Hi! I'm making progress on the libgcrypt support... however, I
noticed one thing that might be useful to fix.
Is anyone interested in finishing the work required to make sure
libssh2 works without SHA-1 in OpenSSL? In some places (e.g., kex.c)
there is code like this:
#ifndef OPENSSL_NO_SHA
{
SHA_CTX fingerprint_ctx;
SHA1_Init(&fingerprint_ctx);
SHA1_Update(&fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len);
SHA1_Final(session->server_hostkey_sha1, &fingerprint_ctx);
}
...
However, the same file unconditionally uses SHA-1 in different places,
so these #ifdef's doesn't work.
All the ssh kex protocols that libssh2 supports require SHA-1, so it
does not seem very useful to build libssh2 if there is no support for
SHA-1 in OpenSSL. However, I may be missing something.
I suggest that we remove the OPENSSL_NO_SHA checks. Any objections?
If someone later on wishes to add support for, say, SHA-2, and make
the SHA-1 stuff optional, that would be fine, but right now it doesn't
seem to make sense to make SHA-1 optional since libssh2 won't work
without SHA-1 (if I understand correctly).
Note that I do not suggest to do the same for MD5 -- it should be
possible to get libssh2 to work without any MD5 stuff at all.
/Simon
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
libssh2-devel mailing list
libssh2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
