tomaswolf commented on pull request #194: URL: https://github.com/apache/mina-sshd/pull/194#issuecomment-841858902
Good points. I suggest we do both in follow-up changes. * Validation of the certificate type would also to happen in the server-side code (client certificate presented in pubkey auth, and don't consider and log host keys that are client certificates?) and in client-side code (host certificate in presented as host key, and in pubkey auth skip and log certificates that are not client certificates?), and need additional tests for these cases. * The clean-up for determining the signature algorithm name could be done separately anyway. Needs a little thought, too. I like FliegenKLATSCH's approach with the method on `Signature`, but unfortunately the logic in `UserAuthPublicKey` is a bit different and we don't have direct access to the `Signature`object there. However, I'll make one more change in `ClientOpenSSHCertificatesTest`: derive it from `BaseTestSupport` and then use `setupTestClient()` instead of `SshClient.setUpDefaultClient()`. That way, the test will _not_ read the real `~/.ssh/config`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
