From 3e1d276a5a030938a8f144f46ff4f2a2efe31ced Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 8 Jan 2026 12:10:44 +0100
Subject: [PATCH 07/12] CVE-2026-0966 doc: Update guided tour to use SHA256
 fingerprints
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Pavol Žáčik <pzacik@redhat.com>
(cherry picked from commit 1b2a4f760bec35121c490f2294f915ebb9c992ae)

Index: libssh-0.6.3/doc/guided_tour.dox
===================================================================
--- libssh-0.6.3.orig/doc/guided_tour.dox
+++ libssh-0.6.3/doc/guided_tour.dox
@@ -187,7 +187,6 @@ int verify_knownhost(ssh_session session
 {
   int state, hlen;
   unsigned char *hash = NULL;
-  char *hexa;
   char buf[10];
 
   state = ssh_is_server_known(session);
@@ -203,7 +202,7 @@ int verify_knownhost(ssh_session session
 
     case SSH_SERVER_KNOWN_CHANGED:
       fprintf(stderr, "Host key for server changed: it is now:\n");
-      ssh_print_hexa("Public key hash", hash, hlen);
+      ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
       fprintf(stderr, "For security reasons, connection will be stopped\n");
       free(hash);
       return -1;
@@ -223,10 +222,9 @@ int verify_knownhost(ssh_session session
       /* fallback to SSH_SERVER_NOT_KNOWN behavior */
 
     case SSH_SERVER_NOT_KNOWN:
-      hexa = ssh_get_hexa(hash, hlen);
       fprintf(stderr,"The server is unknown. Do you trust the host key?\n");
-      fprintf(stderr, "Public key hash: %s\n", hexa);
-      free(hexa);
+      fprintf(stderr, "Public key hash: ");
+      ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
       if (fgets(buf, sizeof(buf), stdin) == NULL)
       {
         free(hash);