restrict certificate type for builtin SSH server (#26789) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

summary refs log tree commit diff stats

path: root/webpack.config.js

diff options

author	Earl Warren <109468362+earl-warren@users.noreply.github.com>	2023-09-01 15:45:22 +0200
committer	GitHub <noreply@github.com>	2023-09-01 13:45:22 +0000
commit	4ab8e56c9197135a85300542d736a556203752a6 (patch)
tree	bc49c3f49f0ca48245c8ad1af1cac74309a84e83 /webpack.config.js
parent	9eb4a9e601c16174306d81ec4d73ffa5a0adc788 (diff)
download	gitea-4ab8e56c9197135a85300542d736a556203752a6.tar.gz gitea-4ab8e56c9197135a85300542d736a556203752a6.zip

restrict certificate type for builtin SSH server (#26789)

- While doing some sanity checks over OpenSSH's code for how they handle certificates authentication. I stumbled on an condition that checks the certificate type is really an user certificate on the server-side authentication. This checks seems to be a formality and just for the sake of good domain seperation, because an user and host certificate don't differ in their generation, verification or flags that can be included. - Add this check to the builtin SSH server to stay close to the unwritten SSH specification. - This is an breaking change for setups where the builtin SSH server is being used and for some reason host certificates were being used for authentication. - (cherry picked from commit de35b141b79a3d6efe2127ed2c73fd481515e481) Refs: https://codeberg.org/forgejo/forgejo/pulls/1172 ## :warning: BREAKING :warning: Like OpenSSH, the built-in SSH server will now only accept SSH user certificates, not server certificates. Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Giteabot <teabot@gitea.io>

Diffstat (limited to 'webpack.config.js')

0 files changed, 0 insertions, 0 deletions