shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-06 10:27:22 +09:00
Code Issues Packages Projects Releases Wiki Activity

gssapi: enable gssapi-keyex in FIPS mode

Browse Source 
All gssapi-keyex tests have to be disabled in Centos Stream 8
because the KEX is not allowed in FIPS. In Centos Stream 9,
only tests against OpenSSH have to be disabled because
OpenSSH only enables gssapi-keyex since Centos Stream 10.

Signed-off-by: Pavol Žáčik <pzacik@redhat.com>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Pavol Žáčik
2025-12-02 10:31:01 +01:00
committed by Jakub Jelen
parent d3e80d9a19
commit 9b4ee9c6d4
10 changed files with 32 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/server.c
View File

@@ -172,7 +172,7 @@ int server_set_kex(ssh_session session)
}
}
#ifdef WITH_GSSAPI
if (session->opts.gssapi_key_exchange && !ssh_fips_mode()) {
if (session->opts.gssapi_key_exchange) {
ok = ssh_gssapi_init(session);
if (ok != SSH_OK) {
ssh_set_error_oom(session);