ssh: do not crash if MD5 fingerprint is not provided by libssh2

The MD5 fingerprint cannot be computed when running in FIPS mode.

RELEASE-NOTES

@@ -42,6 +42,7 @@ This release includes the following bugfixes:
  o gnutls: do not fail on non-fatal handshake errors [15]
  o SMTP: only send SIZE if supported [16]
  o ftpserver: respond with a 250 to SMTP EHLO
+ o ssh: do not crash if MD5 fingerprint is not provided by libssh2
 
 This release includes the following known bugs:
 

lib/ssh.c

@@ -650,19 +650,25 @@ static bool ssh_check_fingerprint(struct connectdata *conn)
   const char *fingerprint = libssh2_hostkey_hash(sshc->ssh_session,
       LIBSSH2_HOSTKEY_HASH_MD5);
 
-  /* The fingerprint points to static storage (!), don't free() it. */
+  if(fingerprint) {
-  for(i = 0; i < 16; i++)
+    /* The fingerprint points to static storage (!), don't free() it. */
-    snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
+    for(i = 0; i < 16; i++)
-  infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
+      snprintf(&md5buffer[i*2], 3, "%02x", (unsigned char) fingerprint[i]);
+    infof(data, "SSH MD5 fingerprint: %s\n", md5buffer);
+  }
 
   /* Before we authenticate we check the hostkey's MD5 fingerprint
    * against a known fingerprint, if available.
    */
   if(pubkey_md5 && strlen(pubkey_md5) == 32) {
-    if(!strequal(md5buffer, pubkey_md5)) {
+    if(!fingerprint || !strequal(md5buffer, pubkey_md5)) {
-      failf(data,
+      if(fingerprint)
-          "Denied establishing ssh session: mismatch md5 fingerprint. "
+        failf(data,
-          "Remote %s is not equal to %s", md5buffer, pubkey_md5);
+            "Denied establishing ssh session: mismatch md5 fingerprint. "
+            "Remote %s is not equal to %s", md5buffer, pubkey_md5);
+      else
+        failf(data,
+            "Denied establishing ssh session: md5 fingerprint not available");
       state(conn, SSH_SESSION_FREE);
       sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
       return sshc->actualcode;