diff -ruN openssh-3.7.1p2+x509g2/configure openssh-3.7.1p2+x509g4/configure --- openssh-3.7.1p2+x509g2/configure 2003-09-25 09:06:02.000000000 +0300 +++ openssh-3.7.1p2+x509g4/configure 2004-03-09 09:06:02.000000000 +0200 @@ -9012,68 +9012,10 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi -# Check vulnerable for ASN.1 encoding errors OpenSSL version. -# see http://www.openssl.org/news/secadv_20020730.txt -echo "$as_me:9017: checking for ASN.1 encoding errors vulnerable OpenSSL version" >&5 -echo $ECHO_N "checking for ASN.1 encoding errors vulnerable OpenSSL version... $ECHO_C" >&6 -if test "$cross_compiling" = yes; then - { { echo "$as_me:9020: error: cannot run test program while cross compiling" >&5 -echo "$as_me: error: cannot run test program while cross compiling" >&2;} - { (exit 1); exit 1; }; } -else - cat >conftest.$ac_ext <<_ACEOF -#line 9025 "configure" -#include "confdefs.h" - -#include -#include - -int main(void) { - unsigned long ssl_ver = SSLeay(); - /* 0.9.6X where X > e */ - if ((0x0090606fL <= ssl_ver) && (ssl_ver <= 0x00906fffL)) - exit (0); - /* 0.9.7X where X > beta2 */ - if ((0x00907003L <= ssl_ver)) - exit (0); - exit (1); - return (1); -} - -_ACEOF -rm -f conftest$ac_exeext -if { (eval echo "$as_me:9045: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:9048: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:9050: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:9053: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - - echo "$as_me:9056: result: no" >&5 -echo "${ECHO_T}no" >&6 - -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 - - echo "$as_me:9064: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - { echo "$as_me:9066: WARNING: Your OpenSSL library might is vulnerable for ASN.1 encoding errors" >&5 -echo "$as_me: WARNING: Your OpenSSL library might is vulnerable for ASN.1 encoding errors" >&2;} - -fi -rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the # version in OpenSSL. Skip this for PAM if test "x$check_for_libcrypt_later" = "x1"; then - echo "$as_me:9076: checking for crypt in -lcrypt" >&5 + echo "$as_me:9018: checking for crypt in -lcrypt" >&5 echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 if test "${ac_cv_lib_crypt_crypt+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9081,7 +9023,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 9084 "configure" +#line 9026 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -9100,16 +9042,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:9103: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9045: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9106: \$? = $ac_status" >&5 + echo "$as_me:9048: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:9109: \"$ac_try\"") >&5 + { (eval echo "$as_me:9051: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9112: \$? = $ac_status" >&5 + echo "$as_me:9054: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_crypt_crypt=yes else @@ -9120,7 +9062,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:9123: result: $ac_cv_lib_crypt_crypt" >&5 +echo "$as_me:9065: result: $ac_cv_lib_crypt_crypt" >&5 echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 if test $ac_cv_lib_crypt_crypt = yes; then LIBS="$LIBS -lcrypt" @@ -9131,15 +9073,15 @@ ### Configure cryptographic random number support # Check wheter OpenSSL seeds itself -echo "$as_me:9134: checking whether OpenSSL's PRNG is internally seeded" >&5 +echo "$as_me:9076: checking whether OpenSSL's PRNG is internally seeded" >&5 echo $ECHO_N "checking whether OpenSSL's PRNG is internally seeded... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:9137: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:9079: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 9142 "configure" +#line 9084 "configure" #include "confdefs.h" #include @@ -9148,19 +9090,19 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:9151: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9093: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9154: \$? = $ac_status" >&5 + echo "$as_me:9096: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:9156: \"$ac_try\"") >&5 + { (eval echo "$as_me:9098: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9159: \$? = $ac_status" >&5 + echo "$as_me:9101: \$? = $ac_status" >&5 (exit $ac_status); }; }; then OPENSSL_SEEDS_ITSELF=yes - echo "$as_me:9163: result: yes" >&5 + echo "$as_me:9105: result: yes" >&5 echo "${ECHO_T}yes" >&6 else @@ -9168,7 +9110,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:9171: result: no" >&5 + echo "$as_me:9113: result: no" >&5 echo "${ECHO_T}no" >&6 # Default to use of the rand helper if OpenSSL doesn't # seed itself @@ -9188,7 +9130,7 @@ # Force use of OpenSSL's internal RNG, even if # the previous test showed it to be unseeded. if test -z "$OPENSSL_SEEDS_ITSELF" ; then - { echo "$as_me:9191: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&5 + { echo "$as_me:9133: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&5 echo "$as_me: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&2;} OPENSSL_SEEDS_ITSELF=yes USE_RAND_HELPER="" @@ -9229,7 +9171,7 @@ [0-9]*) ;; *) - { { echo "$as_me:9232: error: You must specify a numeric port number for --with-prngd-port" >&5 + { { echo "$as_me:9174: error: You must specify a numeric port number for --with-prngd-port" >&5 echo "$as_me: error: You must specify a numeric port number for --with-prngd-port" >&2;} { (exit 1); exit 1; }; } ;; @@ -9260,7 +9202,7 @@ /*) ;; *) - { { echo "$as_me:9263: error: You must specify an absolute path to the entropy socket" >&5 + { { echo "$as_me:9205: error: You must specify an absolute path to the entropy socket" >&5 echo "$as_me: error: You must specify an absolute path to the entropy socket" >&2;} { (exit 1); exit 1; }; } ;; @@ -9268,12 +9210,12 @@ if test ! -z "$withval" ; then if test ! -z "$PRNGD_PORT" ; then - { { echo "$as_me:9271: error: You may not specify both a PRNGD/EGD port and socket" >&5 + { { echo "$as_me:9213: error: You may not specify both a PRNGD/EGD port and socket" >&5 echo "$as_me: error: You may not specify both a PRNGD/EGD port and socket" >&2;} { (exit 1); exit 1; }; } fi if test ! -r "$withval" ; then - { echo "$as_me:9276: WARNING: Entropy socket is not readable" >&5 + { echo "$as_me:9218: WARNING: Entropy socket is not readable" >&5 echo "$as_me: WARNING: Entropy socket is not readable" >&2;} fi PRNGD_SOCKET="$withval" @@ -9287,7 +9229,7 @@ # Check for existing socket only if we don't have a random device already if test "$USE_RAND_HELPER" = yes ; then - echo "$as_me:9290: checking for PRNGD/EGD socket" >&5 + echo "$as_me:9232: checking for PRNGD/EGD socket" >&5 echo $ECHO_N "checking for PRNGD/EGD socket... $ECHO_C" >&6 # Insert other locations here for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do @@ -9301,10 +9243,10 @@ fi done if test ! -z "$PRNGD_SOCKET" ; then - echo "$as_me:9304: result: $PRNGD_SOCKET" >&5 + echo "$as_me:9246: result: $PRNGD_SOCKET" >&5 echo "${ECHO_T}$PRNGD_SOCKET" >&6 else - echo "$as_me:9307: result: not found" >&5 + echo "$as_me:9249: result: not found" >&5 echo "${ECHO_T}not found" >&6 fi fi @@ -9360,7 +9302,7 @@ # Extract the first word of "ls", so it can be a program name with args. set dummy ls; ac_word=$2 -echo "$as_me:9363: checking for $ac_word" >&5 +echo "$as_me:9305: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_LS+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9377,7 +9319,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_LS="$ac_dir/$ac_word" - echo "$as_me:9380: found $ac_dir/$ac_word" >&5 + echo "$as_me:9322: found $ac_dir/$ac_word" >&5 break fi done @@ -9388,10 +9330,10 @@ PROG_LS=$ac_cv_path_PROG_LS if test -n "$PROG_LS"; then - echo "$as_me:9391: result: $PROG_LS" >&5 + echo "$as_me:9333: result: $PROG_LS" >&5 echo "${ECHO_T}$PROG_LS" >&6 else - echo "$as_me:9394: result: no" >&5 + echo "$as_me:9336: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9401,7 +9343,7 @@ # Extract the first word of "netstat", so it can be a program name with args. set dummy netstat; ac_word=$2 -echo "$as_me:9404: checking for $ac_word" >&5 +echo "$as_me:9346: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_NETSTAT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9418,7 +9360,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_NETSTAT="$ac_dir/$ac_word" - echo "$as_me:9421: found $ac_dir/$ac_word" >&5 + echo "$as_me:9363: found $ac_dir/$ac_word" >&5 break fi done @@ -9429,10 +9371,10 @@ PROG_NETSTAT=$ac_cv_path_PROG_NETSTAT if test -n "$PROG_NETSTAT"; then - echo "$as_me:9432: result: $PROG_NETSTAT" >&5 + echo "$as_me:9374: result: $PROG_NETSTAT" >&5 echo "${ECHO_T}$PROG_NETSTAT" >&6 else - echo "$as_me:9435: result: no" >&5 + echo "$as_me:9377: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9442,7 +9384,7 @@ # Extract the first word of "arp", so it can be a program name with args. set dummy arp; ac_word=$2 -echo "$as_me:9445: checking for $ac_word" >&5 +echo "$as_me:9387: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_ARP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9459,7 +9401,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_ARP="$ac_dir/$ac_word" - echo "$as_me:9462: found $ac_dir/$ac_word" >&5 + echo "$as_me:9404: found $ac_dir/$ac_word" >&5 break fi done @@ -9470,10 +9412,10 @@ PROG_ARP=$ac_cv_path_PROG_ARP if test -n "$PROG_ARP"; then - echo "$as_me:9473: result: $PROG_ARP" >&5 + echo "$as_me:9415: result: $PROG_ARP" >&5 echo "${ECHO_T}$PROG_ARP" >&6 else - echo "$as_me:9476: result: no" >&5 + echo "$as_me:9418: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9483,7 +9425,7 @@ # Extract the first word of "ifconfig", so it can be a program name with args. set dummy ifconfig; ac_word=$2 -echo "$as_me:9486: checking for $ac_word" >&5 +echo "$as_me:9428: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_IFCONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9500,7 +9442,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_IFCONFIG="$ac_dir/$ac_word" - echo "$as_me:9503: found $ac_dir/$ac_word" >&5 + echo "$as_me:9445: found $ac_dir/$ac_word" >&5 break fi done @@ -9511,10 +9453,10 @@ PROG_IFCONFIG=$ac_cv_path_PROG_IFCONFIG if test -n "$PROG_IFCONFIG"; then - echo "$as_me:9514: result: $PROG_IFCONFIG" >&5 + echo "$as_me:9456: result: $PROG_IFCONFIG" >&5 echo "${ECHO_T}$PROG_IFCONFIG" >&6 else - echo "$as_me:9517: result: no" >&5 + echo "$as_me:9459: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9524,7 +9466,7 @@ # Extract the first word of "jstat", so it can be a program name with args. set dummy jstat; ac_word=$2 -echo "$as_me:9527: checking for $ac_word" >&5 +echo "$as_me:9469: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_JSTAT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9541,7 +9483,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_JSTAT="$ac_dir/$ac_word" - echo "$as_me:9544: found $ac_dir/$ac_word" >&5 + echo "$as_me:9486: found $ac_dir/$ac_word" >&5 break fi done @@ -9552,10 +9494,10 @@ PROG_JSTAT=$ac_cv_path_PROG_JSTAT if test -n "$PROG_JSTAT"; then - echo "$as_me:9555: result: $PROG_JSTAT" >&5 + echo "$as_me:9497: result: $PROG_JSTAT" >&5 echo "${ECHO_T}$PROG_JSTAT" >&6 else - echo "$as_me:9558: result: no" >&5 + echo "$as_me:9500: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9565,7 +9507,7 @@ # Extract the first word of "ps", so it can be a program name with args. set dummy ps; ac_word=$2 -echo "$as_me:9568: checking for $ac_word" >&5 +echo "$as_me:9510: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_PS+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9582,7 +9524,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_PS="$ac_dir/$ac_word" - echo "$as_me:9585: found $ac_dir/$ac_word" >&5 + echo "$as_me:9527: found $ac_dir/$ac_word" >&5 break fi done @@ -9593,10 +9535,10 @@ PROG_PS=$ac_cv_path_PROG_PS if test -n "$PROG_PS"; then - echo "$as_me:9596: result: $PROG_PS" >&5 + echo "$as_me:9538: result: $PROG_PS" >&5 echo "${ECHO_T}$PROG_PS" >&6 else - echo "$as_me:9599: result: no" >&5 + echo "$as_me:9541: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9606,7 +9548,7 @@ # Extract the first word of "sar", so it can be a program name with args. set dummy sar; ac_word=$2 -echo "$as_me:9609: checking for $ac_word" >&5 +echo "$as_me:9551: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_SAR+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9623,7 +9565,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_SAR="$ac_dir/$ac_word" - echo "$as_me:9626: found $ac_dir/$ac_word" >&5 + echo "$as_me:9568: found $ac_dir/$ac_word" >&5 break fi done @@ -9634,10 +9576,10 @@ PROG_SAR=$ac_cv_path_PROG_SAR if test -n "$PROG_SAR"; then - echo "$as_me:9637: result: $PROG_SAR" >&5 + echo "$as_me:9579: result: $PROG_SAR" >&5 echo "${ECHO_T}$PROG_SAR" >&6 else - echo "$as_me:9640: result: no" >&5 + echo "$as_me:9582: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9647,7 +9589,7 @@ # Extract the first word of "w", so it can be a program name with args. set dummy w; ac_word=$2 -echo "$as_me:9650: checking for $ac_word" >&5 +echo "$as_me:9592: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_W+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9664,7 +9606,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_W="$ac_dir/$ac_word" - echo "$as_me:9667: found $ac_dir/$ac_word" >&5 + echo "$as_me:9609: found $ac_dir/$ac_word" >&5 break fi done @@ -9675,10 +9617,10 @@ PROG_W=$ac_cv_path_PROG_W if test -n "$PROG_W"; then - echo "$as_me:9678: result: $PROG_W" >&5 + echo "$as_me:9620: result: $PROG_W" >&5 echo "${ECHO_T}$PROG_W" >&6 else - echo "$as_me:9681: result: no" >&5 + echo "$as_me:9623: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9688,7 +9630,7 @@ # Extract the first word of "who", so it can be a program name with args. set dummy who; ac_word=$2 -echo "$as_me:9691: checking for $ac_word" >&5 +echo "$as_me:9633: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_WHO+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9705,7 +9647,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_WHO="$ac_dir/$ac_word" - echo "$as_me:9708: found $ac_dir/$ac_word" >&5 + echo "$as_me:9650: found $ac_dir/$ac_word" >&5 break fi done @@ -9716,10 +9658,10 @@ PROG_WHO=$ac_cv_path_PROG_WHO if test -n "$PROG_WHO"; then - echo "$as_me:9719: result: $PROG_WHO" >&5 + echo "$as_me:9661: result: $PROG_WHO" >&5 echo "${ECHO_T}$PROG_WHO" >&6 else - echo "$as_me:9722: result: no" >&5 + echo "$as_me:9664: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9729,7 +9671,7 @@ # Extract the first word of "last", so it can be a program name with args. set dummy last; ac_word=$2 -echo "$as_me:9732: checking for $ac_word" >&5 +echo "$as_me:9674: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_LAST+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9746,7 +9688,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_LAST="$ac_dir/$ac_word" - echo "$as_me:9749: found $ac_dir/$ac_word" >&5 + echo "$as_me:9691: found $ac_dir/$ac_word" >&5 break fi done @@ -9757,10 +9699,10 @@ PROG_LAST=$ac_cv_path_PROG_LAST if test -n "$PROG_LAST"; then - echo "$as_me:9760: result: $PROG_LAST" >&5 + echo "$as_me:9702: result: $PROG_LAST" >&5 echo "${ECHO_T}$PROG_LAST" >&6 else - echo "$as_me:9763: result: no" >&5 + echo "$as_me:9705: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9770,7 +9712,7 @@ # Extract the first word of "lastlog", so it can be a program name with args. set dummy lastlog; ac_word=$2 -echo "$as_me:9773: checking for $ac_word" >&5 +echo "$as_me:9715: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_LASTLOG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9787,7 +9729,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_LASTLOG="$ac_dir/$ac_word" - echo "$as_me:9790: found $ac_dir/$ac_word" >&5 + echo "$as_me:9732: found $ac_dir/$ac_word" >&5 break fi done @@ -9798,10 +9740,10 @@ PROG_LASTLOG=$ac_cv_path_PROG_LASTLOG if test -n "$PROG_LASTLOG"; then - echo "$as_me:9801: result: $PROG_LASTLOG" >&5 + echo "$as_me:9743: result: $PROG_LASTLOG" >&5 echo "${ECHO_T}$PROG_LASTLOG" >&6 else - echo "$as_me:9804: