ssh: include sha256 host key hash when supported
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
diff --git a/include/git2/cert.h b/include/git2/cert.h
index 61a92d4..e8cd2d1 100644
--- a/include/git2/cert.h
+++ b/include/git2/cert.h
@@ -78,6 +78,8 @@ typedef enum {
GIT_CERT_SSH_MD5 = (1 << 0),
/** SHA-1 is available */
GIT_CERT_SSH_SHA1 = (1 << 1),
+ /** SHA-256 is available */
+ GIT_CERT_SSH_SHA256 = (1 << 2),
} git_cert_ssh_t;
/**
@@ -103,6 +105,12 @@ typedef struct {
* have the SHA-1 hash of the hostkey.
*/
unsigned char hash_sha1[20];
+
+ /**
+ * Hostkey hash. If type has `GIT_CERT_SSH_SHA256` set, this will
+ * have the SHA-256 hash of the hostkey.
+ */
+ unsigned char hash_sha256[32];
} git_cert_hostkey;
/**
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 2159418..ecf55db 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -566,6 +566,14 @@ post_extract:
cert.parent.cert_type = GIT_CERT_HOSTKEY_LIBSSH2;
+#ifdef LIBSSH2_HOSTKEY_HASH_SHA256
+ key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA256);
+ if (key != NULL) {
+ cert.type |= GIT_CERT_SSH_SHA256;
+ memcpy(&cert.hash_sha256, key, 32);
+ }
+#endif
+
key = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
if (key != NULL) {
cert.type |= GIT_CERT_SSH_SHA1;