Remove unused sKerberosTgtPassing from enum. From
calestyo via github pull req #11, ok djm@
OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
Rename struct umac_ctx to umac128_ctx too. In portable
some linkers complain about two symbols with the same name having differing
sizes. ok djm@
OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
ssh_free checks for and handles NULL args, remove NULL
checks from remaining callers. ok djm@
OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
Sometimes multiplex tests fail on Solaris with "netcat: local_listen:
Address already in use" which is likely due to previous invocations
leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to
SO_REUSEPORT which is alread set on platforms that support it). ok djm@
Remove some #ifdef notyet code from OpenSSL 0.9.8 days.
These functions have never appeared in OpenSSL and are likely never to do
so.
"kill it with fire" djm@
OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
Remove all guards for calls to OpenSSL free functions -
all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
Prompted by dtucker@ asking about guards for RSA_free(), when looking at
openssh-portable pr#84 on github.
ok deraadt@ dtucker@
OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
Replace "trojan horse" with the correct term (MITM).
From maikel at predikkta.com via bz#2822, ok markus@
OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
The file descriptors for socket, stdin, stdout and stderr
aren't necessarily distinct, so check if they are the same to avoid closing
the same fd several times.
ok djm
OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
certificate options are case-sensitive; fix case on one
that had it wrong.
move a badly-place sentence to a less bad place
OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
Fix a logic bug in sshd_exchange_identification which
prevented clients using major protocol version 2 from connecting to the
server. ok millert@
OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.
ok markus@
OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
try harder to preserve errno during
ssh_connect_direct() to make the final error message possibly accurate;
bz#2814, ok dtucker@
OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
unbreak support for clients that advertise a protocol
version of "1.99" (indicating both v2 and v1 support). Busted by me during
SSHv1 purge in r1.358; bz2810, ok dtucker
OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
don't attempt to force hostnames that are addresses to
lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to
remove ambiguities (e.g. ::0001 => ::1) before they are matched against
known_hosts; bz#2763, ok dtucker@
OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
avoid modifying pw->pw_passwd; let endpwent() clean up
for us, but keep a scrubbed copy; bz2777, ok dtucker@
OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
split client/server kex; only ssh-keygen needs
uuencode.o; only scp/sftp use progressmeter.o; ok djm@
OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee
revert stricter key type / signature type checking in
userauth path; too much software generates inconsistent messages, so we need
a better plan.
OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
