upstream commit

Revise hostkeys@openssh.com hostkey learning extension.

The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.

Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.

ok markus@

1 files changed, 4 insertions, 3 deletions

diff --git a/ssh_api.c b/ssh_api.c
index 7097c063c..265a3e639 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.3 2015/01/30 01:13:33 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.4 2015/02/16 22:13:32 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -41,7 +41,7 @@ int	_ssh_verify_host_key(struct sshkey *, struct ssh *);
 struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
 struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
 int     _ssh_host_key_sign(struct sshkey *, struct sshkey *, u_char **,
-    size_t *, u_char *, size_t, u_int);
+    size_t *, const u_char *, size_t, u_int);
 
 /*
  * stubs for the server side implementation of kex.
@@ -524,7 +524,8 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
 
 int
 _ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey,
-    u_char **signature, size_t *slen, u_char *data, size_t dlen, u_int compat)
+    u_char **signature, size_t *slen,
+    const u_char *data, size_t dlen, u_int compat)
 {
         return sshkey_sign(privkey, signature, slen, data, dlen, compat);
 }