Commit de65c12
committed
GH-892: Adapt handling certificates without principals
Align the handling of certificates without principals with OpenSSH 10.3.
OpenSSH < 10.3 treated this as a wildcard (except for user certificates
checked via the TrustedUserCAKeys mechanism) and let such certificates
match any user or host name.
OpenSSH 10.3 changed that and rejects such certificates always since
they don't match any principal.[1]
Implement this. Add a new flag in CoreModuleProperties through which
client code can choose what to do with such certificates: allow them
(and let them match always; as in OpenSSH < 10.3), or forbid them as
in OpenSSH >= 10.3.
By default, such certificates without principals are rejected, which is
a change in behavior.
[1] https://www.openssh.org/txt/release-10.31 parent b450b77 commit de65c12
6 files changed
Lines changed: 81 additions & 18 deletions
File tree
- sshd-core/src
- main/java/org/apache/sshd
- client/kex
- core
- server/auth/pubkey
- test/java/org/apache/sshd
- common/signature
- server/auth
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
40 | 51 | | |
41 | 52 | | |
Lines changed: 7 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
269 | 269 | | |
270 | 270 | | |
271 | 271 | | |
| 272 | + | |
| 273 | + | |
272 | 274 | | |
273 | 275 | | |
274 | 276 | | |
275 | 277 | | |
276 | 278 | | |
| 279 | + | |
| 280 | + | |
277 | 281 | | |
278 | 282 | | |
279 | 283 | | |
| |||
296 | 300 | | |
297 | 301 | | |
298 | 302 | | |
| 303 | + | |
| 304 | + | |
| 305 | + | |
299 | 306 | | |
300 | 307 | | |
301 | 308 | | |
| |||
Lines changed: 6 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
799 | 799 | | |
800 | 800 | | |
801 | 801 | | |
| 802 | + | |
| 803 | + | |
| 804 | + | |
| 805 | + | |
| 806 | + | |
| 807 | + | |
802 | 808 | | |
803 | 809 | | |
804 | 810 | | |
| |||
Lines changed: 18 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
| 39 | + | |
39 | 40 | | |
40 | 41 | | |
41 | 42 | | |
| |||
125 | 126 | | |
126 | 127 | | |
127 | 128 | | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
128 | 140 | | |
129 | | - | |
130 | | - | |
131 | | - | |
132 | | - | |
133 | | - | |
134 | | - | |
135 | | - | |
136 | 141 | | |
137 | 142 | | |
138 | 143 | | |
| |||
146 | 151 | | |
147 | 152 | | |
148 | 153 | | |
149 | | - | |
| 154 | + | |
150 | 155 | | |
151 | | - | |
| 156 | + | |
152 | 157 | | |
153 | 158 | | |
154 | 159 | | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
155 | 164 | | |
156 | 165 | | |
157 | 166 | | |
| |||
Lines changed: 21 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
| 40 | + | |
40 | 41 | | |
41 | 42 | | |
42 | 43 | | |
43 | 44 | | |
44 | 45 | | |
| 46 | + | |
45 | 47 | | |
46 | 48 | | |
47 | 49 | | |
| |||
92 | 94 | | |
93 | 95 | | |
94 | 96 | | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
95 | 102 | | |
96 | 103 | | |
97 | 104 | | |
| |||
155 | 162 | | |
156 | 163 | | |
157 | 164 | | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
| 169 | + | |
| 170 | + | |
| 171 | + | |
| 172 | + | |
| 173 | + | |
| 174 | + | |
| 175 | + | |
| 176 | + | |
| 177 | + | |
158 | 178 | | |
159 | 179 | | |
| 180 | + | |
160 | 181 | | |
161 | 182 | | |
162 | 183 | | |
| |||
Lines changed: 18 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
40 | 40 | | |
41 | 41 | | |
42 | 42 | | |
| 43 | + | |
43 | 44 | | |
44 | 45 | | |
45 | 46 | | |
| |||
48 | 49 | | |
49 | 50 | | |
50 | 51 | | |
| 52 | + | |
51 | 53 | | |
52 | 54 | | |
53 | 55 | | |
| |||
99 | 101 | | |
100 | 102 | | |
101 | 103 | | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
102 | 109 | | |
103 | | - | |
104 | | - | |
105 | | - | |
106 | | - | |
107 | | - | |
108 | | - | |
109 | | - | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
110 | 118 | | |
111 | 119 | | |
112 | 120 | | |
| |||
139 | 147 | | |
140 | 148 | | |
141 | 149 | | |
142 | | - | |
| 150 | + | |
143 | 151 | | |
144 | | - | |
| 152 | + | |
| 153 | + | |
145 | 154 | | |
146 | 155 | | |
147 | 156 | | |
| |||
0 commit comments