Fix certificate signature_valid? check

Need to pass in :host_key option so it will verify using the correct signature algorithm instead of always using SHA1.
author: Phillip Hellewell <phillip.hellewell@mx.com> 2022-10-11 10:36:14 -0600
committer: Phillip Hellewell <phillip.hellewell@mx.com> 2022-10-11 10:36:14 -0600
commit: 0239707d845c6bf1d9d77e5f8a802195d18cad84 (patch)
tree: db7c2d8d0b2bf764f7882d57d0ec56e72e639f37
parent: 49a229ae1219a65d86414137f0396231a3c0b8f6 (diff)
download: net-ssh-0239707d845c6bf1d9d77e5f8a802195d18cad84.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/net/ssh/authentication/certificate.rb b/lib/net/ssh/authentication/certificate.rb
index 5250789..045987d 100644
--- a/lib/net/ssh/authentication/certificate.rb
+++ b/lib/net/ssh/authentication/certificate.rb
@@ -102,8 +102,8 @@ module Net
         # Checks whether the certificate's signature was signed by signature key.
         def signature_valid?
           buffer = Buffer.new(signature)
-          buffer.read_string # skip signature format
-          signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
+          sig_format = buffer.read_string
+          signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature, host_key: sig_format)
         end
 
         def self.read_options(buffer)
author	Phillip Hellewell <phillip.hellewell@mx.com>	2022-10-11 10:36:14 -0600
committer	Phillip Hellewell <phillip.hellewell@mx.com>	2022-10-11 10:36:14 -0600
commit	0239707d845c6bf1d9d77e5f8a802195d18cad84 (patch)
tree	db7c2d8d0b2bf764f7882d57d0ec56e72e639f37
parent	49a229ae1219a65d86414137f0396231a3c0b8f6 (diff)
download	net-ssh-0239707d845c6bf1d9d77e5f8a802195d18cad84.tar.gz