Changelog and test re #1955

2 files changed, 17 insertions, 0 deletions

diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index eeae86ef..091fe118 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
 Changelog
 =========
 
+- :bug:`1955` Server-side support for ``rsa-sha2-256`` and ``ssh-rsa`` wasn't
+  fully operable after 2.9.0's release (signatures for RSA pubkeys were always
+  run through ``rsa-sha2-512`` instead). Report and early stab at a fix
+  courtesy of Jun Omae.
 - :release:`2.9.0 <2021-12-23>`
 - :feature:`1643` (also :issue:`1925`, :issue:`1644`, :issue:`1326`) Add
   support for SHA-2 variants of RSA key verification algorithms (as described
diff --git a/tests/test_transport.py b/tests/test_transport.py
index 6145e5cb..77ffd6c1 100644
--- a/tests/test_transport.py
+++ b/tests/test_transport.py
@@ -1438,3 +1438,16 @@ class TestSHA2SignaturePubkeys(unittest.TestCase):
         ) as (tc, ts):
             assert tc.is_authenticated()
             assert tc._agreed_pubkey_algorithm == "rsa-sha2-256"
+
+    def test_sha2_256_when_client_only_enables_256(self):
+        privkey = RSAKey.from_private_key_file(_support("test_rsa.key"))
+        with server(
+            pubkeys=[privkey],
+            connect=dict(pkey=privkey),
+            # Client-side only; server still accepts all 3.
+            client_init=dict(
+                disabled_algorithms=dict(pubkeys=["ssh-rsa", "rsa-sha2-512"])
+            ),
+        ) as (tc, ts):
+            assert tc.is_authenticated()
+            assert tc._agreed_pubkey_algorithm == "rsa-sha2-256"