diff options
author | Simon Tatham <anakin@pobox.com> | 2022-05-02 12:18:16 +0300 |
---|---|---|
committer | Simon Tatham <anakin@pobox.com> | 2022-05-02 13:17:58 +0300 |
commit | dc7ba12253c68d1893f75652a53436de56eaec2a (patch) | |
tree | 3f1386d65cf854b8a3c31815e9cc3f2303e6082b /defs.h | |
parent | e34e0220abd1b327a088c9a68632545d33569b41 (diff) |
Permit configuring RSA signature types in certificates.
As distinct from the type of signature generated by the SSH server
itself from the host key, this lets you exclude (and by default does
exclude) the old "ssh-rsa" SHA-1 signature type from the signature of
the CA on the certificate.
Diffstat (limited to 'defs.h')
-rw-r--r-- | defs.h | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -177,6 +177,7 @@ typedef struct dlgcontrol dlgcontrol; typedef struct settings_w settings_w; typedef struct settings_r settings_r; typedef struct settings_e settings_e; +typedef struct ca_options ca_options; typedef struct host_ca host_ca; typedef struct host_ca_enum host_ca_enum; @@ -247,4 +248,14 @@ struct unicode_data; #define CAT_INNER(x,y) x ## y #define CAT(x,y) CAT_INNER(x,y) +/* + * Structure shared between ssh.h and storage.h, giving strictness + * options relating to checking of an OpenSSH certificate. It's a bit + * cheaty to put something so specific in here, but more painful to + * put it in putty.h. + */ +struct ca_options { + bool permit_rsa_sha1, permit_rsa_sha256, permit_rsa_sha512; +}; + #endif /* PUTTY_DEFS_H */ |