ssh: include sha256 host key hash when supported#5307
Conversation
tiennou
left a comment
There was a problem hiding this comment.
Kudos for the PR, but there's a catch… 😉 I'm approving this because it makes sense to add support for it (#5258), but there's a plan to provide a replacement backend (using libssh, see #5225, #5253), and it hit interface issues, so I'd prefer changes to the interface around SSH to be thoroughly discussed before changes are made to it 😜.
Or at least a parallel SSH backend. Not sure if we really want to ditch libssh2 in the near-term future, even if we have libssh as a new (and probably much better) alternative. I'm 👍 on this PR, as I imagine it to be useful even across different SSH backends. So as @tiennou approved this and didn't mention any specific incompatibilities with the upcoming libssh backend I'm going to merge this. Thanks a lot for your nice change! |
libssh2 1.9.0 supports SHA-256 host key fingerprints and by checking if LIBSSH2_HOSTKEY_HASH_SHA256 is defined this can be included in git_cert_hostkey when libssh2 supports this without breaking builds when older versions of libssh2 does not.