This will allow to use the same configuration in client applications
including the users aliases or system wide cryptographic configuration.
As the configuration parsing is the last thing before doing the
actual connection, it might overwrite previously set options.
If this is not intended, the client application can
ask the configuration files to be parsed before setting some other
options that should not ve overwritten. The code ensures that
the configuration is not parsed again.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
This option allows to specify acceptable public key algorithms
and reflects the PubkeyAcceptedTypes configuration option from
OpenSSH.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Add a new option SSH_OPTIONS_NODELAY to enable or disable the
Nagle Algorithm (TCP_NODELAY) on the session socket.
Improved performance can be achieved for some applications like
sftp servers by enabling SSH_OPTIONS_NODELAY as typically, the
next request won't arrive until the server replies, which are
typically small writes.
Signed-off-by: Alberto Aguirre <albaguirre@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Summary:
This patch adds support for mbedTLS as a crypto backend for libssh.
mbedTLS is an SSL/TLS library that has been designed to mainly be used
in embedded systems. It is loosely coupled and has a low memory
footprint. mbedTLS also provides a cryptography library (libmbedcrypto)
that can be used without the TLS modules.
The patch is unfortunately quite big, since several new files had to
be added.
DSA is disabled at compile time, since mbedTLS doesn't support DSA
Patch review and feedback would be appreciated, and if any issues or
suggestions appear, I'm willing to work on them.
Signed-off-by: Juraj Vijtiuk <juraj.vijtiuk@sartura.hr>
Test Plan:
* The patch has been tested with a Debug and MinSizeRel build, with
libssh unit tests, client tests and the pkd tests.
* All the tests have been run with valgrind's memcheck, drd and helgrind
tools.
* The examples/samplessh client works when built with the patch.
Reviewers: asn, aris
Subscribers: simonsj
Differential Revision: https://bugs.libssh.org/D1
That way, we will not fail later on key exchange phase when something
unknown is negotiated.
Fixes T37
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
This sets the bind private key directly from an ssh_key struct instead
of reading a file.
Signed-off-by: Alfredo Mazzinghi <am2419@cl.cam.ac.uk>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
* src/options.c (ssh_options_getopt): Only call 'ssh_options_set' if
a port has been given.
Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Having "ssh_" prefix in the functions' name will avoid possible clashes
when compiling libssh statically.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
The previous list is not freed. Since the new session just got
created, an identity list is already allocated and empty.
Signed-off-by: Sebastien Boving <seb@google.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
SSH_BIND_OPTIONS_HOSTKEY will now load host keys of any supported type
rather than set the algorithms that the server permits (which seems
like an unhelpful option anyway; it seems you can always control this
by just loading the right keys).
This option has slightly different semantics than the
SSH_BIND_OPTIONS_<x>KEY options because it requires the key file to
exist immediately rather than on ssh_bind_listen or
ssh_bind_accept_fd. The semantics of this option makes more sense to
me.
We also eliminate ssh_bind_options_set_algo, since it is no longer
used.
Signed-off-by: Alan Dunn <amdunn@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
