Age | Commit message (Collapse) | Author |
|
[auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
[channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
[kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
[sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
[openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
replace most bzero with explicit_bzero, except a few that cna be memset
ok djm dtucker
|
|
[krl.c]
fix verification error in (as-yet usused) KRL signature checking path
|
|
[krl.c]
don't leak the rdata blob on errors; ok djm@
|
|
[auth2-gss.c krl.c sshconnect2.c]
hush some {unused, printf type} warnings
|
|
[krl.c]
Remove bogus include. ok djm
(id sync only)
|
|
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
|
|
[krl.c]
actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
|
|
[krl.c]
redo last commit without the vi-vomit that snuck in:
skip serial lookup when cert's serial number is zero
(now with 100% better comment)
|
|
[krl.c]
Revert last. Breaks due to likely typo. Let djm@ fix later.
ok djm@ via dlg@
|
|
[krl.c]
skip serial lookup when cert's serial number is zero
|
|
- djm@cvs.openbsd.org 2013/01/24 21:45:37
[krl.c]
fix handling of (unused) KRL signatures; skip string in correct buffer
|
|
version.
|
|
[krl.c]
RB_INSERT does not remove existing elments; ok djm@
|
|
[krl.c]
fix KRL generation bug for list sections
|
|
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
[krl.c krl.h PROTOCOL.krl]
add support for Key Revocation Lists (KRLs). These are a compact way to
represent lists of revoked keys and certificates, taking as little as
a single bit of incremental cost to revoke a certificate by serial number.
KRLs are loaded via the existing RevokedKeys sshd_config option.
feedback and ok markus@
|