https://gitlab.synchro.net/main/sbbs/-/commit/9578529a90d35395113a5b3d
Modified Files:
src/ssh/README.md deucessh-kex.h deucessh-key-algo.h deucessh.h src/ssh/examples/client.c src/ssh/kex/curve25519-sha256.c dh-gex-sha256.c hybrid-pq-kex.c src/ssh/key_algo/rsa-sha2-256-botan.c rsa-sha2-256-openssl.c rsa-sha2-512-botan.c rsa-sha2-512-openssl.c ssh-ed25519-botan.c ssh-ed25519-openssl.c src/ssh/ssh-internal.h ssh-trans.c ssh.c src/ssh/test/dssh_test.h kex_test.c test_alloc.c test_asymmetric_mac.c test_auth.c test_conn.c test_selftest.c test_thread_errors.c test_transport.c test_transport_errors.c
Log Message:
Add mandatory host key verification callback for client sessions
Applications must now set a dssh_hostkey_verify_cb before calling dssh_transport_handshake() on client sessions. The callback receives
the algorithm name, key strength in bits, SHA-256 fingerprint, and
raw key blob Ä enabling known_hosts checking and key size policy
enforcement without requiring the application to parse wire formats.
New API: dssh_hostkey_decision enum, dssh_hostkey_verify_cb typedef, dssh_session_set_hostkey_verify_cb(), dssh_key_algo_keybits function
pointer on dssh_key_algo_s. KEX modules invoke the callback after
exchange hash computation and before signature verification.
Co-Authored-By: Claude Opus 4.6 (1M context) <
noreply@anthropic.com>
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net