diff options
author | Phillip Hellewell <phillip.hellewell@mx.com> | 2022-10-11 10:36:14 -0600 |
---|---|---|
committer | Phillip Hellewell <phillip.hellewell@mx.com> | 2022-10-11 10:36:14 -0600 |
commit | 0239707d845c6bf1d9d77e5f8a802195d18cad84 (patch) | |
tree | db7c2d8d0b2bf764f7882d57d0ec56e72e639f37 | |
parent | 49a229ae1219a65d86414137f0396231a3c0b8f6 (diff) | |
download | net-ssh-0239707d845c6bf1d9d77e5f8a802195d18cad84.tar.gz |
Fix certificate signature_valid? check
Need to pass in :host_key option so it will verify using the correct
signature algorithm instead of always using SHA1.
-rw-r--r-- | lib/net/ssh/authentication/certificate.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/net/ssh/authentication/certificate.rb b/lib/net/ssh/authentication/certificate.rb index 5250789..045987d 100644 --- a/lib/net/ssh/authentication/certificate.rb +++ b/lib/net/ssh/authentication/certificate.rb @@ -102,8 +102,8 @@ module Net # Checks whether the certificate's signature was signed by signature key. def signature_valid? buffer = Buffer.new(signature) - buffer.read_string # skip signature format - signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature) + sig_format = buffer.read_string + signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature, host_key: sig_format) end def self.read_options(buffer) |