result: no" >&5 + echo "$as_me:9746: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9811,7 +9753,7 @@ # Extract the first word of "df", so it can be a program name with args. set dummy df; ac_word=$2 -echo "$as_me:9814: checking for $ac_word" >&5 +echo "$as_me:9756: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_DF+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9828,7 +9770,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_DF="$ac_dir/$ac_word" - echo "$as_me:9831: found $ac_dir/$ac_word" >&5 + echo "$as_me:9773: found $ac_dir/$ac_word" >&5 break fi done @@ -9839,10 +9781,10 @@ PROG_DF=$ac_cv_path_PROG_DF if test -n "$PROG_DF"; then - echo "$as_me:9842: result: $PROG_DF" >&5 + echo "$as_me:9784: result: $PROG_DF" >&5 echo "${ECHO_T}$PROG_DF" >&6 else - echo "$as_me:9845: result: no" >&5 + echo "$as_me:9787: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9852,7 +9794,7 @@ # Extract the first word of "vmstat", so it can be a program name with args. set dummy vmstat; ac_word=$2 -echo "$as_me:9855: checking for $ac_word" >&5 +echo "$as_me:9797: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_VMSTAT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9869,7 +9811,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_VMSTAT="$ac_dir/$ac_word" - echo "$as_me:9872: found $ac_dir/$ac_word" >&5 + echo "$as_me:9814: found $ac_dir/$ac_word" >&5 break fi done @@ -9880,10 +9822,10 @@ PROG_VMSTAT=$ac_cv_path_PROG_VMSTAT if test -n "$PROG_VMSTAT"; then - echo "$as_me:9883: result: $PROG_VMSTAT" >&5 + echo "$as_me:9825: result: $PROG_VMSTAT" >&5 echo "${ECHO_T}$PROG_VMSTAT" >&6 else - echo "$as_me:9886: result: no" >&5 + echo "$as_me:9828: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9893,7 +9835,7 @@ # Extract the first word of "uptime", so it can be a program name with args. set dummy uptime; ac_word=$2 -echo "$as_me:9896: checking for $ac_word" >&5 +echo "$as_me:9838: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_UPTIME+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9910,7 +9852,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_UPTIME="$ac_dir/$ac_word" - echo "$as_me:9913: found $ac_dir/$ac_word" >&5 + echo "$as_me:9855: found $ac_dir/$ac_word" >&5 break fi done @@ -9921,10 +9863,10 @@ PROG_UPTIME=$ac_cv_path_PROG_UPTIME if test -n "$PROG_UPTIME"; then - echo "$as_me:9924: result: $PROG_UPTIME" >&5 + echo "$as_me:9866: result: $PROG_UPTIME" >&5 echo "${ECHO_T}$PROG_UPTIME" >&6 else - echo "$as_me:9927: result: no" >&5 + echo "$as_me:9869: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9934,7 +9876,7 @@ # Extract the first word of "ipcs", so it can be a program name with args. set dummy ipcs; ac_word=$2 -echo "$as_me:9937: checking for $ac_word" >&5 +echo "$as_me:9879: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_IPCS+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9951,7 +9893,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_IPCS="$ac_dir/$ac_word" - echo "$as_me:9954: found $ac_dir/$ac_word" >&5 + echo "$as_me:9896: found $ac_dir/$ac_word" >&5 break fi done @@ -9962,10 +9904,10 @@ PROG_IPCS=$ac_cv_path_PROG_IPCS if test -n "$PROG_IPCS"; then - echo "$as_me:9965: result: $PROG_IPCS" >&5 + echo "$as_me:9907: result: $PROG_IPCS" >&5 echo "${ECHO_T}$PROG_IPCS" >&6 else - echo "$as_me:9968: result: no" >&5 + echo "$as_me:9910: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9975,7 +9917,7 @@ # Extract the first word of "tail", so it can be a program name with args. set dummy tail; ac_word=$2 -echo "$as_me:9978: checking for $ac_word" >&5 +echo "$as_me:9920: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_TAIL+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9992,7 +9934,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_TAIL="$ac_dir/$ac_word" - echo "$as_me:9995: found $ac_dir/$ac_word" >&5 + echo "$as_me:9937: found $ac_dir/$ac_word" >&5 break fi done @@ -10003,10 +9945,10 @@ PROG_TAIL=$ac_cv_path_PROG_TAIL if test -n "$PROG_TAIL"; then - echo "$as_me:10006: result: $PROG_TAIL" >&5 + echo "$as_me:9948: result: $PROG_TAIL" >&5 echo "${ECHO_T}$PROG_TAIL" >&6 else - echo "$as_me:10009: result: no" >&5 + echo "$as_me:9951: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10037,13 +9979,13 @@ fi # Checks for data types -echo "$as_me:10040: checking for char" >&5 +echo "$as_me:9982: checking for char" >&5 echo $ECHO_N "checking for char... $ECHO_C" >&6 if test "${ac_cv_type_char+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 10046 "configure" +#line 9988 "configure" #include "confdefs.h" $ac_includes_default int @@ -10058,16 +10000,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10061: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10003: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10064: \$? = $ac_status" >&5 + echo "$as_me:10006: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10067: \"$ac_try\"") >&5 + { (eval echo "$as_me:10009: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10070: \$? = $ac_status" >&5 + echo "$as_me:10012: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_char=yes else @@ -10077,10 +10019,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:10080: result: $ac_cv_type_char" >&5 +echo "$as_me:10022: result: $ac_cv_type_char" >&5 echo "${ECHO_T}$ac_cv_type_char" >&6 -echo "$as_me:10083: checking size of char" >&5 +echo "$as_me:10025: checking size of char" >&5 echo $ECHO_N "checking size of char... $ECHO_C" >&6 if test "${ac_cv_sizeof_char+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10089,7 +10031,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 10092 "configure" +#line 10034 "configure" #include "confdefs.h" $ac_includes_default int @@ -10101,21 +10043,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10104: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10046: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10107: \$? = $ac_status" >&5 + echo "$as_me:10049: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10110: \"$ac_try\"") >&5 + { (eval echo "$as_me:10052: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10113: \$? = $ac_status" >&5 + echo "$as_me:10055: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10118 "configure" +#line 10060 "configure" #include "confdefs.h" $ac_includes_default int @@ -10127,16 +10069,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10130: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10072: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10133: \$? = $ac_status" >&5 + echo "$as_me:10075: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10136: \"$ac_try\"") >&5 + { (eval echo "$as_me:10078: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10139: \$? = $ac_status" >&5 + echo "$as_me:10081: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -10152,7 +10094,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10155 "configure" +#line 10097 "configure" #include "confdefs.h" $ac_includes_default int @@ -10164,16 +10106,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10167: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10109: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10170: \$? = $ac_status" >&5 + echo "$as_me:10112: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10173: \"$ac_try\"") >&5 + { (eval echo "$as_me:10115: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10176: \$? = $ac_status" >&5 + echo "$as_me:10118: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -10189,7 +10131,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 10192 "configure" +#line 10134 "configure" #include "confdefs.h" $ac_includes_default int @@ -10201,16 +10143,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10204: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10146: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10207: \$? = $ac_status" >&5 + echo "$as_me:10149: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10210: \"$ac_try\"") >&5 + { (eval echo "$as_me:10152: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10213: \$? = $ac_status" >&5 + echo "$as_me:10155: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -10223,12 +10165,12 @@ ac_cv_sizeof_char=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:10226: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:10168: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 10231 "configure" +#line 10173 "configure" #include "confdefs.h" $ac_includes_default int @@ -10244,15 +10186,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:10247: \"$ac_link\"") >&5 +if { (eval echo "$as_me:10189: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:10250: \$? = $ac_status" >&5 + echo "$as_me:10192: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:10252: \"$ac_try\"") >&5 + { (eval echo "$as_me:10194: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10255: \$? = $ac_status" >&5 + echo "$as_me:10197: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_char=`cat conftest.val` else @@ -10268,19 +10210,19 @@ ac_cv_sizeof_char=0 fi fi -echo "$as_me:10271: result: $ac_cv_sizeof_char" >&5 +echo "$as_me:10213: result: $ac_cv_sizeof_char" >&5 echo "${ECHO_T}$ac_cv_sizeof_char" >&6 cat >>confdefs.h <&5 +echo "$as_me:10219: checking for short int" >&5 echo $ECHO_N "checking for short int... $ECHO_C" >&6 if test "${ac_cv_type_short_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 10283 "configure" +#line 10225 "configure" #include "confdefs.h" $ac_includes_default int @@ -10295,16 +10237,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10298: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10240: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10301: \$? = $ac_status" >&5 + echo "$as_me:10243: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10304: \"$ac_try\"") >&5 + { (eval echo "$as_me:10246: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10307: \$? = $ac_status" >&5 + echo "$as_me:10249: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_short_int=yes else @@ -10314,10 +10256,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:10317: result: $ac_cv_type_short_int" >&5 +echo "$as_me:10259: result: $ac_cv_type_short_int" >&5 echo "${ECHO_T}$ac_cv_type_short_int" >&6 -echo "$as_me:10320: checking size of short int" >&5 +echo "$as_me:10262: checking size of short int" >&5 echo $ECHO_N "checking size of short int... $ECHO_C" >&6 if test "${ac_cv_sizeof_short_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10326,7 +10268,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 10329 "configure" +#line 10271 "configure" #include "confdefs.h" $ac_includes_default int @@ -10338,21 +10280,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10341: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10283: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10344: \$? = $ac_status" >&5 + echo "$as_me:10286: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10347: \"$ac_try\"") >&5 + { (eval echo "$as_me:10289: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10350: \$? = $ac_status" >&5 + echo "$as_me:10292: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10355 "configure" +#line 10297 "configure" #include "confdefs.h" $ac_includes_default int @@ -10364,16 +10306,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10367: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10309: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10370: \$? = $ac_status" >&5 + echo "$as_me:10312: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10373: \"$ac_try\"") >&5 + { (eval echo "$as_me:10315: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10376: \$? = $ac_status" >&5 + echo "$as_me:10318: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -10389,7 +10331,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10392 "configure" +#line 10334 "configure" #include "confdefs.h" $ac_includes_default int @@ -10401,16 +10343,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10404: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10346: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10407: \$? = $ac_status" >&5 + echo "$as_me:10349: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10410: \"$ac_try\"") >&5 + { (eval echo "$as_me:10352: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10413: \$? = $ac_status" >&5 + echo "$as_me:10355: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -10426,7 +10368,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 10429 "configure" +#line 10371 "configure" #include "confdefs.h" $ac_includes_default int @@ -10438,16 +10380,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10441: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10383: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10444: \$? = $ac_status" >&5 + echo "$as_me:10386: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10447: \"$ac_try\"") >&5 + { (eval echo "$as_me:10389: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10450: \$? = $ac_status" >&5 + echo "$as_me:10392: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -10460,12 +10402,12 @@ ac_cv_sizeof_short_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:10463: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:10405: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 10468 "configure" +#line 10410 "configure" #include "confdefs.h" $ac_includes_default int @@ -10481,15 +10423,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:10484: \"$ac_link\"") >&5 +if { (eval echo "$as_me:10426: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:10487: \$? = $ac_status" >&5 + echo "$as_me:10429: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:10489: \"$ac_try\"") >&5 + { (eval echo "$as_me:10431: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10492: \$? = $ac_status" >&5 + echo "$as_me:10434: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_short_int=`cat conftest.val` else @@ -10505,19 +10447,19 @@ ac_cv_sizeof_short_int=0 fi fi -echo "$as_me:10508: result: $ac_cv_sizeof_short_int" >&5 +echo "$as_me:10450: result: $ac_cv_sizeof_short_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_short_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:10456: checking for int" >&5 echo $ECHO_N "checking for int... $ECHO_C" >&6 if test "${ac_cv_type_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 10520 "configure" +#line 10462 "configure" #include "confdefs.h" $ac_includes_default int @@ -10532,16 +10474,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10535: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10477: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10538: \$? = $ac_status" >&5 + echo "$as_me:10480: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10541: \"$ac_try\"") >&5 + { (eval echo "$as_me:10483: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10544: \$? = $ac_status" >&5 + echo "$as_me:10486: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_int=yes else @@ -10551,10 +10493,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:10554: result: $ac_cv_type_int" >&5 +echo "$as_me:10496: result: $ac_cv_type_int" >&5 echo "${ECHO_T}$ac_cv_type_int" >&6 -echo "$as_me:10557: checking size of int" >&5 +echo "$as_me:10499: checking size of int" >&5 echo $ECHO_N "checking size of int... $ECHO_C" >&6 if test "${ac_cv_sizeof_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10563,7 +10505,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 10566 "configure" +#line 10508 "configure" #include "confdefs.h" $ac_includes_default int @@ -10575,21 +10517,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10578: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10520: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10581: \$? = $ac_status" >&5 + echo "$as_me:10523: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10584: \"$ac_try\"") >&5 + { (eval echo "$as_me:10526: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10587: \$? = $ac_status" >&5 + echo "$as_me:10529: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10592 "configure" +#line 10534 "configure" #include "confdefs.h" $ac_includes_default int @@ -10601,16 +10543,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10604: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10546: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10607: \$? = $ac_status" >&5 + echo "$as_me:10549: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10610: \"$ac_try\"") >&5 + { (eval echo "$as_me:10552: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10613: \$? = $ac_status" >&5 + echo "$as_me:10555: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -10626,7 +10568,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10629 "configure" +#line 10571 "configure" #include "confdefs.h" $ac_includes_default int @@ -10638,16 +10580,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10641: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10583: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10644: \$? = $ac_status" >&5 + echo "$as_me:10586: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10647: \"$ac_try\"") >&5 + { (eval echo "$as_me:10589: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10650: \$? = $ac_status" >&5 + echo "$as_me:10592: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -10663,7 +10605,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 10666 "configure" +#line 10608 "configure" #include "confdefs.h" $ac_includes_default int @@ -10675,16 +10617,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10678: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10620: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10681: \$? = $ac_status" >&5 + echo "$as_me:10623: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10684: \"$ac_try\"") >&5 + { (eval echo "$as_me:10626: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10687: \$? = $ac_status" >&5 + echo "$as_me:10629: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -10697,12 +10639,12 @@ ac_cv_sizeof_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:10700: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:10642: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 10705 "configure" +#line 10647 "configure" #include "confdefs.h" $ac_includes_default int @@ -10718,15 +10660,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:10721: \"$ac_link\"") >&5 +if { (eval echo "$as_me:10663: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:10724: \$? = $ac_status" >&5 + echo "$as_me:10666: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:10726: \"$ac_try\"") >&5 + { (eval echo "$as_me:10668: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10729: \$? = $ac_status" >&5 + echo "$as_me:10671: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_int=`cat conftest.val` else @@ -10742,19 +10684,19 @@ ac_cv_sizeof_int=0 fi fi -echo "$as_me:10745: result: $ac_cv_sizeof_int" >&5 +echo "$as_me:10687: result: $ac_cv_sizeof_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:10693: checking for long int" >&5 echo $ECHO_N "checking for long int... $ECHO_C" >&6 if test "${ac_cv_type_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 10757 "configure" +#line 10699 "configure" #include "confdefs.h" $ac_includes_default int @@ -10769,16 +10711,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10772: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10714: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10775: \$? = $ac_status" >&5 + echo "$as_me:10717: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10778: \"$ac_try\"") >&5 + { (eval echo "$as_me:10720: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10781: \$? = $ac_status" >&5 + echo "$as_me:10723: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_long_int=yes else @@ -10788,10 +10730,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:10791: result: $ac_cv_type_long_int" >&5 +echo "$as_me:10733: result: $ac_cv_type_long_int" >&5 echo "${ECHO_T}$ac_cv_type_long_int" >&6 -echo "$as_me:10794: checking size of long int" >&5 +echo "$as_me:10736: checking size of long int" >&5 echo $ECHO_N "checking size of long int... $ECHO_C" >&6 if test "${ac_cv_sizeof_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10800,7 +10742,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 10803 "configure" +#line 10745 "configure" #include "confdefs.h" $ac_includes_default int @@ -10812,21 +10754,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10815: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10757: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10818: \$? = $ac_status" >&5 + echo "$as_me:10760: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10821: \"$ac_try\"") >&5 + { (eval echo "$as_me:10763: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10824: \$? = $ac_status" >&5 + echo "$as_me:10766: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10829 "configure" +#line 10771 "configure" #include "confdefs.h" $ac_includes_default int @@ -10838,16 +10780,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10841: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10783: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10844: \$? = $ac_status" >&5 + echo "$as_me:10786: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10847: \"$ac_try\"") >&5 + { (eval echo "$as_me:10789: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10850: \$? = $ac_status" >&5 + echo "$as_me:10792: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -10863,7 +10805,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10866 "configure" +#line 10808 "configure" #include "confdefs.h" $ac_includes_default int @@ -10875,16 +10817,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10878: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10820: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10881: \$? = $ac_status" >&5 + echo "$as_me:10823: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10884: \"$ac_try\"") >&5 + { (eval echo "$as_me:10826: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10887: \$? = $ac_status" >&5 + echo "$as_me:10829: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -10900,7 +10842,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 10903 "configure" +#line 10845 "configure" #include "confdefs.h" $ac_includes_default int @@ -10912,16 +10854,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10915: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10857: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10918: \$? = $ac_status" >&5 + echo "$as_me:10860: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10921: \"$ac_try\"") >&5 + { (eval echo "$as_me:10863: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10924: \$? = $ac_status" >&5 + echo "$as_me:10866: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -10934,12 +10876,12 @@ ac_cv_sizeof_long_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:10937: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:10879: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 10942 "configure" +#line 10884 "configure" #include "confdefs.h" $ac_includes_default int @@ -10955,15 +10897,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:10958: \"$ac_link\"") >&5 +if { (eval echo "$as_me:10900: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:10961: \$? = $ac_status" >&5 + echo "$as_me:10903: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:10963: \"$ac_try\"") >&5 + { (eval echo "$as_me:10905: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10966: \$? = $ac_status" >&5 + echo "$as_me:10908: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_long_int=`cat conftest.val` else @@ -10979,19 +10921,19 @@ ac_cv_sizeof_long_int=0 fi fi -echo "$as_me:10982: result: $ac_cv_sizeof_long_int" >&5 +echo "$as_me:10924: result: $ac_cv_sizeof_long_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_long_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:10930: checking for long long int" >&5 echo $ECHO_N "checking for long long int... $ECHO_C" >&6 if test "${ac_cv_type_long_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 10994 "configure" +#line 10936 "configure" #include "confdefs.h" $ac_includes_default int @@ -11006,16 +10948,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11009: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10951: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11012: \$? = $ac_status" >&5 + echo "$as_me:10954: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11015: \"$ac_try\"") >&5 + { (eval echo "$as_me:10957: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11018: \$? = $ac_status" >&5 + echo "$as_me:10960: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_long_long_int=yes else @@ -11025,10 +10967,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11028: result: $ac_cv_type_long_long_int" >&5 +echo "$as_me:10970: result: $ac_cv_type_long_long_int" >&5 echo "${ECHO_T}$ac_cv_type_long_long_int" >&6 -echo "$as_me:11031: checking size of long long int" >&5 +echo "$as_me:10973: checking size of long long int" >&5 echo $ECHO_N "checking size of long long int... $ECHO_C" >&6 if test "${ac_cv_sizeof_long_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -11037,7 +10979,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 11040 "configure" +#line 10982 "configure" #include "confdefs.h" $ac_includes_default int @@ -11049,21 +10991,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11052: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10994: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11055: \$? = $ac_status" >&5 + echo "$as_me:10997: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11058: \"$ac_try\"") >&5 + { (eval echo "$as_me:11000: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11061: \$? = $ac_status" >&5 + echo "$as_me:11003: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11066 "configure" +#line 11008 "configure" #include "confdefs.h" $ac_includes_default int @@ -11075,16 +11017,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11078: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11020: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11081: \$? = $ac_status" >&5 + echo "$as_me:11023: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11084: \"$ac_try\"") >&5 + { (eval echo "$as_me:11026: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11087: \$? = $ac_status" >&5 + echo "$as_me:11029: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -11100,7 +11042,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11103 "configure" +#line 11045 "configure" #include "confdefs.h" $ac_includes_default int @@ -11112,16 +11054,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11115: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11057: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11118: \$? = $ac_status" >&5 + echo "$as_me:11060: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11121: \"$ac_try\"") >&5 + { (eval echo "$as_me:11063: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11124: \$? = $ac_status" >&5 + echo "$as_me:11066: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -11137,7 +11079,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 11140 "configure" +#line 11082 "configure" #include "confdefs.h" $ac_includes_default int @@ -11149,16 +11091,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11152: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11094: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11155: \$? = $ac_status" >&5 + echo "$as_me:11097: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11158: \"$ac_try\"") >&5 + { (eval echo "$as_me:11100: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11161: \$? = $ac_status" >&5 + echo "$as_me:11103: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -11171,12 +11113,12 @@ ac_cv_sizeof_long_long_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:11174: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:11116: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 11179 "configure" +#line 11121 "configure" #include "confdefs.h" $ac_includes_default int @@ -11192,15 +11134,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:11195: \"$ac_link\"") >&5 +if { (eval echo "$as_me:11137: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:11198: \$? = $ac_status" >&5 + echo "$as_me:11140: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:11200: \"$ac_try\"") >&5 + { (eval echo "$as_me:11142: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11203: \$? = $ac_status" >&5 + echo "$as_me:11145: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_long_long_int=`cat conftest.val` else @@ -11216,7 +11158,7 @@ ac_cv_sizeof_long_long_int=0 fi fi -echo "$as_me:11219: result: $ac_cv_sizeof_long_long_int" >&5 +echo "$as_me:11161: result: $ac_cv_sizeof_long_long_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_long_long_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:11173: checking for u_int type" >&5 echo $ECHO_N "checking for u_int type... $ECHO_C" >&6 if test "${ac_cv_have_u_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11238 "configure" +#line 11180 "configure" #include "confdefs.h" #include int @@ -11247,16 +11189,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11250: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11192: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11253: \$? = $ac_status" >&5 + echo "$as_me:11195: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11256: \"$ac_try\"") >&5 + { (eval echo "$as_me:11198: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11259: \$? = $ac_status" >&5 + echo "$as_me:11201: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_int="yes" else @@ -11268,7 +11210,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11271: result: $ac_cv_have_u_int" >&5 +echo "$as_me:11213: result: $ac_cv_have_u_int" >&5 echo "${ECHO_T}$ac_cv_have_u_int" >&6 if test "x$ac_cv_have_u_int" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11278,14 +11220,14 @@ have_u_int=1 fi -echo "$as_me:11281: checking for intXX_t types" >&5 +echo "$as_me:11223: checking for intXX_t types" >&5 echo $ECHO_N "checking for intXX_t types... $ECHO_C" >&6 if test "${ac_cv_have_intxx_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11288 "configure" +#line 11230 "configure" #include "confdefs.h" #include int @@ -11297,16 +11239,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11300: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11242: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11303: \$? = $ac_status" >&5 + echo "$as_me:11245: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11306: \"$ac_try\"") >&5 + { (eval echo "$as_me:11248: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11309: \$? = $ac_status" >&5 + echo "$as_me:11251: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_intxx_t="yes" else @@ -11318,7 +11260,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11321: result: $ac_cv_have_intxx_t" >&5 +echo "$as_me:11263: result: $ac_cv_have_intxx_t" >&5 echo "${ECHO_T}$ac_cv_have_intxx_t" >&6 if test "x$ac_cv_have_intxx_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11331,10 +11273,10 @@ if (test -z "$have_intxx_t" && \ test "x$ac_cv_header_stdint_h" = "xyes") then - echo "$as_me:11334: checking for intXX_t types in stdint.h" >&5 + echo "$as_me:11276: checking for intXX_t types in stdint.h" >&5 echo $ECHO_N "checking for intXX_t types in stdint.