Fix OpenSSH<7.8 + RSA-CERT use re: SHA2

Closes #2017
author: Jeff Forcier <jeff@bitprophet.org> 2022-05-16 20:26:48 -0400
committer: Jeff Forcier <jeff@bitprophet.org> 2022-05-16 20:38:48 -0400
commit: dd1a32c428f1f5c9ea15fe97fde9358e695f4afc (patch)
tree: eeb12baf334b8150b4665e12f59d3aab59ad343e /sites/www/changelog.rst
parent: 943b733c4701b0b4fb56e4651727b97ab4ca7f0b (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index 4d1b71ce..2d4c1fcb 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,13 @@
 Changelog
 =========
 
+- :bug:`2017` OpenSSH 7.7 and older has a bug preventing it from understanding
+  how to perform SHA2 signature verification for RSA certificates (specifically
+  certs - not keys), so when we added SHA2 support it broke all clients using
+  RSA certificates with these servers. This has been fixed in a manner similar
+  to what OpenSSH's own client does: a version check is performed and the
+  algorithm used is downgraded if needed. Reported by Adarsh Chauhan, with fix
+  suggested by Jun Omae.
 - :release:`2.9.4 <2022-04-25>`
 - :support:`1838 backported` (via :issue:`1870`/:issue:`2028`) Update
   ``camelCase`` method calls against the ``threading`` module to be
author	Jeff Forcier <jeff@bitprophet.org>	2022-05-16 20:26:48 -0400
committer	Jeff Forcier <jeff@bitprophet.org>	2022-05-16 20:38:48 -0400
commit	dd1a32c428f1f5c9ea15fe97fde9358e695f4afc (patch)
tree	eeb12baf334b8150b4665e12f59d3aab59ad343e /sites/www/changelog.rst
parent	943b733c4701b0b4fb56e4651727b97ab4ca7f0b (diff)