| Commit message (Collapse) | Author | Files | Lines |
|
OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
|
|
authorized_keys) and -R (remove host from authorized_keys) options may accept
either a bare hostname or a [hostname]:port combo. bz#2935
OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
|
|
This makes the connection 4-tuple available to PAM modules that
wish to use it in decision-making. bz#2741
|
|
In 120a1ec74, loginmsg was changed from the legacy Buffer type
to struct sshbuf*, but it missed changing calls to
sys_auth_allowed_user and sys_auth_record_login which passed
loginmsg by address. Now that it's a pointer, just pass it directly.
This only affects AIX, unless there are out of tree users.
|
|
channel_init_channels() as we do it anyway in channel_handler_init() that we
call at the end of the function. Fix from Markus Schmidt via bz#2938
OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
|
|
OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
|
|
OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
|
|
OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f
|
|
|
|
Try the new init function (OPENSSL_init_crypto) before falling back to
the old one (OpenSSL_add_all_algorithms).
|
|
OpenSSL_add_all_algorithms() may be a macro so check for that too.
|
|
Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus
OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
|
|
now always used for SIGUSR1 even when SIGINFO is not defined. This will make
things simpler in -portable.
OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f
|
|
RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
This fixes the build with configureed --without-openssl.
|
|
|
|
square brackets in case statements may be eaten by autoconf.
Report and fix from Filipp Gunbin; tweaked by naddy@
|
|
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
supports it.
Move all libcrypto initialisation to a single function, and call that
from seed_rng() that is called early in each tool's main().
Prompted by patch from Rosen Penev
|
|
SIGINFO to resync with portable. (ID sync only).
OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16
|
|
trap for them. This allows multiple instances of tests to run without
colliding.
OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c
|
|
test "yes" and "sandbox".
OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da
|
|
UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing).
UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing).
UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names).
useful if you want to run the tests as a smoke test to exercise the
functionality without waiting for all the fuzzers to run.
OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e
|
|
It's unused in -portable, but having it out of sync makes other syncs
fail to apply.
|
|
loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103
ok markus@
OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
|
|
/dev/null. Fixes mosh in proxycommand mode that was broken by the previous
ProxyCommand change that was reported by matthieu@. ok djm@ danj@
OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6
|
|
started with ControlPersist; based on patch from Steffen Prohaska
OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
|
|
use-after-free faults if the ancestors are freed before the descendents.
Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn
OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2
|
|
OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
|
|
Check for the presence of OPENSSL_init_crypto and all the flags we want
before trying to use it (bz#2931).
|
|
current directory; based on report/patch from Harry Sintonen
OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
|
|
socket around for the life of the connection; bz#2912; reported by Simon
Tatham; ok dtucker@
OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
|
|
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were
specified, then authentication would always fail for RSA keys as the monitor
checks only the base key (not the signature algorithm) type against
*AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
|
|
commands; bz#2926; ok dtucker@
OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d
|
|
Mike Frysinger <vapier at gentoo dot org>
OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9
|
|
Colin Watson
OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
|
|
OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
|
|
OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403
|
|
key type at start of doc
OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324
|
|
If configure could not find a working OpenSSL installation it would
fall back to checking in /usr/local/ssl. This made sense back when
systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't
use that as a default any more. The fallback behaviour also meant
that if you pointed --with-ssl-dir at a specific directory and it
didn't work, it would silently use either the system libs or the ones
in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to
pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
|
|
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
|
|
bz#2922, patch from vinschen at redhat.com.
|
|
bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check
by vinschen at redhat.com.
|
|
|
|
Correct error message when OpenSSL doesn't support certain ECDSA key
lengths.
|
|
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single
AC_CHECK_FUNCS. ok djm@
|
|
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
|
|
|
|
|
|
|
|
Use detected functions in compat layer instead of guessing based on
versions. Really fixes builds with LibreSSL, not just configure.
|