Handle automatic certificate authentication

This involves reading the certificates from configuration files through options and handling them similarly as the OpenSSH does when doing the auto pubkey authentication, also in combination with agent or identities only. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Sahana Prasad <sahana@redhat.com>
2026-02-07 02:39:48 +09:00 · 2023-09-21 18:03:17 +02:00
parent c1630fa097
commit aae1bc1058
7 changed files with 325 additions and 33 deletions
--- a/include/libssh/config.h
+++ b/include/libssh/config.h
@@ -65,6 +65,7 @@ enum ssh_config_opcode_e {
    SOC_IDENTITIESONLY,
    SOC_CONTROLMASTER,
    SOC_CONTROLPATH,
+    SOC_CERTIFICATE,

    SOC_MAX /* Keep this one last in the list */
 };
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -416,6 +416,7 @@ enum ssh_options_e {
  SSH_OPTIONS_IDENTITIES_ONLY,
  SSH_OPTIONS_CONTROL_MASTER,
  SSH_OPTIONS_CONTROL_PATH,
+  SSH_OPTIONS_CERTIFICATE,
 };

 enum {
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -231,6 +231,8 @@ struct ssh_session_struct {
    struct {
        struct ssh_list *identity;
        struct ssh_list *identity_non_exp;
+        struct ssh_list *certificate;
+        struct ssh_list *certificate_non_exp;
        char *username;
        char *host;
        char *bindaddr; /* bind the client to an ip addr */