From 56ab5fc33cc35138bb5518d424e37f045a471be3 Mon Sep 17 00:00:00 2001
From: Brad Ackerman <brad@facefault.org>
Date: Sun, 17 May 2020 13:30:10 -0700
Subject: [PATCH] Don't compare SHA-2/SHA-1 fingerprints

The SSH key fingerprints in the Azure `ovf-env.xml` file are SHA-1 digests but `openssl x509 -fingerprint` uses SHA-2 by default, so `azure_getpubkeys` doesn't pass the correct value to `agent_setpubkey`.
---
 agent/azure.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/agent/azure.c b/agent/azure.c
index 9b451aa..cb3e535 100644
--- a/agent/azure.c
+++ b/agent/azure.c
@@ -528,7 +528,7 @@ azure_getpubkeys(struct system_config *sc)
 
 			/* Convert certificate into public key */
 			if (shellout(inbuf, &in,
-			    "openssl", "x509", "-fingerprint", "-pubkey",
+			    "openssl", "x509", "-fingerprint", "-sha1", "-pubkey",
 			    "-noout", NULL) != 0) {
 				log_debug("%s: could not get public key",
 				    __func__);