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 11337 "configure" +#line 11279 "configure" #include "confdefs.h" #include int @@ -11346,43 +11288,43 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11349: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11291: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11352: \$? = $ac_status" >&5 + echo "$as_me:11294: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11355: \"$ac_try\"") >&5 + { (eval echo "$as_me:11297: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11358: \$? = $ac_status" >&5 + echo "$as_me:11300: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_INTXX_T 1 EOF - echo "$as_me:11365: result: yes" >&5 + echo "$as_me:11307: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:11371: result: no" >&5 + echo "$as_me:11313: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11378: checking for int64_t type" >&5 +echo "$as_me:11320: checking for int64_t type" >&5 echo $ECHO_N "checking for int64_t type... $ECHO_C" >&6 if test "${ac_cv_have_int64_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11385 "configure" +#line 11327 "configure" #include "confdefs.h" #include @@ -11403,16 +11345,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11406: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11348: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11409: \$? = $ac_status" >&5 + echo "$as_me:11351: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11412: \"$ac_try\"") >&5 + { (eval echo "$as_me:11354: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11415: \$? = $ac_status" >&5 + echo "$as_me:11357: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_int64_t="yes" else @@ -11424,7 +11366,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11427: result: $ac_cv_have_int64_t" >&5 +echo "$as_me:11369: result: $ac_cv_have_int64_t" >&5 echo "${ECHO_T}$ac_cv_have_int64_t" >&6 if test "x$ac_cv_have_int64_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11433,14 +11375,14 @@ fi -echo "$as_me:11436: checking for u_intXX_t types" >&5 +echo "$as_me:11378: checking for u_intXX_t types" >&5 echo $ECHO_N "checking for u_intXX_t types... $ECHO_C" >&6 if test "${ac_cv_have_u_intxx_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11443 "configure" +#line 11385 "configure" #include "confdefs.h" #include int @@ -11452,16 +11394,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11455: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11397: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11458: \$? = $ac_status" >&5 + echo "$as_me:11400: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11461: \"$ac_try\"") >&5 + { (eval echo "$as_me:11403: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11464: \$? = $ac_status" >&5 + echo "$as_me:11406: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_intxx_t="yes" else @@ -11473,7 +11415,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11476: result: $ac_cv_have_u_intxx_t" >&5 +echo "$as_me:11418: result: $ac_cv_have_u_intxx_t" >&5 echo "${ECHO_T}$ac_cv_have_u_intxx_t" >&6 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11484,10 +11426,10 @@ fi if test -z "$have_u_intxx_t" ; then - echo "$as_me:11487: checking for u_intXX_t types in sys/socket.h" >&5 + echo "$as_me:11429: checking for u_intXX_t types in sys/socket.h" >&5 echo $ECHO_N "checking for u_intXX_t types in sys/socket.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 11490 "configure" +#line 11432 "configure" #include "confdefs.h" #include int @@ -11499,43 +11441,43 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11502: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11444: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11505: \$? = $ac_status" >&5 + echo "$as_me:11447: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11508: \"$ac_try\"") >&5 + { (eval echo "$as_me:11450: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11511: \$? = $ac_status" >&5 + echo "$as_me:11453: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_U_INTXX_T 1 EOF - echo "$as_me:11518: result: yes" >&5 + echo "$as_me:11460: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:11524: result: no" >&5 + echo "$as_me:11466: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11531: checking for u_int64_t types" >&5 +echo "$as_me:11473: checking for u_int64_t types" >&5 echo $ECHO_N "checking for u_int64_t types... $ECHO_C" >&6 if test "${ac_cv_have_u_int64_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11538 "configure" +#line 11480 "configure" #include "confdefs.h" #include int @@ -11547,16 +11489,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11550: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11492: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11553: \$? = $ac_status" >&5 + echo "$as_me:11495: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11556: \"$ac_try\"") >&5 + { (eval echo "$as_me:11498: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11559: \$? = $ac_status" >&5 + echo "$as_me:11501: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_int64_t="yes" else @@ -11568,7 +11510,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11571: result: $ac_cv_have_u_int64_t" >&5 +echo "$as_me:11513: result: $ac_cv_have_u_int64_t" >&5 echo "${ECHO_T}$ac_cv_have_u_int64_t" >&6 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11579,10 +11521,10 @@ fi if test -z "$have_u_int64_t" ; then - echo "$as_me:11582: checking for u_int64_t type in sys/bitypes.h" >&5 + echo "$as_me:11524: checking for u_int64_t type in sys/bitypes.h" >&5 echo $ECHO_N "checking for u_int64_t type in sys/bitypes.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 11585 "configure" +#line 11527 "configure" #include "confdefs.h" #include int @@ -11594,29 +11536,29 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11597: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11539: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11600: \$? = $ac_status" >&5 + echo "$as_me:11542: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11603: \"$ac_try\"") >&5 + { (eval echo "$as_me:11545: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11606: \$? = $ac_status" >&5 + echo "$as_me:11548: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_U_INT64_T 1 EOF - echo "$as_me:11613: result: yes" >&5 + echo "$as_me:11555: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:11619: result: no" >&5 + echo "$as_me:11561: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -11624,14 +11566,14 @@ fi if test -z "$have_u_intxx_t" ; then - echo "$as_me:11627: checking for uintXX_t types" >&5 + echo "$as_me:11569: checking for uintXX_t types" >&5 echo $ECHO_N "checking for uintXX_t types... $ECHO_C" >&6 if test "${ac_cv_have_uintxx_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11634 "configure" +#line 11576 "configure" #include "confdefs.h" #include @@ -11645,16 +11587,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11648: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11590: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11651: \$? = $ac_status" >&5 + echo "$as_me:11593: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11654: \"$ac_try\"") >&5 + { (eval echo "$as_me:11596: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11657: \$? = $ac_status" >&5 + echo "$as_me:11599: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_uintxx_t="yes" else @@ -11666,7 +11608,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11669: result: $ac_cv_have_uintxx_t" >&5 +echo "$as_me:11611: result: $ac_cv_have_uintxx_t" >&5 echo "${ECHO_T}$ac_cv_have_uintxx_t" >&6 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11677,10 +11619,10 @@ fi if test -z "$have_uintxx_t" ; then - echo "$as_me:11680: checking for uintXX_t types in stdint.h" >&5 + echo "$as_me:11622: checking for uintXX_t types in stdint.h" >&5 echo $ECHO_N "checking for uintXX_t types in stdint.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 11683 "configure" +#line 11625 "configure" #include "confdefs.h" #include int @@ -11692,29 +11634,29 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11695: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11637: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11698: \$? = $ac_status" >&5 + echo "$as_me:11640: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11701: \"$ac_try\"") >&5 + { (eval echo "$as_me:11643: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11704: \$? = $ac_status" >&5 + echo "$as_me:11646: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_UINTXX_T 1 EOF - echo "$as_me:11711: result: yes" >&5 + echo "$as_me:11653: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:11717: result: no" >&5 + echo "$as_me:11659: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -11724,10 +11666,10 @@ if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ test "x$ac_cv_header_sys_bitypes_h" = "xyes") then - echo "$as_me:11727: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 + echo "$as_me:11669: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 echo $ECHO_N "checking for intXX_t and u_intXX_t types in sys/bitypes.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 11730 "configure" +#line 11672 "configure" #include "confdefs.h" #include @@ -11745,16 +11687,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11748: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11690: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11751: \$? = $ac_status" >&5 + echo "$as_me:11693: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11754: \"$ac_try\"") >&5 + { (eval echo "$as_me:11696: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11757: \$? = $ac_status" >&5 + echo "$as_me:11699: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF @@ -11765,27 +11707,27 @@ #define HAVE_INTXX_T 1 EOF - echo "$as_me:11768: result: yes" >&5 + echo "$as_me:11710: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 -echo "$as_me:11774: result: no" >&5 +echo "$as_me:11716: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11781: checking for u_char" >&5 +echo "$as_me:11723: checking for u_char" >&5 echo $ECHO_N "checking for u_char... $ECHO_C" >&6 if test "${ac_cv_have_u_char+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11788 "configure" +#line 11730 "configure" #include "confdefs.h" #include @@ -11799,16 +11741,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11802: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11744: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11805: \$? = $ac_status" >&5 + echo "$as_me:11747: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11808: \"$ac_try\"") >&5 + { (eval echo "$as_me:11750: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11811: \$? = $ac_status" >&5 + echo "$as_me:11753: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_char="yes" else @@ -11820,7 +11762,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11823: result: $ac_cv_have_u_char" >&5 +echo "$as_me:11765: result: $ac_cv_have_u_char" >&5 echo "${ECHO_T}$ac_cv_have_u_char" >&6 if test "x$ac_cv_have_u_char" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11829,13 +11771,13 @@ fi - echo "$as_me:11832: checking for socklen_t" >&5 + echo "$as_me:11774: checking for socklen_t" >&5 echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6 if test "${ac_cv_type_socklen_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11838 "configure" +#line 11780 "configure" #include "confdefs.h" #include #include @@ -11852,16 +11794,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11855: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11797: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11858: \$? = $ac_status" >&5 + echo "$as_me:11800: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11861: \"$ac_try\"") >&5 + { (eval echo "$as_me:11803: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11864: \$? = $ac_status" >&5 + echo "$as_me:11806: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_socklen_t=yes else @@ -11871,13 +11813,13 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11874: result: $ac_cv_type_socklen_t" >&5 +echo "$as_me:11816: result: $ac_cv_type_socklen_t" >&5 echo "${ECHO_T}$ac_cv_type_socklen_t" >&6 if test $ac_cv_type_socklen_t = yes; then : else - echo "$as_me:11880: checking for socklen_t equivalent" >&5 + echo "$as_me:11822: checking for socklen_t equivalent" >&5 echo $ECHO_N "checking for socklen_t equivalent... $ECHO_C" >&6 if test "${curl_cv_socklen_t_equiv+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -11889,7 +11831,7 @@ for arg2 in "struct sockaddr" void; do for t in int size_t unsigned long "unsigned long"; do cat >conftest.$ac_ext <<_ACEOF -#line 11892 "configure" +#line 11834 "configure" #include "confdefs.h" #include @@ -11909,16 +11851,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11912: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11854: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11915: \$? = $ac_status" >&5 + echo "$as_me:11857: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11918: \"$ac_try\"") >&5 + { (eval echo "$as_me:11860: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11921: \$? = $ac_status" >&5 + echo "$as_me:11863: \$? = $ac_status" >&5 (exit $ac_status); }; }; then curl_cv_socklen_t_equiv="$t" @@ -11933,14 +11875,14 @@ done if test "x$curl_cv_socklen_t_equiv" = x; then - { { echo "$as_me:11936: error: Cannot find a type to use in place of socklen_t" >&5 + { { echo "$as_me:11878: error: Cannot find a type to use in place of socklen_t" >&5 echo "$as_me: error: Cannot find a type to use in place of socklen_t" >&2;} { (exit 1); exit 1; }; } fi fi - echo "$as_me:11943: result: $curl_cv_socklen_t_equiv" >&5 + echo "$as_me:11885: result: $curl_cv_socklen_t_equiv" >&5 echo "${ECHO_T}$curl_cv_socklen_t_equiv" >&6 cat >>confdefs.h <&5 +echo "$as_me:11894: checking for sig_atomic_t" >&5 echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6 if test "${ac_cv_type_sig_atomic_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11958 "configure" +#line 11900 "configure" #include "confdefs.h" #include @@ -11971,16 +11913,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11974: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11916: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11977: \$? = $ac_status" >&5 + echo "$as_me:11919: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11980: \"$ac_try\"") >&5 + { (eval echo "$as_me:11922: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11983: \$? = $ac_status" >&5 + echo "$as_me:11925: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_sig_atomic_t=yes else @@ -11990,7 +11932,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11993: result: $ac_cv_type_sig_atomic_t" >&5 +echo "$as_me:11935: result: $ac_cv_type_sig_atomic_t" >&5 echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6 if test $ac_cv_type_sig_atomic_t = yes; then @@ -12000,14 +11942,14 @@ fi -echo "$as_me:12003: checking for size_t" >&5 +echo "$as_me:11945: checking for size_t" >&5 echo $ECHO_N "checking for size_t... $ECHO_C" >&6 if test "${ac_cv_have_size_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12010 "configure" +#line 11952 "configure" #include "confdefs.h" #include @@ -12021,16 +11963,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12024: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11966: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12027: \$? = $ac_status" >&5 + echo "$as_me:11969: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12030: \"$ac_try\"") >&5 + { (eval echo "$as_me:11972: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12033: \$? = $ac_status" >&5 + echo "$as_me:11975: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_size_t="yes" else @@ -12042,7 +11984,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12045: result: $ac_cv_have_size_t" >&5 +echo "$as_me:11987: result: $ac_cv_have_size_t" >&5 echo "${ECHO_T}$ac_cv_have_size_t" >&6 if test "x$ac_cv_have_size_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12051,14 +11993,14 @@ fi -echo "$as_me:12054: checking for ssize_t" >&5 +echo "$as_me:11996: checking for ssize_t" >&5 echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6 if test "${ac_cv_have_ssize_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12061 "configure" +#line 12003 "configure" #include "confdefs.h" #include @@ -12072,16 +12014,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12075: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12017: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12078: \$? = $ac_status" >&5 + echo "$as_me:12020: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12081: \"$ac_try\"") >&5 + { (eval echo "$as_me:12023: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12084: \$? = $ac_status" >&5 + echo "$as_me:12026: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_ssize_t="yes" else @@ -12093,7 +12035,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12096: result: $ac_cv_have_ssize_t" >&5 +echo "$as_me:12038: result: $ac_cv_have_ssize_t" >&5 echo "${ECHO_T}$ac_cv_have_ssize_t" >&6 if test "x$ac_cv_have_ssize_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12102,14 +12044,14 @@ fi -echo "$as_me:12105: checking for clock_t" >&5 +echo "$as_me:12047: checking for clock_t" >&5 echo $ECHO_N "checking for clock_t... $ECHO_C" >&6 if test "${ac_cv_have_clock_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12112 "configure" +#line 12054 "configure" #include "confdefs.h" #include @@ -12123,16 +12065,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12126: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12068: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12129: \$? = $ac_status" >&5 + echo "$as_me:12071: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12132: \"$ac_try\"") >&5 + { (eval echo "$as_me:12074: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12135: \$? = $ac_status" >&5 + echo "$as_me:12077: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_clock_t="yes" else @@ -12144,7 +12086,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12147: result: $ac_cv_have_clock_t" >&5 +echo "$as_me:12089: result: $ac_cv_have_clock_t" >&5 echo "${ECHO_T}$ac_cv_have_clock_t" >&6 if test "x$ac_cv_have_clock_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12153,14 +12095,14 @@ fi -echo "$as_me:12156: checking for sa_family_t" >&5 +echo "$as_me:12098: checking for sa_family_t" >&5 echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6 if test "${ac_cv_have_sa_family_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12163 "configure" +#line 12105 "configure" #include "confdefs.h" #include @@ -12175,23 +12117,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12178: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12120: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12181: \$? = $ac_status" >&5 + echo "$as_me:12123: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12184: \"$ac_try\"") >&5 + { (eval echo "$as_me:12126: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12187: \$? = $ac_status" >&5 + echo "$as_me:12129: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_sa_family_t="yes" else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 cat >conftest.