From 2aa9da1a3b360cf7b13e96fe1521534b91501fb5 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 24 Mar 2015 01:29:19 +0000
Subject: upstream commit

Compile-time disable SSH protocol 1. You can turn it
 back on using the Makefile.inc knob if you need it to talk to ancient
 devices.
---
 configure.ac | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index b4d6598d5..5c9e0f87a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -122,7 +122,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
 ])
 
 openssl=yes
-ssh1=yes
+ssh1=no
 AC_ARG_WITH([openssl],
 	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
 	[  if test "x$withval" = "xno" ; then
@@ -140,12 +140,13 @@ else
 fi
 
 AC_ARG_WITH([ssh1],
-	[  --without-ssh1          Disable support for SSH protocol 1],
+	[  --with-ssh1             Enable support for SSH protocol 1],
 	[
-		if test "x$withval" = "xno" ; then
-			ssh1=no
-		elif test "x$openssl" = "xno" ; then
-			AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
+		if test "x$withval" = "xyes" ; then
+			if test "x$openssl" = "xno" ; then
+				AC_MSG_ERROR([Cannot enable SSH protocol 1 with OpenSSL disabled])
+			fi
+			ssh1=yes
 		fi
 	]
 )
-- 
cgit v1.2.3