mirror of
https://github.com/libssh2/libssh2.git
synced 2026-01-27 00:18:12 +03:00
51f6259d18
Tests started failing after touching `sshd_config`, which bumped the test container from Debian Bookworm to Trixie, and openssh-server from 9.2p1 to 10.0p1 with it. OpenSSH v10 no longer supports legacy KEX algos `diffie-hellman-group*` and `diffie-hellman-group-exchange-*`, making libssh2 require ECDSA or ED25519 to enable `curve25519-sha256*` or `ecdh-sha2-*`, for the tests to succeed. libgcrypt, stock Ubuntu wolfSSL, and WinCNG CI jobs broke. - ED25519 is only supported with OpenSSL and LibreSSL 3.7+. - ECDSA is supported by OpenSSL and mbedTLS (unless disabled), by wolfSSL in certain cases (but not on Ubuntu 24.04 with the stock v5.6.6 build), and by WinCNG when explicitly enabled, and targeting Windows 10/2016 Server. Fixed by: - wolfSSL support received an ECDSA detection fix, that resolved the issue with the stock Ubuntu builds, via:b807dac921#1723 - WinCNG had ECDSA enabled in CI in the job running tests, via:0f5843874b#1721 - to make CI pass, disable running tests with Libgcrypt in this patch. An alternate option is to downgrade to Bookworm, with the undesired effect that its openssh-server doesn't support ML-KEM and other modern SSH features, meaning those could not be tested once implemented in libssh2, e.g. in #1644. Ref: https://www.openssh.com/txt/release-10.0 Ref: https://packages.debian.org/trixie/openssh-server Ref: https://packages.debian.org/bookworm/openssh-server Ref: https://packages.ubuntu.com/noble/libwolfssl-dev Bug: https://github.com/libssh2/libssh2/pull/1718#issuecomment-3397142351 Follow-up to4f9e6e0bfb#1718 Closes #1720