$ac_ext <<_ACEOF -#line 12194 "configure" +#line 12136 "configure" #include "confdefs.h" #include @@ -12207,16 +12149,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12210: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12152: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12213: \$? = $ac_status" >&5 + echo "$as_me:12155: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12216: \"$ac_try\"") >&5 + { (eval echo "$as_me:12158: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12219: \$? = $ac_status" >&5 + echo "$as_me:12161: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_sa_family_t="yes" else @@ -12231,7 +12173,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12234: result: $ac_cv_have_sa_family_t" >&5 +echo "$as_me:12176: result: $ac_cv_have_sa_family_t" >&5 echo "${ECHO_T}$ac_cv_have_sa_family_t" >&6 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12240,14 +12182,14 @@ fi -echo "$as_me:12243: checking for pid_t" >&5 +echo "$as_me:12185: checking for pid_t" >&5 echo $ECHO_N "checking for pid_t... $ECHO_C" >&6 if test "${ac_cv_have_pid_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12250 "configure" +#line 12192 "configure" #include "confdefs.h" #include @@ -12261,16 +12203,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12264: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12206: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12267: \$? = $ac_status" >&5 + echo "$as_me:12209: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12270: \"$ac_try\"") >&5 + { (eval echo "$as_me:12212: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12273: \$? = $ac_status" >&5 + echo "$as_me:12215: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pid_t="yes" else @@ -12282,7 +12224,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12285: result: $ac_cv_have_pid_t" >&5 +echo "$as_me:12227: result: $ac_cv_have_pid_t" >&5 echo "${ECHO_T}$ac_cv_have_pid_t" >&6 if test "x$ac_cv_have_pid_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12291,14 +12233,14 @@ fi -echo "$as_me:12294: checking for mode_t" >&5 +echo "$as_me:12236: checking for mode_t" >&5 echo $ECHO_N "checking for mode_t... $ECHO_C" >&6 if test "${ac_cv_have_mode_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12301 "configure" +#line 12243 "configure" #include "confdefs.h" #include @@ -12312,16 +12254,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12315: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12257: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12318: \$? = $ac_status" >&5 + echo "$as_me:12260: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12321: \"$ac_try\"") >&5 + { (eval echo "$as_me:12263: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12324: \$? = $ac_status" >&5 + echo "$as_me:12266: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_mode_t="yes" else @@ -12333,7 +12275,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12336: result: $ac_cv_have_mode_t" >&5 +echo "$as_me:12278: result: $ac_cv_have_mode_t" >&5 echo "${ECHO_T}$ac_cv_have_mode_t" >&6 if test "x$ac_cv_have_mode_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12342,14 +12284,14 @@ fi -echo "$as_me:12345: checking for struct sockaddr_storage" >&5 +echo "$as_me:12287: checking for struct sockaddr_storage" >&5 echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6 if test "${ac_cv_have_struct_sockaddr_storage+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12352 "configure" +#line 12294 "configure" #include "confdefs.h" #include @@ -12364,16 +12306,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12367: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12309: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12370: \$? = $ac_status" >&5 + echo "$as_me:12312: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12373: \"$ac_try\"") >&5 + { (eval echo "$as_me:12315: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12376: \$? = $ac_status" >&5 + echo "$as_me:12318: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_sockaddr_storage="yes" else @@ -12385,7 +12327,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12388: result: $ac_cv_have_struct_sockaddr_storage" >&5 +echo "$as_me:12330: result: $ac_cv_have_struct_sockaddr_storage" >&5 echo "${ECHO_T}$ac_cv_have_struct_sockaddr_storage" >&6 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12394,14 +12336,14 @@ fi -echo "$as_me:12397: checking for struct sockaddr_in6" >&5 +echo "$as_me:12339: checking for struct sockaddr_in6" >&5 echo $ECHO_N "checking for struct sockaddr_in6... $ECHO_C" >&6 if test "${ac_cv_have_struct_sockaddr_in6+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12404 "configure" +#line 12346 "configure" #include "confdefs.h" #include @@ -12416,16 +12358,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12419: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12361: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12422: \$? = $ac_status" >&5 + echo "$as_me:12364: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12425: \"$ac_try\"") >&5 + { (eval echo "$as_me:12367: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12428: \$? = $ac_status" >&5 + echo "$as_me:12370: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_sockaddr_in6="yes" else @@ -12437,7 +12379,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12440: result: $ac_cv_have_struct_sockaddr_in6" >&5 +echo "$as_me:12382: result: $ac_cv_have_struct_sockaddr_in6" >&5 echo "${ECHO_T}$ac_cv_have_struct_sockaddr_in6" >&6 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12446,14 +12388,14 @@ fi -echo "$as_me:12449: checking for struct in6_addr" >&5 +echo "$as_me:12391: checking for struct in6_addr" >&5 echo $ECHO_N "checking for struct in6_addr... $ECHO_C" >&6 if test "${ac_cv_have_struct_in6_addr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12456 "configure" +#line 12398 "configure" #include "confdefs.h" #include @@ -12468,16 +12410,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12471: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12413: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12474: \$? = $ac_status" >&5 + echo "$as_me:12416: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12477: \"$ac_try\"") >&5 + { (eval echo "$as_me:12419: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12480: \$? = $ac_status" >&5 + echo "$as_me:12422: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_in6_addr="yes" else @@ -12489,7 +12431,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12492: result: $ac_cv_have_struct_in6_addr" >&5 +echo "$as_me:12434: result: $ac_cv_have_struct_in6_addr" >&5 echo "${ECHO_T}$ac_cv_have_struct_in6_addr" >&6 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12498,14 +12440,14 @@ fi -echo "$as_me:12501: checking for struct addrinfo" >&5 +echo "$as_me:12443: checking for struct addrinfo" >&5 echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6 if test "${ac_cv_have_struct_addrinfo+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12508 "configure" +#line 12450 "configure" #include "confdefs.h" #include @@ -12521,16 +12463,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12524: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12466: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12527: \$? = $ac_status" >&5 + echo "$as_me:12469: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12530: \"$ac_try\"") >&5 + { (eval echo "$as_me:12472: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12533: \$? = $ac_status" >&5 + echo "$as_me:12475: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_addrinfo="yes" else @@ -12542,7 +12484,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12545: result: $ac_cv_have_struct_addrinfo" >&5 +echo "$as_me:12487: result: $ac_cv_have_struct_addrinfo" >&5 echo "${ECHO_T}$ac_cv_have_struct_addrinfo" >&6 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12551,14 +12493,14 @@ fi -echo "$as_me:12554: checking for struct timeval" >&5 +echo "$as_me:12496: checking for struct timeval" >&5 echo $ECHO_N "checking for struct timeval... $ECHO_C" >&6 if test "${ac_cv_have_struct_timeval+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12561 "configure" +#line 12503 "configure" #include "confdefs.h" #include int @@ -12570,16 +12512,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12573: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12515: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12576: \$? = $ac_status" >&5 + echo "$as_me:12518: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12579: \"$ac_try\"") >&5 + { (eval echo "$as_me:12521: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12582: \$? = $ac_status" >&5 + echo "$as_me:12524: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_timeval="yes" else @@ -12591,7 +12533,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12594: result: $ac_cv_have_struct_timeval" >&5 +echo "$as_me:12536: result: $ac_cv_have_struct_timeval" >&5 echo "${ECHO_T}$ac_cv_have_struct_timeval" >&6 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12601,13 +12543,13 @@ have_struct_timeval=1 fi -echo "$as_me:12604: checking for struct timespec" >&5 +echo "$as_me:12546: checking for struct timespec" >&5 echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6 if test "${ac_cv_type_struct_timespec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12610 "configure" +#line 12552 "configure" #include "confdefs.h" $ac_includes_default int @@ -12622,16 +12564,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12625: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12567: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12628: \$? = $ac_status" >&5 + echo "$as_me:12570: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12631: \"$ac_try\"") >&5 + { (eval echo "$as_me:12573: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12634: \$? = $ac_status" >&5 + echo "$as_me:12576: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_struct_timespec=yes else @@ -12641,7 +12583,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12644: result: $ac_cv_type_struct_timespec" >&5 +echo "$as_me:12586: result: $ac_cv_type_struct_timespec" >&5 echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6 if test $ac_cv_type_struct_timespec = yes; then @@ -12661,12 +12603,12 @@ exit 1; else if test "$cross_compiling" = yes; then - { { echo "$as_me:12664: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:12606: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 12669 "configure" +#line 12611 "configure" #include "confdefs.h" #include @@ -12694,15 +12636,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:12697: \"$ac_link\"") >&5 +if { (eval echo "$as_me:12639: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:12700: \$? = $ac_status" >&5 + echo "$as_me:12642: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:12702: \"$ac_try\"") >&5 + { (eval echo "$as_me:12644: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12705: \$? = $ac_status" >&5 + echo "$as_me:12647: \$? = $ac_status" >&5 (exit $ac_status); }; }; then true else @@ -12721,14 +12663,14 @@ # look for field 'ut_host' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - echo "$as_me:12724: checking for ut_host field in utmp.h" >&5 + echo "$as_me:12666: checking for ut_host field in utmp.h" >&5 echo $ECHO_N "checking for ut_host field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12731 "configure" +#line 12673 "configure" #include "confdefs.h" #include @@ -12745,7 +12687,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:12748: result: $ossh_result" >&5 + echo "$as_me:12690: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -12754,21 +12696,21 @@ fi else - echo "$as_me:12757: result: no" >&5 + echo "$as_me:12699: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_host' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - echo "$as_me:12764: checking for ut_host field in utmpx.h" >&5 + echo "$as_me:12706: checking for ut_host field in utmpx.h" >&5 echo $ECHO_N "checking for ut_host field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12771 "configure" +#line 12713 "configure" #include "confdefs.h" #include @@ -12785,7 +12727,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:12788: result: $ossh_result" >&5 + echo "$as_me:12730: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -12794,21 +12736,21 @@ fi else - echo "$as_me:12797: result: no" >&5 + echo "$as_me:12739: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'syslen' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"syslen - echo "$as_me:12804: checking for syslen field in utmpx.h" >&5 + echo "$as_me:12746: checking for syslen field in utmpx.h" >&5 echo $ECHO_N "checking for syslen field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12811 "configure" +#line 12753 "configure" #include "confdefs.h" #include @@ -12825,7 +12767,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:12828: result: $ossh_result" >&5 + echo "$as_me:12770: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -12834,21 +12776,21 @@ fi else - echo "$as_me:12837: result: no" >&5 + echo "$as_me:12779: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_pid' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid - echo "$as_me:12844: checking for ut_pid field in utmp.h" >&5 + echo "$as_me:12786: checking for ut_pid field in utmp.h" >&5 echo $ECHO_N "checking for ut_pid field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12851 "configure" +#line 12793 "configure" #include "confdefs.h" #include @@ -12865,7 +12807,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:12868: result: $ossh_result" >&5 + echo "$as_me:12810: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -12874,21 +12816,21 @@ fi else - echo "$as_me:12877: result: no" >&5 + echo "$as_me:12819: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_type' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - echo "$as_me:12884: checking for ut_type field in utmp.h" >&5 + echo "$as_me:12826: checking for ut_type field in utmp.h" >&5 echo $ECHO_N "checking for ut_type field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12891 "configure" +#line 12833 "configure" #include "confdefs.h" #include @@ -12905,7 +12847,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:12908: result: $ossh_result" >&5 + echo "$as_me:12850: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -12914,21 +12856,21 @@ fi else - echo "$as_me:12917: result: no" >&5 + echo "$as_me:12859: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_type' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - echo "$as_me:12924: checking for ut_type field in utmpx.h" >&5 + echo "$as_me:12866: checking for ut_type field in utmpx.h" >&5 echo $ECHO_N "checking for ut_type field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12931 "configure" +#line 12873 "configure" #include "confdefs.h" #include @@ -12945,7 +12887,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:12948: result: $ossh_result" >&5 + echo "$as_me:12890: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -12954,21 +12896,21 @@ fi else - echo "$as_me:12957: result: no" >&5 + echo "$as_me:12899: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_tv' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - echo "$as_me:12964: checking for ut_tv field in utmp.h" >&5 + echo "$as_me:12906: checking for ut_tv field in utmp.h" >&5 echo $ECHO_N "checking for ut_tv field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12971 "configure" +#line 12913 "configure" #include "confdefs.h" #include @@ -12985,7 +12927,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:12988: result: $ossh_result" >&5 + echo "$as_me:12930: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -12994,21 +12936,21 @@ fi else - echo "$as_me:12997: result: no" >&5 + echo "$as_me:12939: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_id' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - echo "$as_me:13004: checking for ut_id field in utmp.h" >&5 + echo "$as_me:12946: checking for ut_id field in utmp.h" >&5 echo $ECHO_N "checking for ut_id field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13011 "configure" +#line 12953 "configure" #include "confdefs.h" #include @@ -13025,7 +12967,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13028: result: $ossh_result" >&5 + echo "$as_me:12970: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13034,21 +12976,21 @@ fi else - echo "$as_me:13037: result: no" >&5 + echo "$as_me:12979: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_id' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - echo "$as_me:13044: checking for ut_id field in utmpx.h" >&5 + echo "$as_me:12986: checking for ut_id field in utmpx.h" >&5 echo $ECHO_N "checking for ut_id field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13051 "configure" +#line 12993 "configure" #include "confdefs.h" #include @@ -13065,7 +13007,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13068: result: $ossh_result" >&5 + echo "$as_me:13010: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13074,21 +13016,21 @@ fi else - echo "$as_me:13077: result: no" >&5 + echo "$as_me:13019: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - echo "$as_me:13084: checking for ut_addr field in utmp.h" >&5 + echo "$as_me:13026: checking for ut_addr field in utmp.h" >&5 echo $ECHO_N "checking for ut_addr field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13091 "configure" +#line 13033 "configure" #include "confdefs.h" #include @@ -13105,7 +13047,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13108: result: $ossh_result" >&5 + echo "$as_me:13050: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13114,21 +13056,21 @@ fi else - echo "$as_me:13117: result: no" >&5 + echo "$as_me:13059: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - echo "$as_me:13124: checking for ut_addr field in utmpx.h" >&5 + echo "$as_me:13066: checking for ut_addr field in utmpx.h" >&5 echo $ECHO_N "checking for ut_addr field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13131 "configure" +#line 13073 "configure" #include "confdefs.h" #include @@ -13145,7 +13087,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13148: result: $ossh_result" >&5 + echo "$as_me:13090: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13154,21 +13096,21 @@ fi else - echo "$as_me:13157: result: no" >&5 + echo "$as_me:13099: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr_v6' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - echo "$as_me:13164: checking for ut_addr_v6 field in utmp.h" >&5 + echo "$as_me:13106: checking for ut_addr_v6 field in utmp.h" >&5 echo $ECHO_N "checking for ut_addr_v6 field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13171 "configure" +#line 13113 "configure" #include "confdefs.h" #include @@ -13185,7 +13127,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13188: result: $ossh_result" >&5 + echo "$as_me:13130: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13194,21 +13136,21 @@ fi else - echo "$as_me:13197: result: no" >&5 + echo "$as_me:13139: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr_v6' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - echo "$as_me:13204: checking for ut_addr_v6 field in utmpx.h" >&5 + echo "$as_me:13146: checking for ut_addr_v6 field in utmpx.h" >&5 echo $ECHO_N "checking for ut_addr_v6 field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13211 "configure" +#line 13153 "configure" #include "confdefs.h" #include @@ -13225,7 +13167,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13228: result: $ossh_result" >&5 + echo "$as_me:13170: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13234,21 +13176,21 @@ fi else - echo "$as_me:13237: result: no" >&5 + echo "$as_me:13179: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_exit' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit - echo "$as_me:13244: checking for ut_exit field in utmp.h" >&5 + echo "$as_me:13186: checking for ut_exit field in utmp.h" >&5 echo $ECHO_N "checking for ut_exit field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13251 "configure" +#line 13193 "configure" #include "confdefs.h" #include @@ -13265,7 +13207,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13268: result: $ossh_result" >&5 + echo "$as_me:13210: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13274,21 +13216,21 @@ fi else - echo "$as_me:13277: result: no" >&5 + echo "$as_me:13219: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_time' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - echo "$as_me:13284: checking for ut_time field in utmp.h" >&5 + echo "$as_me:13226: checking for ut_time field in utmp.h" >&5 echo $ECHO_N "checking for ut_time field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13291 "configure" +#line 13233 "configure" #include "confdefs.h" #include @@ -13305,7 +13247,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13308: result: $ossh_result" >&5 + echo "$as_me:13250: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13314,21 +13256,21 @@ fi else - echo "$as_me:13317: result: no" >&5 + echo "$as_me:13259: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_time' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - echo "$as_me:13324: checking for ut_time field in utmpx.h" >&5 + echo "$as_me:13266: checking for ut_time field in utmpx.h" >&5 echo $ECHO_N "checking for ut_time field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13331 "configure" +#line 13273 "configure" #include "confdefs.h" #include @@ -13345,7 +13287,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13348: result: $ossh_result" >&5 + echo "$as_me:13290: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13354,21 +13296,21 @@ fi else - echo "$as_me:13357: result: no" >&5 + echo "$as_me:13299: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_tv' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - echo "$as_me:13364: checking for ut_tv field in utmpx.h" >&5 + echo "$as_me:13306: checking for ut_tv field in utmpx.h" >&5 echo $ECHO_N "checking for ut_tv field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13371 "configure" +#line 13313 "configure" #include "confdefs.h" #include @@ -13385,7 +13327,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13388: result: $ossh_result" >&5 + echo "$as_me:13330: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13394,17 +13336,17 @@ fi else - echo "$as_me:13397: result: no" >&5 + echo "$as_me:13339: result: no" >&5 echo "${ECHO_T}no" >&6 fi -echo "$as_me:13401: checking for struct stat.st_blksize" >&5 +echo "$as_me:13343: checking for struct stat.st_blksize" >&5 echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6 if test "${ac_cv_member_struct_stat_st_blksize+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13407 "configure" +#line 13349 "configure" #include "confdefs.h" $ac_includes_default int @@ -13418,16 +13360,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13421: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13363: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13424: \$? = $ac_status" >&5 + echo "$as_me:13366: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13427: \"$ac_try\"") >&5 + { (eval echo "$as_me:13369: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13430: \$? = $ac_status" >&5 + echo "$as_me:13372: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_member_struct_stat_st_blksize=yes else @@ -13437,7 +13379,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13440: result: $ac_cv_member_struct_stat_st_blksize" >&5 +echo "$as_me:13382: result: $ac_cv_member_struct_stat_st_blksize" >&5 echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6 if test $ac_cv_member_struct_stat_st_blksize = yes; then @@ -13447,14 +13389,14 @@ fi -echo "$as_me:13450: checking for ss_family field in struct sockaddr_storage" >&5 +echo "$as_me:13392: checking for ss_family field in struct sockaddr_storage" >&5 echo $ECHO_N "checking for ss_family field in struct sockaddr_storage... $ECHO_C" >&6 if test "${ac_cv_have_ss_family_in_struct_ss+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13457 "configure" +#line 13399 "configure" #include "confdefs.h" #include @@ -13469,16 +13411,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13472: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13414: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13475: \$? = $ac_status" >&5 + echo "$as_me:13417: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13478: \"$ac_try\"") >&5 + { (eval echo "$as_me:13420: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13481: \$? = $ac_status" >&5 + echo "$as_me:13423: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_ss_family_in_struct_ss="yes" else @@ -13489,7 +13431,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13492: result: $ac_cv_have_ss_family_in_struct_ss" >&5 +echo "$as_me:13434: result: $ac_cv_have_ss_family_in_struct_ss" >&5 echo "${ECHO_T}$ac_cv_have_ss_family_in_struct_ss" >&6 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13498,14 +13440,14 @@ fi -echo "$as_me:13501: checking for __ss_family field in struct sockaddr_storage" >&5 +echo "$as_me:13443: checking for __ss_family field in struct sockaddr_storage" >&5 echo $ECHO_N "checking for __ss_family field in struct sockaddr_storage... $ECHO_C" >&6 if test "${ac_cv_have___ss_family_in_struct_ss+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13508 "configure" +#line 13450 "configure" #include "confdefs.h" #include @@ -13520,16 +13462,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13523: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13465: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13526: \$? = $ac_status" >&5 + echo "$as_me:13468: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13529: \"$ac_try\"") >&5 + { (eval echo "$as_me:13471: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13532: \$? = $ac_status" >&5 + echo "$as_me:13474: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have___ss_family_in_struct_ss="yes" else @@ -13541,7 +13483,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13544: result: $ac_cv_have___ss_family_in_struct_ss" >&5 +echo "$as_me:13486: result: $ac_cv_have___ss_family_in_struct_ss" >&5 echo "${ECHO_T}$ac_cv_have___ss_family_in_struct_ss" >&6 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13550,14 +13492,14 @@ fi -echo "$as_me:13553: checking for pw_class field in struct passwd" >&5 +echo "$as_me:13495: checking for pw_class field in struct passwd" >&5 echo $ECHO_N "checking for pw_class field in struct passwd... $ECHO_C" >&6 if test "${ac_cv_have_pw_class_in_struct_passwd+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13560 "configure" +#line 13502 "configure" #include "confdefs.h" #include @@ -13571,16 +13513,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13574: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13516: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13577: \$? = $ac_status" >&5 + echo "$as_me:13519: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13580: \"$ac_try\"") >&5 + { (eval echo "$as_me:13522: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13583: \$? = $ac_status" >&5 + echo "$as_me:13525: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pw_class_in_struct_passwd="yes" else @@ -13592,7 +13534,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13595: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 +echo "$as_me:13537: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 echo "${ECHO_T}$ac_cv_have_pw_class_in_struct_passwd" >&6 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13601,14 +13543,14 @@ fi -echo "$as_me:13604: checking for pw_expire field in struct passwd" >&5 +echo "$as_me:13546: checking for pw_expire field in struct passwd" >&5 echo $ECHO_N "checking for pw_expire field in struct passwd... $ECHO_C" >&6 if test "${ac_cv_have_pw_expire_in_struct_passwd+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13611 "configure" +#line 13553 "configure" #include "confdefs.h" #include @@ -13622,16 +13564,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13625: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13567: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13628: \$? = $ac_status" >&5 + echo "$as_me:13570: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13631: \"$ac_try\"") >&5 + { (eval echo "$as_me:13573: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13634: \$? = $ac_status" >&5 + echo "$as_me:13576: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pw_expire_in_struct_passwd="yes" else @@ -13643,7 +13585,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13646: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 +echo "$as_me:13588: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 echo "${ECHO_T}$ac_cv_have_pw_expire_in_struct_passwd" >&6 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13652,14 +13594,14 @@ fi -echo "$as_me:13655: checking for pw_change field in struct passwd" >&5 +echo "$as_me:13597: checking for pw_change field in struct passwd" >&5 echo $ECHO_N "checking for pw_change field in struct passwd... $ECHO_C" >&6 if test "${ac_cv_have_pw_change_in_struct_passwd+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13662 "configure" +#line 13604 "configure" #include "confdefs.h" #include @@ -13673,16 +13615,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13676: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13618: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13679: \$? = $ac_status" >&5 + echo "$as_me:13621: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13682: \"$ac_try\"") >&5 + { (eval echo "$as_me:13624: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13685: \$? = $ac_status" >&5 + echo "$as_me:13627: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pw_change_in_struct_passwd="yes" else @@ -13694,7 +13636,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13697: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 +echo "$as_me:13639: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 echo "${ECHO_T}$ac_cv_have_pw_change_in_struct_passwd" >&6 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13703,19 +13645,19 @@ fi -echo "$as_me:13706: checking for msg_accrights field in struct msghdr" >&5 +echo "$as_me:13648: checking for msg_accrights field in struct msghdr" >&5 echo $ECHO_N "checking for msg_accrights field in struct msghdr... $ECHO_C" >&6 if test "${ac_cv_have_accrights_in_msghdr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then - { { echo "$as_me:13713: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:13655: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 13718 "configure" +#line 13660 "configure" #include "confdefs.h" #include @@ -13732,15 +13674,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:13735: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13677: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:13738: \$? = $ac_status" >&5 + echo "$as_me:13680: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:13740: \"$ac_try\"") >&5 + { (eval echo "$as_me:13682: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13743: \$? = $ac_status" >&5 + echo "$as_me:13685: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_accrights_in_msghdr="yes" else @@ -13754,7 +13696,7 @@ fi fi -echo "$as_me:13757: result: $ac_cv_have_accrights_in_msghdr" >&5 +echo "$as_me:13699: result: $ac_cv_have_accrights_in_msghdr" >&5 echo "${ECHO_T}$ac_cv_have_accrights_in_msghdr" >&6 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13763,19 +13705,19 @@ fi -echo "$as_me:13766: checking for msg_control field in struct msghdr" >&5 +echo "$as_me:13708: checking for msg_control field in struct msghdr" >&5 echo $ECHO_N "checking for msg_control field in struct msghdr... $ECHO_C" >&6 if test "${ac_cv_have_control_in_msghdr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then - { { echo "$as_me:13773: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:13715: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 13778 "configure" +#line 13720 "configure" #include "confdefs.h" #include @@ -13792,15 +13734,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:13795: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13737: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:13798: \$? = $ac_status" >&5 + echo "$as_me:13740: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:13800: \"$ac_try\"") >&5 + { (eval echo "$as_me:13742: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13803: \$? = $ac_status" >&5 + echo "$as_me:13745: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_control_in_msghdr="yes" else @@ -13814,7 +13756,7 @@ fi fi -echo "$as_me:13817: result: $ac_cv_have_control_in_msghdr" >&5 +echo "$as_me:13759: result: $ac_cv_have_control_in_msghdr" >&5 echo "${ECHO_T}$ac_cv_have_control_in_msghdr" >&6 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13823,14 +13765,14 @@ fi -echo "$as_me:13826: checking if libc defines __progname" >&5 +echo "$as_me:13768: checking if libc defines __progname" >&5 echo $ECHO_N "checking if libc defines __progname... $ECHO_C" >&6 if test "${ac_cv_libc_defines___progname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13833 "configure" +#line 13775 "configure" #include "confdefs.h" int @@ -13842,16 +13784,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:13845: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13787: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:13848: \$? = $ac_status" >&5 + echo "$as_me:13790: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:13851: \"$ac_try\"") >&5 + { (eval echo "$as_me:13793: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13854: \$? = $ac_status" >&5 + echo "$as_me:13796: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_libc_defines___progname="yes" else @@ -13863,7 +13805,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:13866: result: $ac_cv_libc_defines___progname" >&5 +echo "$as_me:13808: result: $ac_cv_libc_defines___progname" >&5 echo "${ECHO_T}$ac_cv_libc_defines___progname" >&6 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13872,14 +13814,14 @@ fi -echo "$as_me:13875: checking whether $CC implements __FUNCTION__" >&5 +echo "$as_me:13817: checking whether $CC implements __FUNCTION__" >&5 echo $ECHO_N "checking whether $CC implements __FUNCTION__... $ECHO_C" >&6 if test "${ac_cv_cc_implements___FUNCTION__+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13882 "configure" +#line 13824 "configure" #include "confdefs.h" #include @@ -13893,16 +13835,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:13896: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13838: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:13899: \$? = $ac_status" >&5 + echo "$as_me:13841: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:13902: \"$ac_try\"") >&5 + { (eval echo "$as_me:13844: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13905: \$? = $ac_status" >&5 + echo "$as_me:13847: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_cc_implements___FUNCTION__="yes" else @@ -13914,7 +13856,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:13917: result: $ac_cv_cc_implements___FUNCTION__" >&5 +echo "$as_me:13859: result: $ac_cv_cc_implements___FUNCTION__" >&5 echo "${ECHO_T}$ac_cv_cc_implements___FUNCTION__" >&6 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13923,14 +13865,14 @@ fi -echo "$as_me:13926: checking whether $CC implements __func__" >&5 +echo "$as_me:13868: checking whether $CC implements __func__" >&5 echo $ECHO_N "checking whether $CC implements __func__... $ECHO_C" >&6 if test "${ac_cv_cc_implements___func__+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13933 "configure" +#line 13875 "configure" #include "confdefs.h" #include @@ -13944,16 +13886,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:13947: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13889: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:13950: \$? = $ac_status" >&5 + echo "$as_me:13892: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:13953: \"$ac_try\"") >&5 + { (eval echo "$as_me:13895: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13956: \$? = $ac_status" >&5 + echo "$as_me:13898: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_cc_implements___func__="yes" else @@ -13965,7 +13907,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:13968: result: $ac_cv_cc_implements___func__" >&5 +echo "$as_me:13910: result: $ac_cv_cc_implements___func__" >&5 echo "${ECHO_T}$ac_cv_cc_implements___func__" >&6 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13974,14 +13916,14 @@ fi -echo "$as_me:13977: checking whether getopt has optreset support" >&5 +echo "$as_me:13919: checking whether getopt has optreset support" >&5 echo $ECHO_N "checking whether getopt has optreset support... $ECHO_C" >&6 if test "${ac_cv_have_getopt_optreset+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13984 "configure" +#line 13926 "configure" #include "confdefs.h" #include @@ -13995,16 +13937,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:13998: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13940: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14001: \$? = $ac_status" >&5 + echo "$as_me:13943: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14004: \"$ac_try\"") >&5 + { (eval echo "$as_me:13946: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14007: \$? = $ac_status" >&5 + echo "$as_me:13949: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_getopt_optreset="yes" else @@ -14016,7 +13958,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14019: result: $ac_cv_have_getopt_optreset" >&5 +echo "$as_me:13961: result: $ac_cv_have_getopt_optreset" >&5 echo "${ECHO_T}$ac_cv_have_getopt_optreset" >&6 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14025,14 +13967,14 @@ fi -echo "$as_me:14028: checking if libc defines sys_errlist" >&5 +echo "$as_me:13970: checking if libc defines sys_errlist" >&5 echo $ECHO_N "checking if libc defines sys_errlist... $ECHO_C" >&6 if test "${ac_cv_libc_defines_sys_errlist+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14035 "configure" +#line 13977 "configure" #include "confdefs.h" int @@ -14044,16 +13986,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14047: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13989: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14050: \$? = $ac_status" >&5 + echo "$as_me:13992: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14053: \"$ac_try\"") >&5 + { (eval echo "$as_me:13995: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14056: \$? = $ac_status" >&5 + echo "$as_me:13998: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_libc_defines_sys_errlist="yes" else @@ -14065,7 +14007,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14068: result: $ac_cv_libc_defines_sys_errlist" >&5 +echo "$as_me:14010: result: $ac_cv_libc_defines_sys_errlist" >&5 echo "${ECHO_T}$ac_cv_libc_defines_sys_errlist" >&6 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14074,14 +14016,14 @@ fi -echo "$as_me:14077: checking if libc defines sys_nerr" >&5 +echo "$as_me:14019: checking if libc defines sys_nerr" >&5 echo $ECHO_N "checking if libc defines sys_nerr... $ECHO_C" >&6 if test "${ac_cv_libc_defines_sys_nerr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14084 "configure" +#line 14026 "configure" #include "confdefs.h" int @@ -14093,16 +14035,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14096: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14038: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14099: \$? = $ac_status" >&5 + echo "$as_me:14041: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14102: \"$ac_try\"") >&5 + { (eval echo "$as_me:14044: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14105: \$? = $ac_status" >&5 + echo "$as_me:14047: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_libc_defines_sys_nerr="yes" else @@ -14114,7 +14056,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14117: result: $ac_cv_libc_defines_sys_nerr" >&5 +echo "$as_me:14059: result: $ac_cv_libc_defines_sys_nerr" >&5 echo "${ECHO_T}$ac_cv_libc_defines_sys_nerr" >&6 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14145,23 +14087,23 @@ for ac_header in sectok.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:14148: checking for $ac_header" >&5 +echo "$as_me:14090: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14154 "configure" +#line 14096 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:14158: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:14100: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:14164: \$? = $ac_status" >&5 + echo "$as_me:14106: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -14180,7 +14122,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:14183: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:14125: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:14136: error: Can't find sectok.h" >&5 echo "$as_me: error: Can't find sectok.h" >&2;} { (exit 1); exit 1; }; } fi -echo "$as_me:14199: checking for sectok_open in -lsectok" >&5 +echo "$as_me:14141: checking for sectok_open in -lsectok" >&5 echo $ECHO_N "checking for sectok_open in -lsectok... $ECHO_C" >&6 if test "${ac_cv_lib_sectok_sectok_open+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14204,7 +14146,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lsectok $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14207 "configure" +#line 14149 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14223,16 +14165,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14226: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14168: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14229: \$? = $ac_status" >&5 + echo "$as_me:14171: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14232: \"$ac_try\"") >&5 + { (eval echo "$as_me:14174: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14235: \$? = $ac_status" >&5 + echo "$as_me:14177: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_sectok_sectok_open=yes else @@ -14243,7 +14185,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:14246: result: $ac_cv_lib_sectok_sectok_open" >&5 +echo "$as_me:14188: result: $ac_cv_lib_sectok_sectok_open" >&5 echo "${ECHO_T}$ac_cv_lib_sectok_sectok_open" >&6 if test $ac_cv_lib_sectok_sectok_open = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:14200: error: Can't find libsectok" >&5 echo "$as_me: error: Can't find libsectok" >&2;} { (exit 1); exit 1; }; } fi @@ -14285,7 +14227,7 @@ OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config # Extract the first word of "opensc-config", so it can be a program name with args. set dummy opensc-config; ac_word=$2 -echo "$as_me:14288: checking for $ac_word" >&5 +echo "$as_me:14230: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_OPENSC_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14302,7 +14244,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_OPENSC_CONFIG="$ac_dir/$ac_word" - echo "$as_me:14305: found $ac_dir/$ac_word" >&5 + echo "$as_me:14247: found $ac_dir/$ac_word" >&5 break fi done @@ -14314,10 +14256,10 @@ OPENSC_CONFIG=$ac_cv_path_OPENSC_CONFIG if test -n "$OPENSC_CONFIG"; then - echo "$as_me:14317: result: $OPENSC_CONFIG" >&5 + echo "$as_me:14259: result: $OPENSC_CONFIG" >&5 echo "${ECHO_T}$OPENSC_CONFIG" >&6 else - echo "$as_me:14320: result: no" >&5 + echo "$as_me:14262: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -14351,7 +14293,7 @@ #define DNS 1 EOF - echo "$as_me:14354: checking for library containing getrrsetbyname" >&5 + echo "$as_me:14296: checking for library containing getrrsetbyname" >&5 echo $ECHO_N "checking for library containing getrrsetbyname... $ECHO_C" >&6 if test "${ac_cv_search_getrrsetbyname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14359,7 +14301,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_getrrsetbyname=no cat >conftest.$ac_ext <<_ACEOF -#line 14362 "configure" +#line 14304 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14378,16 +14320,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14381: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14323: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14384: \$? = $ac_status" >&5 + echo "$as_me:14326: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14387: \"$ac_try\"") >&5 + { (eval echo "$as_me:14329: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14390: \$? = $ac_status" >&5 + echo "$as_me:14332: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_getrrsetbyname="none required" else @@ -14399,7 +14341,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14402 "configure" +#line 14344 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14418,16 +14360,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14421: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14363: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14424: \$? = $ac_status" >&5 + echo "$as_me:14366: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14427: \"$ac_try\"") >&5 + { (eval echo "$as_me:14369: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14430: \$? = $ac_status" >&5 + echo "$as_me:14372: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_getrrsetbyname="-l$ac_lib" break @@ -14440,7 +14382,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:14443: result: $ac_cv_search_getrrsetbyname" >&5 +echo "$as_me:14385: result: $ac_cv_search_getrrsetbyname" >&5 echo "${ECHO_T}$ac_cv_search_getrrsetbyname" >&6 if test "$ac_cv_search_getrrsetbyname" != no; then test "$ac_cv_search_getrrsetbyname" = "none required" || LIBS="$ac_cv_search_getrrsetbyname $LIBS" @@ -14451,7 +14393,7 @@ else # Needed by our getrrsetbyname() - echo "$as_me:14454: checking for library containing res_query" >&5 + echo "$as_me:14396: checking for library containing res_query" >&5 echo $ECHO_N "checking for library containing res_query... $ECHO_C" >&6 if test "${ac_cv_search_res_query+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14459,7 +14401,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_res_query=no cat >conftest.