... and make coerity happy avoiding dead code
CID 1531320
CID 1531321
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Norbert Pocs <norbertpocs0@gmail.com>
This creates an XML file with information about each symbol, including the
anchors used in the URL. It's useful to have this to generate links to the
documentation from other documentation systems.
Signed-off-by: James Wrigley <james@puiterwijk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This prevents code injection.
The domain name syntax checker is based on RFC1035.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
The hostname can be a domain name or an ip address. The colon has to be
allowed because of IPv6 even it is prohibited in domain names.
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
Using ssh_config_parse_uri can simplify the parsing of the host
parsing inside the function of ssh_options_set
Signed-off-by: Norbert Pocs <norbertpocs0@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This also adds an fallback to OpenSSH file format in non-OpenSSL backends and
OpenSSH-compatible private key export for writing OpenSSH private keys.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The OpenSSL claims that these parameters are not mandatory and just speed up
calculations. But in reality, if they are missing, we can not export this key
into PEM files or if we export them, they are not readable/valid.
This was discussed in the following OpenSSL issue even with some proposed fix,
but it will take time before this will be implemented so in the meantime, we
back down to calculating the parameters manually as done in OpenSSH.
https://github.com/openssl/openssl/issues/21826
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
There are several tests that depended in the past on the fact that we can not
read public key from private encrypted keys. This is no longer the case for some
time as the OpenSSH file format has public key in plaintext.
This change just converts the same key into the PEM Format, which should still
be opaque for us and trigger code paths that enforce opening of the accompanied
public key file.
Converted using the following command:
$ ssh-keygen -m PEM -p -N secret -P secret -f tests/keys/id_rsa_protected
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This avoids very-long test and false positives when using some
auto-pubkey authentication from picking up default keys, which are available in
bob's home directory when we want to test the certificate authentication.
The separate file is also needed because once we change to bob's UID, we can not
simply go back different UID and this sounds cleaner than setting up SSH_DIR to
different users ...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
This involves reading the certificates from configuration files through options
and handling them similarly as the OpenSSH does when doing the auto pubkey
authentication, also in combination with agent or identities only.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Sahana Prasad <sahana@redhat.com>
