src - OpenBSD base system

Age	Commit message (Collapse)	Author
2010-03-27	tweak previous; ok dtucker	Jason McIntyre

2010-03-26	tweak previous;	Jason McIntyre

2010-03-26	allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer	Damien Miller
	argument to allow skipping past values in a buffer
2010-03-26	Reformat default value of PreferredAuthentications entry (current formatting	Darren Tucker
	implies ", " is acceptable as a separator, which it's not. ok djm@
2010-03-26	mention that -S none disables connection sharing; from Colin Watson	Damien Miller

2010-03-25	from portable: getcwd(NULL, 0) doesn't work on all platforms, so	Damien Miller
	use a stack buffer; ok dtucker@
2010-03-16	crank version to openssh-5.5 since we have a few fixes since 5.4;	Damien Miller
	requested deraadt@ kettenis@
2010-03-16	spelling in error message. ok djm kettenis	Kevin Steves

2010-03-15	also print certificate type (user or host) for ssh-keygen -L	Kevin Steves
	ok djm kettenis
2010-03-13	fix a formatting error (args need quoted); noted by stevesk	Jason McIntyre

2010-03-13	Certificates are named -cert.pub, not _cert.pub; committing a diff	Damien Miller
	from stevesk@ ok me
2010-03-13	protocol conformance fix: send language tag when disconnecting normally;	Damien Miller
	spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
2010-03-12	do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths	Markus Friedl
	free() (not xfree()) the buffer returned by getcwd()
2010-03-12	unbreak AuthorizedKeys option with a $HOME-relative path; reported by	Damien Miller
	vinschen AT redhat.com, ok dtucker@
2010-03-10	correct certificate logging and make it more consistent between	Damien Miller
	authorized_keys and TrustedCAKeys; ok markus@
2010-03-10	typos; from Ross Richardson	Jason McIntyre
	closes prs 6334 and 6335
2010-03-08	sort the list of constraints (to -O); ok djm	Jason McIntyre

2010-03-08	document permit-agent-forwarding certificate constraint; patch from	Damien Miller
	stevesk@
2010-03-07	make internal strptime string match strftime format;	Damien Miller
	suggested by vinschen AT redhat.com and markus@
2010-03-07	openssh-5.4	Damien Miller

2010-03-07	Hold authentication debug messages until after successful authentication.	Darren Tucker
	Fixes an info leak of environment variables specified in authorized_keys, reported by Jacob Appelbaum. ok djm@
2010-03-05	mention loading of certificate files from [private]-cert.pub when	Damien Miller
	they are present; feedback and ok jmc@
2010-03-05	document certificate authentication; help/ok djm	Jason McIntyre

2010-03-05	tweak previous;	Jason McIntyre

2010-03-05	make the warning for a revoked key louder and more noticable	Damien Miller

2010-03-04	"force-command" is not spelled "forced-command"; spotted by	Damien Miller
	imorgan AT nas.nasa.gov
2010-03-04	move section on CA and revoked keys from ssh.1 to sshd.8's known hosts	Damien Miller
	format section and rework it a bit; requested by jmc@
2010-03-04	missing word; spotted by jmc@	Damien Miller

2010-03-04	fix Bk/Ek;	Jason McIntyre

2010-03-04	Add a -L flag to print the contents of a certificate; ok markus@	Damien Miller

2010-03-04	tweak previous;	Jason McIntyre

2010-03-04	Add a TrustedUserCAKeys option to sshd_config to specify CA keys that	Damien Miller
	are trusted to authenticate users (in addition than doing it per-user in authorized_keys). Add a RevokedKeys option to sshd_config and a @revoked marker to known_hosts to allow keys to me revoked and banned for user or host authentication. feedback and ok markus@
2010-03-04	use buffer_get_string_ptr_ret() where we are checking the return	Damien Miller
	value explicitly instead of the fatal()-causing buffer_get_string_ptr()
2010-03-03	s/similar same/similar/; from imorgan AT nas.nasa.gov	Damien Miller

2010-03-03	the authorized_keys option for CA keys is "cert-authority", not	Damien Miller
	"from=cert-authority". spotted by imorgan AT nas.nasa.gov
2010-03-03	reject strings with embedded ASCII nul chars in certificate key IDs,	Damien Miller
	principal names and constraints
2010-03-02	Add RCS Ident	Damien Miller

2010-03-02	POSIX strptime is stricter than OpenBSD's so do a little dance to	Damien Miller
	appease it.
2010-03-01	zap what seems to be a left-over debug message; ok markus@	Otto Moerbeek

2010-02-26	tweak previous;	Jason McIntyre

2010-02-26	Add support for certificate key types for users and hosts.	Damien Miller
	OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as trusted in ~/.ssh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
2010-02-24	Add $OpenBSD$ tags in comments, our portable-syncing scripts use these	Damien Miller

2010-02-21	dlclose() call should also be #ifdef HAVE_DLOPEN	Theo de Raadt

2010-02-20	unbreak build for NOPIC systems; noticed, help and ok deraadt@	Markus Friedl

2010-02-19	gcc2 requires decls before code	Theo de Raadt

2010-02-11	correct comment	Damien Miller

2010-02-11	libarary -> library;	Jason McIntyre

2010-02-10	pkcs#11 is no longer optional; improve wording; ok jmc@	Markus Friedl

2010-02-09	enable PKCS#11 code; ok djm	Markus Friedl

2010-02-09	fix whitespace; from jmc@	Markus Friedl