Skip to content
Permalink
Browse files

SSH: check md5 fingerprint case sensitively

  • Loading branch information
bagder committed Oct 31, 2016
1 parent b3ee26c commit ce8d09483eea2fcb1b50e323e1a8ed1f3613b2e3
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/ssh.c
@@ -676,7 +676,7 @@ static CURLcode ssh_check_fingerprint(struct connectdata *conn)
* against a known fingerprint, if available.
*/
if(pubkey_md5 && strlen(pubkey_md5) == 32) {
if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
if(!fingerprint || strcmp(md5buffer, pubkey_md5)) {
if(fingerprint)
failf(data,
"Denied establishing ssh session: mismatch md5 fingerprint. "

3 comments on commit ce8d094

@kdudka

This comment has been minimized.

Copy link
Collaborator

@kdudka kdudka replied Nov 2, 2016

Why should we check MD5 fingerprint case-sensitively? Is not it going to cause regressions for nothing?

@bagder

This comment has been minimized.

Copy link
Member Author

@bagder bagder replied Nov 7, 2016

That was a stupid change. It should rather use strcasecompare now, as it needs to be done case insensitive to be compatible with what worked before.

@kdudka

This comment has been minimized.

Copy link
Collaborator

@kdudka kdudka replied Nov 7, 2016

Fixed via 50aded1. Thanks!

Please sign in to comment.
You can’t perform that action at this time.