Age | Commit message (Collapse) | Author |
|
Ifdef out the ECC parts when building with an OpenSSL that doesn't have
it.
|
|
|
|
Revise hostkeys@openssh.com hostkey learning extension.
The client will not ask the server to prove ownership of the private
halves of any hitherto-unseen hostkeys it offers to the client.
Allow UpdateHostKeys option to take an 'ask' argument to let the
user manually review keys offered.
ok markus@
|
|
avoid more fatal/exit in the packet.c paths that
ssh-keyscan uses; feedback and "looks good" markus@
|
|
correctly match ECDSA subtype (== curve) for
offered/recevied host keys. Fixes connection-killing host key mismatches when
a server offers multiple ECDSA keys with different curve type (an extremely
unlikely configuration).
ok markus, "looks mechanical" deraadt@
|
|
add experimental api for packet layer; ok djm@
|