a2669f6cf5fe4b3d2a9c945f26 (patch) | |
| tree | dbde13123c6add150448f7b75753ac022d862475 /vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go | |
| parent | cd23b8139a9463b67e3096744321f6f4eb0ca40a (diff) | |
| download | chat-d103ed6ca97ca5a2669f6cf5fe4b3d2a9c945f26.tar.gz chat-d103ed6ca97ca5a2669f6cf5fe4b3d2a9c945f26.tar.bz2 chat-d103ed6ca97ca5a2669f6cf5fe4b3d2a9c945f26.zip | |
Upgrading server dependancies (#6431)
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go')
| -rw-r--r-- | vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go b/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go index d1f371868..ea92b2983 100644 --- a/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go +++ b/vendor/golang.org/x/crypto/ssh/knownhosts/knownhosts.go @@ -144,11 +144,16 @@ func keyEq(a, b ssh.PublicKey) bool { return bytes.Equal(a.Marshal(), b.Marshal()) } -// IsAuthority can be used as a callback in ssh.CertChecker -func (db *hostKeyDB) IsAuthority(remote ssh.PublicKey) bool { +// IsAuthorityForHost can be used as a callback in ssh.CertChecker +func (db *hostKeyDB) IsHostAuthority(remote ssh.PublicKey, address string) bool { + h, p, err := net.SplitHostPort(address) + if err != nil { + return false + } + a := addr{host: h, port: p} + for _, l := range db.lines { - // TODO(hanwen): should we check the hostname against host pattern? - if l.cert && keyEq(l.knownKey.Key, remote) { + if l.cert && keyEq(l.knownKey.Key, remote) && l.match([]addr{a}) { return true } } @@ -409,9 +414,7 @@ func (db *hostKeyDB) Read(r io.Reader, filename string) error { // New creates a host key callback from the given OpenSSH host key // files. The returned callback is for use in -// ssh.ClientConfig.HostKeyCallback. Hostnames are ignored for -// certificates, ie. any certificate authority is assumed to be valid -// for all remote hosts. Hashed hostnames are not supported. +// ssh.ClientConfig.HostKeyCallback. Hashed hostnames are not supported. func New(files ...string) (ssh.HostKeyCallback, error) { db := newHostKeyDB() for _, fn := range files { @@ -425,12 +428,8 @@ func New(files ...string) (ssh.HostKeyCallback, error) { } } - // TODO(hanwen): properly supporting certificates requires an - // API change in the SSH library: IsAuthority should provide - // the address too? - var certChecker ssh.CertChecker - certChecker.IsAuthority = db.IsAuthority + certChecker.IsHostAuthority = db.IsHostAuthority certChecker.IsRevoked = db.IsRevoked certChecker.HostKeyFallback = db.check |