Commit 51c6a5d4 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Based on a patch brought by Johnny Luong, libcurl now offers 

CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both make
the SCP or SFTP connection verify the remote host's md5 checksum of the public
key before doing a connect, to reduce the risk of a man-in-the-middle attack.
parent 15b8da19

CHANGES

+7 −0
Original line number Diff line number Diff line
@@ -6,6 +6,13 @@ 


                                  Changelog



Daniel S (3 October 2007)

- Based on a patch brought by Johnny Luong, libcurl now offers

  CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both

  make the SCP or SFTP connection verify the remote host's md5 checksum of the

  public key before doing a connect, to reduce the risk of a man-in-the-middle

  attack.



Daniel S (2 October 2007)

- libcurl now handles chunked-encoded CONNECT responses

RELEASE-NOTES

+4 −3
Original line number Diff line number Diff line
@@ -2,8 +2,8 @@ Curl and libcurl 7.17.1 


 Public curl release number:               102

 Releases counted from the very beginning: 128

 Available command line options:           120

 Available curl_easy_setopt() options:     144

 Available command line options:           121

 Available curl_easy_setopt() options:     145

 Number of public functions in libcurl:    55

 Amount of public web site mirrors:        42

 Number of known libcurl bindings:         36
@@ -16,6 +16,7 @@ This release includes the following changes: 
 o added --proxy-negotiate

 o added --post301 and CURLOPT_POST301

 o builds with c-ares 1.5.0

 o added CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and --hostpubmd5



This release includes the following bugfixes:
@@ -47,6 +48,6 @@ This release would not have looked like this without help, code, reports and 
advice from friends like these:



 Dan Fandrich, Michal Marek, Gnter Knauf, Rob Crittenden, Immanuel Gregoire,

 Mark Davies, Max Katsev, Philip Langdale, Alex Fishman

 Mark Davies, Max Katsev, Philip Langdale, Alex Fishman, Johnny Luong

 

        Thanks! (and sorry if I forgot to mention someone)

docs/curl.1

+5 −0
Original line number Diff line number Diff line
@@ -544,6 +544,11 @@ for you. 
See also the \fI-A/--user-agent\fP and \fI-e/--referer\fP options.



This option can be used multiple times to add/replace/remove multiple headers.

.IP "--hostpubmd5"

Pass a string containing 32 hexadecimal digits. The string should be the 128

bit MD5 cheksum of the remote host's public key, curl will refuse the

connection with the host unless the md5sums match. This option is only for SCP

and SFTP transfers. (Added in 7.17.1)

.IP "--ignore-content-length"

(HTTP)

Ignore the Content-Length header. This is particularly useful for servers

docs/libcurl/curl_easy_setopt.3

+5 −0
Original line number Diff line number Diff line
@@ -1411,6 +1411,11 @@ Pass a long set to a bitmask consisting of one or more of 
CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST,

CURLSSH_AUTH_KEYBOARD. Set CURLSSH_AUTH_ANY to let libcurl pick one.

(Added in 7.16.1)

.IP CURLOPT_SSH_HOST_PUBLIC_KEY_MD5

Pass a char * pointing to a string containing 32 hexadecimal digits. The

string should be the 128 bit MD5 cheksum of the remote host's public key, and

libcurl will reject the connection to the host unless the md5sums match. This

option is only for SCP and SFTP transfers. (Added in 7.17.1)

.IP CURLOPT_SSH_PUBLIC_KEYFILE

Pass a char * pointing to a file name for your public key. If not used,

libcurl defaults to using \fB~/.ssh/id_dsa.pub\fP.

include/curl/curl.h

+6 −3
Original line number Diff line number Diff line
@@ -1127,6 +1127,9 @@ typedef enum { 
  /* Obey RFC 2616/10.3.2 and keep POSTs as POSTs after a 301 */

  CINIT(POST301, LONG, 161),



  /* used by scp/sftp to verify the host's public key */

  CINIT(SSH_HOST_PUBLIC_KEY_MD5, OBJECTPOINT, 162),



  CURLOPT_LASTENTRY /* the last unused */

} CURLoption;