upstream commit

Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
author: djm@openbsd.org <djm@openbsd.org> 2015-02-16 22:13:32 +0000
committer: Damien Miller <djm@mindrot.org> 2015-02-17 09:32:32 +1100
commit: 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc (patch)
tree: 772be92cee9553c19d51b4570113c3d4de0c2d8b /readconf.h
parent: 6c5c949782d86a6e7d58006599c7685bfcd01685 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/readconf.h b/readconf.h
index 701b9c696..576b9e352 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.108 2015/01/30 11:43:14 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.109 2015/02/16 22:13:32 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -148,7 +148,7 @@ typedef struct {
        int      fingerprint_hash;
-        int      update_hostkeys;
+        int      update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
        char    *hostbased_key_types;
@@ -174,6 +174,10 @@ typedef struct {
 #define SSHCONF_USERCONF        2  /* user provided config file not system */
 #define SSHCONF_POSTCANON       4  /* After hostname canonicalisation */
+#define SSH_UPDATE_HOSTKEYS_NO  0
+#define SSH_UPDATE_HOSTKEYS_YES 1
+#define SSH_UPDATE_HOSTKEYS_ASK 2
 void     initialize_options(Options *);
 void     fill_default_options(Options *);
 void     fill_default_options_for_canonicalization(Options *);
author	djm@openbsd.org <djm@openbsd.org>	2015-02-16 22:13:32 +0000
committer	Damien Miller <djm@mindrot.org>	2015-02-17 09:32:32 +1100
commit	523463a3a2a9bfc6cfc5afa01bae9147f76a37cc (patch)
tree	772be92cee9553c19d51b4570113c3d4de0c2d8b /readconf.h
parent	6c5c949782d86a6e7d58006599c7685bfcd01685 (diff)