aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Cornish <[email protected]>2015-05-11 15:47:06 -0700
committerHans Nilsson <[email protected]>2015-05-21 10:40:39 +0200
commit5e71fae6329a8cfa82ac5d5f9146e947fc92f542 (patch)
tree09bddcf545c473b220c39ca34b4ed45e42474c33
parentdb7446a0235f5379ed230a51cc1d55475549f36b (diff)
downloadotp-5e71fae6329a8cfa82ac5d5f9146e947fc92f542.tar.gz
otp-5e71fae6329a8cfa82ac5d5f9146e947fc92f542.tar.bz2
otp-5e71fae6329a8cfa82ac5d5f9146e947fc92f542.zip
Fix rekeying according to RFC 4253
When in the connected state, an received KEXINIT message MUST be responded to with KEXINIT. After that, the client may continue with KEXDH_INIT (or similar). See the first paragraph on RFC 4253 sec. 9.
-rw-r--r--lib/ssh/src/ssh_connection_handler.erl12
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 2c7f132916..9b11cadab6 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -559,11 +559,13 @@ userauth(#ssh_msg_userauth_banner{message = Msg},
-spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{},
#state{}) -> gen_fsm_state_return().
%%--------------------------------------------------------------------
-connected({#ssh_msg_kexinit{}, _Payload} = Event, State) ->
- kexinit(Event, State#state{renegotiate = true}).
-%% ;
-%% connected(#ssh_msg_kexdh_init{} = Event, State) ->
-%% key_exchange(Event, State#state{renegotiate = true}).
+connected({#ssh_msg_kexinit{}, _Payload} = Event, #state{ssh_params = Ssh0} = State0) ->
+ {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0),
+ State = State0#state{ssh_params = Ssh,
+ key_exchange_init_msg = KeyInitMsg,
+ renegotiate = true},
+ send_msg(SshPacket, State),
+ kexinit(Event, State).
%%--------------------------------------------------------------------
-spec handle_event(#ssh_msg_disconnect{} | #ssh_msg_ignore{} | #ssh_msg_debug{} |