Add -cert-v01@openssh.com variants to accepted host key algorithms

Solves #2035
author: Jeff Forcier <jeff@bitprophet.org> 2022-04-22 19:11:03 -0400
committer: Jeff Forcier <jeff@bitprophet.org> 2022-04-22 19:12:32 -0400
commit: 7a2c84afaada7a513ee482ba36e8848528b6f5f3 (patch)
tree: 2494ec3ce75a1360800531deb33e3593198e6377 /sites
parent: 239d2bd7a620be5cdaaa26f981ea72f5f55c9050 (diff)
download: paramiko-7a2c84afaada7a513ee482ba36e8848528b6f5f3.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 067a73ba..eb1e0704 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,10 @@
 Changelog
 =========
 
+- :bug:`2035` Servers offering certificate variants of hostkey algorithms (eg
+  ``ssh-rsa-cert-v01@openssh.com``) could not have their host keys verified by
+  Paramiko clients, as it only ever considered non-cert key types for that part
+  of connection handshaking. This has been fixed.
 - :release:`2.10.3 <2022-03-18>`
 - :release:`2.9.3 <2022-03-18>`
 - :bug:`1963` (via :issue:`1977`) Certificate-based pubkey auth was
author	Jeff Forcier <jeff@bitprophet.org>	2022-04-22 19:11:03 -0400
committer	Jeff Forcier <jeff@bitprophet.org>	2022-04-22 19:12:32 -0400
commit	7a2c84afaada7a513ee482ba36e8848528b6f5f3 (patch)
tree	2494ec3ce75a1360800531deb33e3593198e6377 /sites
parent	239d2bd7a620be5cdaaa26f981ea72f5f55c9050 (diff)
download	paramiko-7a2c84afaada7a513ee482ba36e8848528b6f5f3.tar.gz