summaryrefslogtreecommitdiffstats
path: root/dns.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@.dtucker@openbsd.org2023-03-101-1/+2
| | | | OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac
* upstream: let ssh-keygen and ssh-keyscan acceptdjm@openbsd.org2023-02-101-2/+5
| | | | | | | -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@ OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d
* upstream: mark const string array contents const too, i.e. staticdjm@openbsd.org2022-02-021-2/+2
| | | | | | const char *array => static const char * const array from Mike Frysinger OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1
* upstream: Ensure that all returned SSHFP records for the specified hostdtucker@openbsd.org2021-07-191-40/+26
| | | | | | | | name and hostkey type match instead of only one. While there, simplify the code somewhat and add some debugging. Based on discussion in bz#3322, ok djm@. OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4
* upstream: Order includes as per style(9). Portable already hasdtucker@openbsd.org2021-07-081-1/+1
| | | | | | these so this removes a handful of diffs between the two. OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77
* upstream: use the new variant log macros instead of prependingdjm@openbsd.org2020-10-181-4/+3
| | | | | | __func__ and appending ssh_err(r) manually; ok markus@ OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8
* remove duplicate #includesDamien Miller2019-10-021-1/+0
| | | | Prompted by Jakub Jelen
* upstream: Add experimental support for PQC XMSS keys (Extendedmarkus@openbsd.org2018-02-261-1/+6
| | | | | | | | | Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok djm@ OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
* upstream commitdjm@openbsd.org2017-09-141-8/+6
| | | | | | | | | | | | | | | | | Revert commitid: gJtIN6rRTS3CHy9b. ------------- identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ ------------- This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results are missing but the user already has the key in known_hosts Spotted by dtucker@ Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
* upstream commitdjm@openbsd.org2017-09-041-6/+8
| | | | | | | | identify the case where SSHFP records are missing but other DNS RR types are present and display a more useful error message for this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
* upstream commitderaadt@openbsd.org2015-08-211-2/+2
| | | | | | | Do not cast result of malloc/calloc/realloc* if stdlib.h is in scope ok krw millert Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
* upstream commitdjm@openbsd.org2015-01-291-3/+3
| | | | | update to new API (key_fingerprint => sshkey_fingerprint) check sshkey_fingerprint return values; ok markus
* upstream commitdjm@openbsd.org2015-01-151-14/+16
| | | | | sync ssh-keysign, ssh-keygen and some dependencies to the new buffer/key API; mostly mechanical, ok markus@
* upstream commitdjm@openbsd.org2014-12-211-5/+6
| | | | | | | | Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller2014-07-021-1/+3
| | | | | | | | | | | | | | | | | | | | | | | [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
* - logan@cvs.openbsd.org 2014/04/20 09:24:26Damien Miller2014-05-151-1/+6
| | | | | | [dns.c dns.h ssh-keygen.c] Add support for SSHFP DNS records for ED25519 key types. OK from djm@
* - djm@cvs.openbsd.org 2013/05/17 00:13:13Darren Tucker2013-06-011-5/+5
| | | | | | | | | | | | | | | | | | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c dns.c packet.c readpass.c authfd.c moduli.c] bye, bye xfree(); ok markus@
* - djm@cvs.openbsd.org 2012/05/23 03:28:28Damien Miller2012-06-201-34/+69
| | | | | | [dns.c dns.h key.c key.h ssh-keygen.c] add support for RFC6594 SSHFP DNS records for ECDSA key types. patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
* - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller2010-08-311-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* - OpenBSD CVS SyncDamien Miller2010-02-261-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - djm@cvs.openbsd.org 2010/02/26 20:29:54 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c] [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c] [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c] [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c] [sshconnect2.c sshd.8 sshd.c sshd_config.5] Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as sh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
* - dtucker@cvs.openbsd.org 2008/06/12 00:03:49Darren Tucker2008-06-121-2/+11
| | | | | | | | | | | | | | | [dns.c canohost.c sshconnect.c] Do not pass "0" strings as ports to getaddrinfo because the lookups can slow things down and we never use the service info anyway. bz #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok deraadt@ djm@ djm belives that the reason for the "0" strings is to ensure that it's not possible to call getaddrinfo with both host and port being NULL. In the case of canohost.c host is a local array. In the case of sshconnect.c, it's checked for null immediately before use. In dns.c it ultimately comes from ssh.c:main() and is guaranteed to be non-null but it's not obvious, so I added a warning message in case it is ever passed a null.
