From d5b2c8416d6b2fae04af32c43ee3ca0cef79da87 Mon Sep 17 00:00:00 2001
From: ben <ben@cda61777-01e9-0310-a592-d414129be87e>
Date: Thu, 20 Sep 2007 21:33:21 +0000
Subject: [PATCH] Don't try SSH-1 RSA authentication unless the server has
 advertised support for it.  It's possible that this obsoletes
 BUG_CHOKES_ON_RSA.  Certainly the one SSH-1.5-Cisco-1.25 server I found was
 correctly not advertising RSA auth.  For now, leave it in, because I'm not
 feeling entirely confident.

git-svn-id: svn://svn.tartarus.org/sgt/putty@7726 cda61777-01e9-0310-a592-d414129be87e
---
 ssh.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssh.c b/ssh.c
index a1f43edc..38f14958 100644
--- a/ssh.c
+++ b/ssh.c
@@ -3070,6 +3070,8 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
     ssh->v1_remote_protoflags = ssh_pkt_getuint32(pktin);
     s->supported_ciphers_mask = ssh_pkt_getuint32(pktin);
     s->supported_auths_mask = ssh_pkt_getuint32(pktin);
+    if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA))
+	s->supported_auths_mask &= ~(1 << SSH1_AUTH_RSA);
 
     ssh->v1_local_protoflags =
 	ssh->v1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
@@ -3323,7 +3325,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
 
     crWaitUntil(pktin);
 
-    if ((ssh->remote_bugs & BUG_CHOKES_ON_RSA)) {
+    if ((s->supported_auths_mask & (1 << SSH1_AUTH_RSA)) == 0) {
 	/* We must not attempt PK auth. Pretend we've already tried it. */
 	s->tried_publickey = s->tried_agent = 1;
     } else {
-- 
2.11.0