| Age | Commit message (Collapse) | Author |
|---|
|
If configure could not find a working OpenSSL installation it would
fall back to checking in /usr/local/ssl. This made sense back when
systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't
use that as a default any more. The fallback behaviour also meant
that if you pointed --with-ssl-dir at a specific directory and it
didn't work, it would silently use either the system libs or the ones
in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to
pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
|
|
Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
compile-time check for 1.0.1 to match.
|
|
bz#2922, patch from vinschen at redhat.com.
|
|
bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check
by vinschen at redhat.com.
|
|
|
|
Correct error message when OpenSSL doesn't support certain ECDSA key
lengths.
|
|
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
guarded by OPENSSL_HAS_ECC
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single
AC_CHECK_FUNCS. ok djm@
|
|
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
|
|
|
|
|
|
|
|
Use detected functions in compat layer instead of guessing based on
versions. Really fixes builds with LibreSSL, not just configure.
|
|
Check for the existence of openssl version functions and use the ones
detected instead of trying to guess based on the int32 version
identifier. Fixes builds with LibreSSL.
|
|
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API
to obtain version number, but they don't.
|
|
Prompted by Rosen Penev
|
|
|
|
we're old, but we don't have to act it
OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec
|
|
bz#2921, patch from cotequeiroz
|
|
Patch from rosenp at gmail.com via openssh-unix-dev.
|
|
/path/certificate", include the algorithm that the CA used to sign the cert.
OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd
|
|
no need to check the size. OK kn, deraadt
OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439
|
|
Previous versions have a bug with EVP_CipherInit() when passed a
NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613
ok dtucker@
|
|
Missing last argument to OPENSSL_init_crypto()
|
|
Current impementions of the gcc spectre mitigation flags cause
miscompilations when combined with other flags and do not provide much
protection. Found by fweimer at redhat.com, ok djm@
|
|
OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of
OPENSSL_init_crypto; pointed out by Jakub Jelen
|
|
Don't let systems with broken printf(3) avoid our replacements
via asprintf(3)/vasprintf(3) calling libc internally. From djm@
|
|
If the platforms snprintf and friends don't understand %zu, use the
compat replacement. Prevents segfaults on those platforms.
|
|
|
|
|
|
older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker
OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631
|
|
|
|
From Adam Eijdenberg
|
|
Spotted by Adam Eijdenberg
|
|
certificates; spotted by Adam Eijdenberg; ok dtucker@
OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00
|
|
Again, for systems with broken NIS implementations.
Prompted by coolbugcheckers AT gmail.com
|
|
probably unreachable on this platform; pointed out by
coolbugcheckers AT gmail.com
|
|
OpenBSD-Commit-ID: 42d526a9fe01a40dd299ac58014d3349adf40e25
|
|
OpenSSL 1.1.0i has changed the behaviour of their PEM APIs,
so that empty passphrases are interpreted differently. This
probabalistically breaks loading some keys, because the PEM format
is terrible and doesn't include a proper MAC.
Avoid this by providing a basic callback to avoid passing empty
passphrases to OpenSSL in cases where one is required.
Based on patch from Jakub Jelen in bz#2913; ok dtucker@
|
|
Apparently some NIS implementations can leave pw->pw_passwd (or the
shadow equivalent) NULL.
bz#2909; based on patch from Todd Eigenschink
|
|
is specified as "incorrect passphrase" instead of trying to choose between
that and "invalid format".
libcrypto can return ASN1 parsing errors rather than the expected
decrypt error in certain infrequent cases when trying to decrypt/parse
PEM private keys when supplied with an invalid passphrase.
Report and repro recipe from Thomas Deutschmann in bz#2901
ok markus@
OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870
|
|
* Try to resolve a port specification with getservbyname(3) if a
numeric conversion fails.
* Make the "Port" option in ssh_config handle its argument as a
port rather than a plain integer.
ok dtucker@ deraadt@
OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d
|
|
close the local extended read fd (stderr) along with the regular read fd
(stdout). Avoids weird stuck processed in multiplexing mode.
Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863
ok dtucker@ markus@
OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9
|
|
channel_open_message() so we can use it in other debug messages
OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba
|
|
disposition of channel's extended (stderr) fd; makes debugging some things a
bit easier. No behaviour change.
OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce
|
|
report from coolbugcheckers AT gmail.com
OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb
|
|
environment variable names as well as explicit paths. ok dtucker@
OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
|
|
OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900
|
|
|
|
channel/ session protocol. Signalling is only supported to sesssions that are
not subsystems and were not started with a forced command.
Long requested in bz#1424
Based on a patch from markus@ and reworked by dtucker@;
ok markus@ dtucker@
OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3
|
