curl: CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster
Summary: CURLOPTSSHHOSTPUBLICKEYSHA256 base64 encoded host fingerprint is compared case-insensitive by accident. This means that it is technically possible however still difficult to create forged ssh host key that matches in this comparison. The bug appears to have been introduced when adding...