This callback is set with CURLOPT_SSH_KEYFUNCTION.
It gets called when the known_host matching has been done, to allow the
application to act and decide for libcurl how to proceed. The callback is
called if CURLOPT_SSH_KNOWNHOSTS is also set.
In the arguments to the callback are the old key and the new key and the callback is expected to return a return code that tells libcurl how to act:
CURLKHSTAT_FINE_REPLACE - The new host+key is accepted and libcurl replaces
the old host+key into the known_hosts file before continuing with the
connection. This also adds the new host+key combo to the known_host pool kept
in memory if it was not already present there. The adding of data to the file
is done by completely replacing the file with a new copy, so the permissions
of the file must allow this.
CURLKHSTAT_FINE_ADD_TO_FILE - The host+key is accepted and libcurl appends
it to the known_hosts file before continuing with the connection. This also
adds the host+key combo to the known_host pool kept in memory if it was not
already present there. The adding of data to the file is done by completely
replacing the file with a new copy, so the permissions of the file must allow
this.
CURLKHSTAT_FINE - The host+key is accepted libcurl continues with the
connection. This also adds the host+key combo to the known_host pool kept in
memory if it was not already present there.
CURLKHSTAT_REJECT - The host+key is rejected. libcurl denies the connection
to continue and it closes.
CURLKHSTAT_DEFER - The host+key is rejected, but the SSH connection is asked
to be kept alive. This feature could be used when the app wants to somehow
return and act on the host+key situation and then retry without needing the
overhead of setting it up from scratch again.