diff options
| author | Jeff Forcier <jeff@bitprophet.org> | 2023-12-15 22:19:04 -0500 |
|---|---|---|
| committer | Jeff Forcier <jeff@bitprophet.org> | 2023-12-15 22:19:04 -0500 |
| commit | 8f1b3d25d507997fd150fadb6607eaf09052d5c0 (patch) | |
| tree | 066c6d412c54227f5b05f9c9ae0a874264d38674 | |
| parent | 01e77a525525f430b0e15569ee4643070174326c (diff) | |
| parent | be3ffc18cc466e0b0a877d716721353c12561bcc (diff) | |
Merge branch '3.2' into 3.3
| -rw-r--r-- | paramiko/transport.py | 5 | ||||
| -rw-r--r-- | sites/www/changelog.rst | 3 | ||||
| -rw-r--r-- | tests/_util.py | 3 | ||||
| -rw-r--r-- | tests/test_transport.py | 8 |
4 files changed, 15 insertions, 4 deletions
diff --git a/paramiko/transport.py b/paramiko/transport.py index 8785d6bb..14a26333 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -2450,8 +2450,9 @@ class Transport(threading.Thread, ClosingContextManager): # Strip out ext-info "kex algo" self._remote_ext_info = None - if kex_algo_list[-1].startswith("ext-info-"): - self._remote_ext_info = kex_algo_list.pop() + for i, algo in enumerate(kex_algo_list): + if algo.startswith("ext-info-"): + self._remote_ext_info = kex_algo_list.pop(i) # as a server, we pick the first item in the client's list that we # support. diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0bd08ef6..45df830c 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +- :bug:`-` Tweak ``ext-info-(c|s)`` detection during KEXINIT protocol phase; + the original implementation made assumptions based on an OpenSSH + implementation detail. - :release:`3.3.1 <2023-07-28>` - :bug:`-` Cleaned up some very old root level files, mostly just to exercise some of our doc build and release machinery. This changelog entry diff --git a/tests/_util.py b/tests/_util.py index ec7585df..acc06852 100644 --- a/tests/_util.py +++ b/tests/_util.py @@ -352,6 +352,9 @@ def server( """ SSH server contextmanager for testing. + Yields a tuple of ``(tc, ts)`` (client- and server-side `Transport` + objects), or ``(tc, ts, err)`` when ``catch_error==True``. + :param hostkey: Host key to use for the server; if None, loads ``rsa.key``. diff --git a/tests/test_transport.py b/tests/test_transport.py index b2efd637..421c078b 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -1213,10 +1213,14 @@ class TestSHA2SignatureKeyExchange(unittest.TestCase): class TestExtInfo(unittest.TestCase): - def test_ext_info_handshake(self): + def test_ext_info_handshake_exposed_in_client_kexinit(self): with server() as (tc, _): + # NOTE: this is latest KEXINIT /sent by us/ (Transport retains it) kex = tc._get_latest_kex_init() - assert kex["kex_algo_list"][-1] == "ext-info-c" + # flag in KexAlgorithms list + assert "ext-info-c" in kex["kex_algo_list"] + # data stored on Transport after hearing back from a compatible + # server (such as ourselves in server mode) assert tc.server_extensions == { "server-sig-algs": b"ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss" # noqa } |