summaryrefslogtreecommitdiffstats
path: root/modules/ssh
diff options
context:
space:
mode:
authorWim <wim@42.be>2022-06-05 09:16:14 +0200
committerGitHub <noreply@github.com>2022-06-05 08:16:14 +0100
commite528e2b435466bd854b1f7a4619bdc16c058b8ba (patch)
treec1820465c45bffb3600f5c758da02fb4ffa1b046 /modules/ssh
parent48be5e77e502f88cae104735ee706c2fbeab8a2a (diff)
downloadgitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.tar.gz
gitea-e528e2b435466bd854b1f7a4619bdc16c058b8ba.zip
Implement http signatures support for the API (#17565)
Fixes #12338 This allows use to talk to the API with our ssh certificate (and/or ssh-agent) without needing to fetch an API key or tokens. It will just automatically work when users have added their ssh principal in gitea. This needs client code in tea Update: also support normal pubkeys ref: https://tools.ietf.org/html/draft-cavage-http-signatures Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'modules/ssh')
-rw-r--r--modules/ssh/ssh.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
index a240c01319..2affeb781a 100644
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -188,8 +188,9 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
c := &gossh.CertChecker{
IsUserAuthority: func(auth gossh.PublicKey) bool {
+ marshaled := auth.Marshal()
for _, k := range setting.SSH.TrustedUserCAKeysParsed {
- if bytes.Equal(auth.Marshal(), k.Marshal()) {
+ if bytes.Equal(marshaled, k.Marshal()) {
return true
}
}