diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2021-12-08 21:19:13 -0500 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2021-12-23 00:26:44 -0500 |
| commit | 5bf2d8ae5de981883dcce49f2275d03f5a7decd6 (patch) | |
| tree | a408396361d3950310a1b6f517c9809d23d651ec /paramiko/transport.py | |
| parent | ea373f9f4c0b4e13936e16f8ae642b05a4ce21c8 (diff) | |
| download | paramiko-5bf2d8ae5de981883dcce49f2275d03f5a7decd6.tar.gz | |
Longterm TODOs
Diffstat (limited to 'paramiko/transport.py')
| -rw-r--r-- | paramiko/transport.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/paramiko/transport.py b/paramiko/transport.py index 8919043f..a09ed101 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -2272,6 +2272,14 @@ class Transport(threading.Thread, ClosingContextManager): available_server_keys = list( filter( list(self.server_key_dict.keys()).__contains__, + # TODO: ensure tests will catch if somebody streamlines + # this by mistake - case is the admittedly silly one where + # the only calls to add_server_key() contain keys which + # were filtered out of the below via disabled_algorithms. + # If this is streamlined, we would then be allowing the + # disabled algorithm(s) for hostkey use + # TODO: honestly this prob just wants to get thrown out + # when we make kex configuration more straightforward self.preferred_keys, ) ) @@ -2291,6 +2299,9 @@ class Transport(threading.Thread, ClosingContextManager): m.add_list(self.preferred_compression) m.add_string(bytes()) m.add_string(bytes()) + # TODO: guess Robey never implemented the "guessing" part of the + # protocol. (Transport also never stores or acts on this flag's value + # in _parse_kex_init(), besides logging it to DEBUG.) m.add_boolean(False) m.add_int(0) # save a copy for later (needed to compute a hash) @@ -2351,6 +2362,9 @@ class Transport(threading.Thread, ClosingContextManager): filter(kex_algo_list.__contains__, self.preferred_kex) ) if len(agreed_kex) == 0: + # TODO: do an auth-overhaul style aggregate exception here? + # TODO: would let us streamline log output & show all failures up + # front raise SSHException( "Incompatible ssh peer (no acceptable kex algorithm)" ) # noqa @@ -2877,6 +2891,9 @@ class Transport(threading.Thread, ClosingContextManager): } +# TODO 3.0: drop this, we barely use it ourselves, it badly replicates the +# Transport-internal algorithm management, AND does so in a way which doesn't +# honor newer things like disabled_algorithms! class SecurityOptions(object): """ Simple object containing the security preferences of an ssh transport. |