Subject: [libssh2] Remove OPENSSL_NO_SHA ifdef's?

[libssh2] Remove OPENSSL_NO_SHA ifdef's?

From: Simon Josefsson <>
Date: Tue, 09 Jan 2007 16:43:08 +0100

Hi! I'm making progress on the libgcrypt support... however, I
noticed one thing that might be useful to fix.

Is anyone interested in finishing the work required to make sure
libssh2 works without SHA-1 in OpenSSL? In some places (e.g., kex.c)
there is code like this:

        SHA_CTX fingerprint_ctx;

    SHA1_Update(&fingerprint_ctx, session->server_hostkey, session->server_hostkey_len);
    SHA1_Final(session->server_hostkey_sha1, &fingerprint_ctx);

However, the same file unconditionally uses SHA-1 in different places,
so these #ifdef's doesn't work.

All the ssh kex protocols that libssh2 supports require SHA-1, so it
does not seem very useful to build libssh2 if there is no support for
SHA-1 in OpenSSL. However, I may be missing something.

I suggest that we remove the OPENSSL_NO_SHA checks. Any objections?

If someone later on wishes to add support for, say, SHA-2, and make
the SHA-1 stuff optional, that would be fine, but right now it doesn't
seem to make sense to make SHA-1 optional since libssh2 won't work
without SHA-1 (if I understand correctly).

Note that I do not suggest to do the same for MD5 -- it should be
possible to get libssh2 to work without any MD5 stuff at all.


Take Surveys. Earn Cash. Influence the Future of IT
Join's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
libssh2-devel mailing list
Received on 2007-01-09