mirror of
https://git.FreeBSD.org/src.git
synced 2024-10-19 02:29:40 +00:00
Try to check whether each key file exists before adding it, and bail out
if we didn't find any of them. This reduces log spam about key files for deprecated algorithms, which we look for but don't generate. PR: 208254 MFC after: 3 days
This commit is contained in:
parent
9c5ca6f247
commit
144a80bd9a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=303832
@ -22,6 +22,7 @@ __RCSID("$FreeBSD$");
|
||||
#include <netinet/ip.h>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <fcntl.h>
|
||||
#include <netdb.h>
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
@ -206,24 +207,28 @@ fill_default_server_options(ServerOptions *options)
|
||||
/* Standard Options */
|
||||
if (options->protocol == SSH_PROTO_UNKNOWN)
|
||||
options->protocol = SSH_PROTO_2;
|
||||
#define add_host_key_file(path) \
|
||||
do { \
|
||||
if (access((path), O_RDONLY) == 0) \
|
||||
options->host_key_files \
|
||||
[options->num_host_key_files++] = (path); \
|
||||
} while (0)
|
||||
if (options->num_host_key_files == 0) {
|
||||
/* fill default hostkeys for protocols */
|
||||
if (options->protocol & SSH_PROTO_1)
|
||||
options->host_key_files[options->num_host_key_files++] =
|
||||
_PATH_HOST_KEY_FILE;
|
||||
add_host_key_file(_PATH_HOST_KEY_FILE);
|
||||
if (options->protocol & SSH_PROTO_2) {
|
||||
options->host_key_files[options->num_host_key_files++] =
|
||||
_PATH_HOST_RSA_KEY_FILE;
|
||||
options->host_key_files[options->num_host_key_files++] =
|
||||
_PATH_HOST_DSA_KEY_FILE;
|
||||
add_host_key_file(_PATH_HOST_RSA_KEY_FILE);
|
||||
add_host_key_file(_PATH_HOST_DSA_KEY_FILE);
|
||||
#ifdef OPENSSL_HAS_ECC
|
||||
options->host_key_files[options->num_host_key_files++] =
|
||||
_PATH_HOST_ECDSA_KEY_FILE;
|
||||
add_host_key_file(_PATH_HOST_ECDSA_KEY_FILE);
|
||||
#endif
|
||||
options->host_key_files[options->num_host_key_files++] =
|
||||
_PATH_HOST_ED25519_KEY_FILE;
|
||||
add_host_key_file(_PATH_HOST_ED25519_KEY_FILE);
|
||||
}
|
||||
}
|
||||
#undef add_host_key_file
|
||||
if (options->num_host_key_files == 0)
|
||||
fatal("No host key files found");
|
||||
/* No certificates by default */
|
||||
if (options->num_ports == 0)
|
||||
options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
|
||||
|
Loading…
Reference in New Issue
Block a user