From d510b1ae91978a169bb4bd2a9e5e165d2311bc6b Mon Sep 17 00:00:00 2001 From: Pierce Lopez Date: Mon, 5 Jun 2017 04:02:59 -0400 Subject: test transport security options can be set to defaults ensures all defaults key/cipher/digest etc types are supported --- tests/test_transport.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/test_transport.py b/tests/test_transport.py index 2ebdf854..c426cef1 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -165,6 +165,15 @@ class TransportTest(unittest.TestCase): except TypeError: pass + def test_1b_security_options_reset(self): + o = self.tc.get_security_options() + # should not throw any exceptions + o.ciphers = o.ciphers + o.digests = o.digests + o.key_types = o.key_types + o.kex = o.kex + o.compression = o.compression + def test_2_compute_key(self): self.tc.K = 123281095979686581523377256114209720774539068973101330872763622971399429481072519713536292772709507296759612401802191955568143056534122385270077606457721553469730659233569339356140085284052436697480759510519672848743794433460113118986816826624865291116513647975790797391795651716378444844877749505443714557929 self.tc.H = b'\x0C\x83\x07\xCD\xE6\x85\x6F\xF3\x0B\xA9\x36\x84\xEB\x0F\x04\xC2\x52\x0E\x9E\xD3' -- cgit v1.2.3 From 5caf0eaaa54fcfe43a9efd32652afa159d00c596 Mon Sep 17 00:00:00 2001 From: Pierce Lopez Date: Mon, 5 Jun 2017 04:03:52 -0400 Subject: transport: _key_info for ecdsa-sha2-nistp384 and -nistp521 To support host keys of these key types, which are already in _preferred_keys! --- paramiko/transport.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/paramiko/transport.py b/paramiko/transport.py index 96bd4a07..5ab24980 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -210,6 +210,8 @@ class Transport (threading.Thread, ClosingContextManager): 'ssh-rsa': RSAKey, 'ssh-dss': DSSKey, 'ecdsa-sha2-nistp256': ECDSAKey, + 'ecdsa-sha2-nistp384': ECDSAKey, + 'ecdsa-sha2-nistp521': ECDSAKey, } _kex_info = { -- cgit v1.2.3 From 5f454ded40172c2b0d5763fb9b8df9ef55e5f05c Mon Sep 17 00:00:00 2001 From: Pierce Lopez Date: Mon, 5 Jun 2017 04:14:22 -0400 Subject: changelog: update for #794 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f7adf14a..2e38fafb 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`794` Finishing touches to support ecdsa-sha2-nistp384 and + ecdsa-sha2-nistp521 host keys. Thanks ``@ncoult`` and ``@kasdoe`` for + reports. * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to -- cgit v1.2.3 From cbec93b9a466ec8dad856f89e90e5401e70730b6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 5 Jun 2017 19:28:36 -0700 Subject: Overhaul changelog re #981. Closes #794. --- sites/www/changelog.rst | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 2e38fafb..db2043cf 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,9 +2,11 @@ Changelog ========= -* :bug:`794` Finishing touches to support ecdsa-sha2-nistp384 and - ecdsa-sha2-nistp521 host keys. Thanks ``@ncoult`` and ``@kasdoe`` for - reports. +* :bug:`794` (via :issue:`981`) Prior support for ``ecdsa-sha2-nistp(384|521)`` + algorithms didn't fully extend to covering host keys, preventing connection + to hosts which only offer these key types and no others. This is now fixed. + Thanks to ``@ncoult`` and ``@kasdoe`` for reports and Pierce Lopez for the + patch. * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 `_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to -- cgit v1.2.3