* - stevesk@cvs.openbsd.org 2007/01/03 03:01:40Damien Miller2007-01-051-2/+2
| | | | | [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c] spaces
* - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller2006-09-011-0/+1
| | | | | | | | | | | | | | | | | [auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/08/01 23:22:48Damien Miller2006-08-051-1/+2
| | | | | | | | | | | | | [auth-passwd.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c] [auth2-chall.c auth2-pubkey.c authfile.c buffer.c canohost.c] [channels.c clientloop.c dh.c dns.c dns.h hostfile.c kex.c kexdhc.c] [kexgexc.c kexgexs.c key.c key.h log.c misc.c misc.h moduli.c] [monitor_wrap.c packet.c progressmeter.c readconf.c readpass.c scp.c] [servconf.c session.c sftp-client.c sftp-common.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c sshlogin.c sshtty.c uuencode.c] [uuencode.h xmalloc.c] move #include <stdio.h> out of includes.h
* - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]Damien Miller2006-07-241-3/+1
| | | | | | | | | | | | | | | [canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+2
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/12 22:28:52Damien Miller2006-07-241-1/+3
| | | | | [auth-options.c canohost.c channels.c includes.h readconf.c servconf.c ssh-keyscan.c ssh.c sshconnect.c sshd.c] move #include <netdb.h> out of includes.h; ok djm@
* - stevesk@cvs.openbsd.org 2006/07/08 21:47:12Damien Miller2006-07-101-1/+4
| | | | | | | [authfd.c canohost.c clientloop.c dns.c dns.h includes.h] [monitor_fdpass.c nchan.c packet.c servconf.c sftp.c ssh-agent.c] [ssh-keyscan.c ssh.c sshconnect.h sshd.c sshlogin.h] move #include <sys/socket.h> out of includes.h
* - djm@cvs.openbsd.org 2006/03/25 22:22:43Damien Miller2006-03-261-1/+1
| | | | | | | | | | | | | | [atomicio.h auth-options.h auth.h auth2-gss.c authfd.h authfile.h] [bufaux.h buffer.h canohost.h channels.h cipher.h clientloop.h] [compat.h compress.h crc32.c crc32.h deattack.h dh.h dispatch.h] [dns.c dns.h getput.h groupaccess.h gss-genr.c gss-serv-krb5.c] [gss-serv.c hostfile.h includes.h kex.h key.h log.h mac.h match.h] [misc.h monitor.h monitor_fdpass.h monitor_mm.h monitor_wrap.h msg.h] [myproposal.h packet.h pathnames.h progressmeter.h readconf.h rsa.h] [scard.h servconf.h serverloop.h session.h sftp-common.h sftp.h] [ssh-gss.h ssh.h ssh1.h ssh2.h sshconnect.h sshlogin.h sshpty.h] [ttymodes.h uidswap.h uuencode.h xmalloc.h] standardise spacing in $OpenBSD$ tags; requested by deraadt@
* - deraadt@cvs.openbsd.org 2006/03/20 18:41:43Damien Miller2006-03-261-1/+1
| | | | | [dns.c] cast xstrdup to propert u_char *
* id syncDamien Miller2006-03-261-1/+1
|
* - deraadt@cvs.openbsd.org 2006/03/20 18:41:43Damien Miller2006-03-251-2/+2
| | | | | [dns.c] cast xstrdup to propert u_char *
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-251-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - stevesk@cvs.openbsd.org 2005/10/17 14:13:35Damien Miller2005-11-051-9/+5
| | | | | [dns.c dns.h] more cleanups; ok jakob@
* - stevesk@cvs.openbsd.org 2005/10/17 14:01:28Damien Miller2005-11-051-10/+2
| | | | | [dns.c] remove #ifdef LWRES; ok jakob@
* - stevesk@cvs.openbsd.org 2005/10/17 13:45:05Damien Miller2005-11-051-4/+9
| | | | | | | | [dns.c] fix memory leaks from 2 sources: 1) key_fingerprint_raw() 2) malloc in dns_read_rdata() ok jakob@
* - stevesk@cvs.openbsd.org 2005/10/13 19:13:41Damien Miller2005-11-051-5/+3
| | | | | [dns.c] unneeded #include, unused declaration, little knf; ok deraadt@
* - djm@cvs.openbsd.org 2005/06/17 02:44:33Damien Miller2005-06-171-4/+4
| | | | | | | | | | | [auth-rsa.c auth.c auth1.c auth2-chall.c auth2-gss.c authfd.c authfile.c] [bufaux.c canohost.c channels.c cipher.c clientloop.c dns.c gss-serv.c] [kex.c kex.h key.c mac.c match.c misc.c packet.c packet.h scp.c] [servconf.c session.c session.h sftp-client.c sftp-server.c sftp.c] [ssh-keyscan.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c sshd.c] make this -Wsign-compare clean; ok avsm@ markus@ NB. auth1.c changes not committed yet (conflicts with uncommitted sync) NB2. more work may be needed to make portable Wsign-compare clean
* - jakob@cvs.openbsd.org 2005/04/20 10:05:45Damien Miller2005-05-261-2/+27
| | | | | [dns.c] do not try to look up SSHFP for numerical hostname. ok djm@
* - avsm@cvs.openbsd.org 2004/06/21 17:36:31Darren Tucker2004-06-221-4/+4
| | | | | | | | | | | | | [auth-rsa.c auth2-gss.c auth2-pubkey.c authfile.c canohost.c channels.c cipher.c dns.c kex.c monitor.c monitor_fdpass.c monitor_wrap.c monitor_wrap.h nchan.c packet.c progressmeter.c scp.c sftp-server.c sftp.c ssh-gss.h ssh-keygen.c ssh.c sshconnect.c sshconnect1.c sshlogin.c sshpty.c] make ssh -Wshadow clean, no functional changes markus@ ok There are also some portable-specific -Wshadow warnings to be fixed in monitor.c and montior_wrap.c.
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-3/+3
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - jakob@cvs.openbsd.org 2003/11/12 16:39:58Damien Miller2003-11-171-40/+28
| | | | | [dns.c dns.h readconf.c ssh_config.5 sshconnect.c] update SSHFP validation. ok markus@
* - jakob@cvs.openbsd.org 2003/10/14 19:42:10Darren Tucker2003-10-151-5/+2
| | | | | [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c] include SSHFP lookup code (not enabled by default). ok markus@
* - jakob@cvs.openbsd.org 2003/06/11 10:18:47Damien Miller2003-06-111-7/+2
| | | | | [dns.c] sync with check_host_key() change
* - jakob@cvs.openbsd.org 2003/05/15 02:27:15Damien Miller2003-05-151-2/+4
| | | | | [dns.c] add missing freerrset
* - jakob@cvs.openbsd.org 2003/05/14 18:16:20Damien Miller2003-05-151-0/+293
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@