summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-02-24Include OpenSSL's objects.h before bn.h.Darren Tucker
Prevents compile errors on some platforms (at least old GCCs and AIX's XLC compilers).
2015-02-24Convert two macros into functions.Darren Tucker
Convert packet_send_debug and packet_disconnect from macros to functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with variadic macros with only one argument so we convert these two into functions. ok djm@
2015-02-24upstream commitdjm@openbsd.org
further silence spurious error message even when -v is specified (e.g. to get visual host keys); reported by naddy@
2015-02-24don't include stdint.h unless HAVE_STDINT_H setDamien Miller
2015-02-24nother sys/queue.h -> sys-queue.h fixDamien Miller
spotted by Tom Christensen
2015-02-24upstream commitdjm@openbsd.org
fix a race condition by using a mux socket rather than an ineffectual wait statement
2015-02-24various include fixes for portableDamien Miller
2015-02-24upstream commitdjm@openbsd.org
add an XXX to remind me to improve sshkey_load_public
2015-02-24upstream commitdjm@openbsd.org
silence a spurious error message when listing fingerprints for known_hosts; bz#2342
2015-02-24upstream commitdjm@openbsd.org
fix setting/clearing of TTY raw mode around UpdateHostKeys=ask confirmation question; reported by Herb Goldman
2015-02-23Repair for non-ECC OpenSSL.Darren Tucker
Ifdef out the ECC parts when building with an OpenSSL that doesn't have it.
2015-02-23Wrap stdint.h includes in ifdefs.Darren Tucker
2015-02-21out of tree build fixTim Rice
2015-02-21mkdir kex unit test directory so testing out of tree builds worksTim Rice
2015-02-22upstream commithalex@openbsd.org
make "ssh-add -d" properly remove a corresponding certificate, and also not whine and fail if there is none ok djm@
2015-02-22mkdir hostkey and bitmap unit test directoriesDamien Miller
2015-02-22upstream commitdjm@openbsd.org
sort options useable under Match case-insensitively; prodded jmc@
2015-02-22upstream commitdjm@openbsd.org
correct paths to configuration files being written/updated; they live in $OBJ not cwd; some by Roumen Petrov
2015-02-21More correct checking of HAVE_DECL_AI_NUMERICSERV.Darren Tucker
2015-02-21Add null declaration of AI_NUMERICINFO.Darren Tucker
Some platforms (older FreeBSD and DragonFly versions) do have getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero in those cases.
2015-02-21upstream commitdjm@openbsd.org
more options that are available under Match; bz#2353 reported by calestyo AT scientia.net
2015-02-21upstream commitdjm@openbsd.org
UpdateHostKeys fixes: I accidentally changed the format of the hostkeys@openssh.com messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/hostkeys@openssh.com/hostkeys-00@openssh.com/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
2015-02-21upstream commitdjm@openbsd.org
Regression: I broke logging of public key fingerprints in 1.46. Pointed out by Pontus Lundkvist
2015-02-18repair --without-openssl; broken in refactorDamien Miller
2015-02-17hook up hostkeys unittest to portable MakefilesDamien Miller
2015-02-17upstream commitdjm@openbsd.org
enable hostkeys unit tests
2015-02-17upstream commitdjm@openbsd.org
check string/memory compare arguments aren't NULL
2015-02-17upstream commitdjm@openbsd.org
unit tests for hostfile.c code, just hostkeys_foreach so far
2015-02-17upstream commitmarkus@openbsd.org
test server rekey limit
2015-02-17upstream commitdjm@openbsd.org
partial backout of: revision 1.441 date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid : x8klYPZMJSrVlt3O; Let sshd load public host keys even when private keys are missing. Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@ hostkey updates now require access to the private key, so we can't load public keys only. The improved log messages (fingerprints of keys loaded) are kept.
2015-02-17upstream commitdjm@openbsd.org
Revise hostkeys@openssh.com hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
2015-02-17upstream commitdjm@openbsd.org
Refactor hostkeys_foreach() and dependent code Deal with IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing changed ok markus@ as part of larger commit
2015-02-17upstream commitmiod@openbsd.org
Declare ge25519_base as extern, to prevent it from becoming a common. Gets us rid of ``lignment 4 of symbol `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in mod_ed25519.o'' warnings at link time.
2015-02-17upstream commitmarkus@openbsd.org
make rekey_limit for sshd w/privsep work; ok djm@ dtucker@
2015-02-17upstream commitdtucker@openbsd.org
Prevent sshd spamming syslog with "ssh_dispatch_run_fatal: disconnected". ok markus@
2015-02-11upstream commitdjm@openbsd.org
Some packet error messages show the address of the peer, but might be generated after the socket to the peer has suffered a TCP reset. In these cases, getpeername() won't work so cache the address earlier. spotted in the wild via deraadt@ and tedu@
2015-02-11upstream commitjsg@openbsd.org
fix some leaks in error paths ok markus@
2015-02-09upstream commitmillert@openbsd.org
SIZE_MAX is standard, we should be using it in preference to the obsolete SIZE_T_MAX. OK miod@ beck@
2015-02-07upstream commitmillert@openbsd.org
Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@
2015-02-05upstream commitderaadt@openbsd.org
missing ; djm and mlarkin really having great interactions recently
2015-02-05upstream commithalex@openbsd.org
slightly extend the passphrase prompt if running with -c in order to give the user a chance to notice if unintentionally running without it wording tweak and ok djm@
2015-02-03upstream commitdjm@openbsd.org
handle PKCS#11 C_Login returning CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@
2015-02-03upstream commitdjm@openbsd.org
turn UpdateHostkeys off by default until I figure out mlarkin@'s warning message; requested by deraadt@
2015-02-03upstream commitderaadt@openbsd.org
increasing encounters with difficult DNS setups in darknets has convinced me UseDNS off by default is better ok djm
2015-02-01upstream commitdjm@openbsd.org
Let sshd load public host keys even when private keys are missing. Allows sshd to advertise additional keys for future key rotation. Also log fingerprint of hostkeys loaded; ok markus@
2015-01-30upstream commitdjm@openbsd.org
Add a ssh_config HostbasedKeyType option to control which host public key types are tried during hostbased authentication. This may be used to prevent too many keys being sent to the server, and blowing past its MaxAuthTries limit. bz#2211 based on patch by Iain Morgan; ok markus@
2015-01-30upstream commitdjm@openbsd.org
set a timeout to prevent hangs when talking to busted servers; ok markus@
2015-01-30upstream commitdjm@openbsd.org
regression test for 'wildcard CA' serial/key ID revocations
2015-01-30upstream commitdjm@openbsd.org
avoid more fatal/exit in the packet.c paths that ssh-keyscan uses; feedback and "looks good" markus@
2015-01-30upstream commitdjm@openbsd.org
permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA; ok markus@