Revert "Apply GSSAPI key exchange methods in client offered list (#1261414)" (#1268968)

This reverts commit a78d20aea9, which is not applicable on openssh-6.9p1 and breaks gssapi keyex offer list from client.
2015-10-06 14:49:36 +02:00 · 2015-10-06 14:49:36 +02:00 · 17fe33f562
commit 17fe33f562
parent 1163e29a09
3 changed files with 7 additions and 7 deletions
--- a/openssh-6.6p1-gsskex.patch
+++ b/openssh-6.6p1-gsskex.patch
@ -2290,7 +2290,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
 +	if (options.gss_keyex) {
 +		/* Add the GSSAPI mechanisms currently supported on this 
 +		 * client to the key exchange algorithm proposal */
-+		orig = options.kex_algorithms;
+		orig = myproposal[PROPOSAL_KEX_ALGS];
 +
 +		if (options.gss_trust_dns)
 +			gss_host = (char *)get_canonical_hostname(1);
@ -2300,7 +2300,7 @@ diff -up openssh/sshconnect2.c.gsskex openssh/sshconnect2.c
 +		gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity);
 +		if (gss) {
 +			debug("Offering GSSAPI proposal: %s", gss);
-+			xasprintf(&options.kex_algorithms,
+			xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
 +			    "%s,%s", gss, orig);
 +		}
 +	}
--- a/openssh-6.7p1-fips.patch
+++ b/openssh-6.7p1-fips.patch
@ -460,7 +460,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
 	if (options.gss_keyex) {
 -		/* Add the GSSAPI mechanisms currently supported on this 
 -		 * client to the key exchange algorithm proposal */
-		orig = options.kex_algorithms;
+-		orig = myproposal[PROPOSAL_KEX_ALGS];
 -
 -		if (options.gss_trust_dns)
 -			gss_host = (char *)get_canonical_hostname(1);
@ -471,7 +471,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
 -		    options.gss_client_identity, options.gss_kex_algorithms);
 -		if (gss) {
 -			debug("Offering GSSAPI proposal: %s", gss);
-			xasprintf(&options.kex_algorithms,
+-			xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
 -			    "%s,%s", gss, orig);
 +		if (FIPS_mode()) {
 +			logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode");
@ -479,7 +479,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
 +		} else {
 +			/* Add the GSSAPI mechanisms currently supported on this
 +			 * client to the key exchange algorithm proposal */
-+			orig = options.kex_algorithms;
+			orig = myproposal[PROPOSAL_KEX_ALGS];
 +
 +			if (options.gss_trust_dns)
 +				gss_host = (char *)get_canonical_hostname(1);
@ -490,7 +490,7 @@ diff -up openssh-6.9p1/sshconnect2.c.fips openssh-6.9p1/sshconnect2.c
 +			    options.gss_client_identity, options.gss_kex_algorithms);
 +			if (gss) {
 +				debug("Offering GSSAPI proposal: %s", gss);
-+				xasprintf(&options.kex_algorithms,
+				xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
 +				    "%s,%s", gss, orig);
 +			}
 		}
--- a/openssh-6.9p1-gssKexAlgorithms.patch
+++ b/openssh-6.9p1-gssKexAlgorithms.patch
@ -362,7 +362,7 @@ diff -up openssh-6.9p1/sshconnect2.c.gsskexalg openssh-6.9p1/sshconnect2.c
 +		    options.gss_client_identity, options.gss_kex_algorithms);
 		if (gss) {
 			debug("Offering GSSAPI proposal: %s", gss);
- 			xasprintf(&options.kex_algorithms,
+ 			xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
 diff -up openssh-6.9p1/sshd_config.5.gsskexalg openssh-6.9p1/sshd_config.5
 --- openssh-6.9p1/sshd_config.5.gsskexalg	2015-08-20 11:54:50.517693747 +0200
 +++ openssh-6.9p1/sshd_config.5	2015-08-20 11:54:50.529693724 +0200