Commit 48c3f7e1f12bda5f801413bbf6604048e281ec14

Anders Borum 2019-11-20T11:21:14

ssh: include sha256 host key hash when supported

diff --git a/include/git2/cert.h b/include/git2/cert.h
index 61a92d4..e8cd2d1 100644
--- a/include/git2/cert.h
+++ b/include/git2/cert.h
@@ -78,6 +78,8 @@ typedef enum {
 	GIT_CERT_SSH_MD5 = (1 << 0),
 	/** SHA-1 is available */
 	GIT_CERT_SSH_SHA1 = (1 << 1),
+	/** SHA-256 is available */
+	GIT_CERT_SSH_SHA256 = (1 << 2),
 } git_cert_ssh_t;
 
 /**
@@ -103,6 +105,12 @@ typedef struct {
 	 * have the SHA-1 hash of the hostkey.
 	 */
 	unsigned char hash_sha1[20];
+
+	/**
+	 * Hostkey hash. If type has `GIT_CERT_SSH_SHA256` set, this will
+	 * have the SHA-256 hash of the hostkey.
+	 */
+	unsigned char hash_sha256[32];
 } git_cert_hostkey;
 
 /**
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 2159418..ecf55db 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -566,6 +566,14 @@ post_extract:
 
 		cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
 
+#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
+		key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
+		if (key != NULL) {
+			cert.type |= GIT_CERT_SSH_SHA256;
+			memcpy(&cert.hash_sha256, key, 32);
+		}
+#endif
+
 		key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
 		if (key != NULL) {
 			cert.type |= GIT_CERT_SSH_SHA1;