$ac_ext <<_ACEOF -#line 14462 "configure" +#line 14404 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14478,16 +14420,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14481: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14423: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14484: \$? = $ac_status" >&5 + echo "$as_me:14426: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14487: \"$ac_try\"") >&5 + { (eval echo "$as_me:14429: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14490: \$? = $ac_status" >&5 + echo "$as_me:14432: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_res_query="none required" else @@ -14499,7 +14441,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14502 "configure" +#line 14444 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14518,16 +14460,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14521: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14463: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14524: \$? = $ac_status" >&5 + echo "$as_me:14466: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14527: \"$ac_try\"") >&5 + { (eval echo "$as_me:14469: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14530: \$? = $ac_status" >&5 + echo "$as_me:14472: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_res_query="-l$ac_lib" break @@ -14540,14 +14482,14 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:14543: result: $ac_cv_search_res_query" >&5 +echo "$as_me:14485: result: $ac_cv_search_res_query" >&5 echo "${ECHO_T}$ac_cv_search_res_query" >&6 if test "$ac_cv_search_res_query" != no; then test "$ac_cv_search_res_query" = "none required" || LIBS="$ac_cv_search_res_query $LIBS" fi - echo "$as_me:14550: checking for library containing dn_expand" >&5 + echo "$as_me:14492: checking for library containing dn_expand" >&5 echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6 if test "${ac_cv_search_dn_expand+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14555,7 +14497,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_dn_expand=no cat >conftest.$ac_ext <<_ACEOF -#line 14558 "configure" +#line 14500 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14574,16 +14516,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14577: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14519: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14580: \$? = $ac_status" >&5 + echo "$as_me:14522: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14583: \"$ac_try\"") >&5 + { (eval echo "$as_me:14525: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14586: \$? = $ac_status" >&5 + echo "$as_me:14528: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="none required" else @@ -14595,7 +14537,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14598 "configure" +#line 14540 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14614,16 +14556,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14617: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14559: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14620: \$? = $ac_status" >&5 + echo "$as_me:14562: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14623: \"$ac_try\"") >&5 + { (eval echo "$as_me:14565: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14626: \$? = $ac_status" >&5 + echo "$as_me:14568: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="-l$ac_lib" break @@ -14636,7 +14578,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:14639: result: $ac_cv_search_dn_expand" >&5 +echo "$as_me:14581: result: $ac_cv_search_dn_expand" >&5 echo "${ECHO_T}$ac_cv_search_dn_expand" >&6 if test "$ac_cv_search_dn_expand" != no; then test "$ac_cv_search_dn_expand" = "none required" || LIBS="$ac_cv_search_dn_expand $LIBS" @@ -14646,13 +14588,13 @@ for ac_func in _getshort _getlong do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:14649: checking for $ac_func" >&5 +echo "$as_me:14591: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14655 "configure" +#line 14597 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -14683,16 +14625,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14686: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14628: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14689: \$? = $ac_status" >&5 + echo "$as_me:14631: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14692: \"$ac_try\"") >&5 + { (eval echo "$as_me:14634: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14695: \$? = $ac_status" >&5 + echo "$as_me:14637: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -14702,7 +14644,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14705: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:14647: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:14657: checking for HEADER.ad" >&5 echo $ECHO_N "checking for HEADER.ad... $ECHO_C" >&6 if test "${ac_cv_member_HEADER_ad+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14721 "configure" +#line 14663 "configure" #include "confdefs.h" #include @@ -14733,16 +14675,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:14736: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:14678: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:14739: \$? = $ac_status" >&5 + echo "$as_me:14681: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:14742: \"$ac_try\"") >&5 + { (eval echo "$as_me:14684: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14745: \$? = $ac_status" >&5 + echo "$as_me:14687: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_member_HEADER_ad=yes else @@ -14752,7 +14694,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:14755: result: $ac_cv_member_HEADER_ad" >&5 +echo "$as_me:14697: result: $ac_cv_member_HEADER_ad" >&5 echo "${ECHO_T}$ac_cv_member_HEADER_ad" >&6 if test $ac_cv_member_HEADER_ad = yes; then cat >>confdefs.h <<\EOF @@ -14787,10 +14729,10 @@ EOF KRB5_MSG="yes" - echo "$as_me:14790: checking whether we are using Heimdal" >&5 + echo "$as_me:14732: checking whether we are using Heimdal" >&5 echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 14793 "configure" +#line 14735 "configure" #include "confdefs.h" #include int @@ -14802,18 +14744,18 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:14805: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:14747: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:14808: \$? = $ac_status" >&5 + echo "$as_me:14750: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:14811: \"$ac_try\"") >&5 + { (eval echo "$as_me:14753: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14814: \$? = $ac_status" >&5 + echo "$as_me:14756: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:14816: result: yes" >&5 + echo "$as_me:14758: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HEIMDAL 1 @@ -14824,7 +14766,7 @@ else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:14827: result: no" >&5 + echo "$as_me:14769: result: no" >&5 echo "${ECHO_T}no" >&6 K5LIBS="-lkrb5 -lk5crypto -lcom_err" @@ -14836,7 +14778,7 @@ if test ! -z "$blibpath" ; then blibpath="$blibpath:${KRB5ROOT}/lib" fi - echo "$as_me:14839: checking for library containing dn_expand" >&5 + echo "$as_me:14781: checking for library containing dn_expand" >&5 echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6 if test "${ac_cv_search_dn_expand+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14844,7 +14786,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_dn_expand=no cat >conftest.$ac_ext <<_ACEOF -#line 14847 "configure" +#line 14789 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14863,16 +14805,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14866: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14808: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14869: \$? = $ac_status" >&5 + echo "$as_me:14811: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14872: \"$ac_try\"") >&5 + { (eval echo "$as_me:14814: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14875: \$? = $ac_status" >&5 + echo "$as_me:14817: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="none required" else @@ -14884,7 +14826,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14887 "configure" +#line 14829 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14903,16 +14845,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14906: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14848: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14909: \$? = $ac_status" >&5 + echo "$as_me:14851: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14912: \"$ac_try\"") >&5 + { (eval echo "$as_me:14854: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14915: \$? = $ac_status" >&5 + echo "$as_me:14857: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="-l$ac_lib" break @@ -14925,14 +14867,14 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:14928: result: $ac_cv_search_dn_expand" >&5 +echo "$as_me:14870: result: $ac_cv_search_dn_expand" >&5 echo "${ECHO_T}$ac_cv_search_dn_expand" >&6 if test "$ac_cv_search_dn_expand" != no; then test "$ac_cv_search_dn_expand" = "none required" || LIBS="$ac_cv_search_dn_expand $LIBS" fi - echo "$as_me:14935: checking for gss_init_sec_context in -lgssapi" >&5 + echo "$as_me:14877: checking for gss_init_sec_context in -lgssapi" >&5 echo $ECHO_N "checking for gss_init_sec_context in -lgssapi... $ECHO_C" >&6 if test "${ac_cv_lib_gssapi_gss_init_sec_context+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14940,7 +14882,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi $K5LIBS $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14943 "configure" +#line 14885 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14959,16 +14901,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14962: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14904: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14965: \$? = $ac_status" >&5 + echo "$as_me:14907: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14968: \"$ac_try\"") >&5 + { (eval echo "$as_me:14910: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14971: \$? = $ac_status" >&5 + echo "$as_me:14913: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_gssapi_gss_init_sec_context=yes else @@ -14979,7 +14921,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:14982: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 +echo "$as_me:14924: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 echo "${ECHO_T}$ac_cv_lib_gssapi_gss_init_sec_context" >&6 if test $ac_cv_lib_gssapi_gss_init_sec_context = yes; then cat >>confdefs.h <<\EOF @@ -14988,7 +14930,7 @@ K5LIBS="-lgssapi $K5LIBS" else - echo "$as_me:14991: checking for gss_init_sec_context in -lgssapi_krb5" >&5 + echo "$as_me:14933: checking for gss_init_sec_context in -lgssapi_krb5" >&5 echo $ECHO_N "checking for gss_init_sec_context in -lgssapi_krb5... $ECHO_C" >&6 if test "${ac_cv_lib_gssapi_krb5_gss_init_sec_context+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14996,7 +14938,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi_krb5 $K5LIBS $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14999 "configure" +#line 14941 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15015,16 +14957,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15018: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14960: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15021: \$? = $ac_status" >&5 + echo "$as_me:14963: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15024: \"$ac_try\"") >&5 + { (eval echo "$as_me:14966: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15027: \$? = $ac_status" >&5 + echo "$as_me:14969: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes else @@ -15035,7 +14977,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:15038: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 +echo "$as_me:14980: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6 if test $ac_cv_lib_gssapi_krb5_gss_init_sec_context = yes; then cat >>confdefs.h <<\EOF @@ -15044,29 +14986,29 @@ K5LIBS="-lgssapi_krb5 $K5LIBS" else - { echo "$as_me:15047: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 + { echo "$as_me:14989: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} fi fi - echo "$as_me:15053: checking for gssapi.h" >&5 + echo "$as_me:14995: checking for gssapi.h" >&5 echo $ECHO_N "checking for gssapi.h... $ECHO_C" >&6 if test "${ac_cv_header_gssapi_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15059 "configure" +#line 15001 "configure" #include "confdefs.h" #include _ACEOF -if { (eval echo "$as_me:15063: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15005: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15069: \$? = $ac_status" >&5 + echo "$as_me:15011: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15085,7 +15027,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15088: result: $ac_cv_header_gssapi_h" >&5 +echo "$as_me:15030: result: $ac_cv_header_gssapi_h" >&5 echo "${ECHO_T}$ac_cv_header_gssapi_h" >&6 if test $ac_cv_header_gssapi_h = yes; then : @@ -15096,23 +15038,23 @@ for ac_header in gssapi.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:15099: checking for $ac_header" >&5 +echo "$as_me:15041: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15105 "configure" +#line 15047 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:15109: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15051: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15115: \$? = $ac_status" >&5 + echo "$as_me:15057: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15131,7 +15073,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15134: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:15076: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 + { echo "$as_me:15084: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} fi @@ -15149,23 +15091,23 @@ oldCPP="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - echo "$as_me:15152: checking for gssapi_krb5.h" >&5 + echo "$as_me:15094: checking for gssapi_krb5.h" >&5 echo $ECHO_N "checking for gssapi_krb5.h... $ECHO_C" >&6 if test "${ac_cv_header_gssapi_krb5_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15158 "configure" +#line 15100 "configure" #include "confdefs.h" #include _ACEOF -if { (eval echo "$as_me:15162: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15104: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15168: \$? = $ac_status" >&5 + echo "$as_me:15110: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15184,7 +15126,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15187: result: $ac_cv_header_gssapi_krb5_h" >&5 +echo "$as_me:15129: result: $ac_cv_header_gssapi_krb5_h" >&5 echo "${ECHO_T}$ac_cv_header_gssapi_krb5_h" >&6 if test $ac_cv_header_gssapi_krb5_h = yes; then : @@ -15229,7 +15171,7 @@ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" # Extract the first word of "xauth", so it can be a program name with args. set dummy xauth; ac_word=$2 -echo "$as_me:15232: checking for $ac_word" >&5 +echo "$as_me:15174: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_xauth_path+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -15246,7 +15188,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_xauth_path="$ac_dir/$ac_word" - echo "$as_me:15249: found $ac_dir/$ac_word" >&5 + echo "$as_me:15191: found $ac_dir/$ac_word" >&5 break fi done @@ -15257,10 +15199,10 @@ xauth_path=$ac_cv_path_xauth_path if test -n "$xauth_path"; then - echo "$as_me:15260: result: $xauth_path" >&5 + echo "$as_me:15202: result: $xauth_path" >&5 echo "${ECHO_T}$xauth_path" >&6 else - echo "$as_me:15263: result: no" >&5 + echo "$as_me:15205: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -15304,13 +15246,13 @@ if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then - echo "$as_me:15307: checking for \"/dev/ptmx\"" >&5 + echo "$as_me:15249: checking for \"/dev/ptmx\"" >&5 echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6 if test "${ac_cv_file___dev_ptmx_+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else test "$cross_compiling" = yes && - { { echo "$as_me:15313: error: cannot check for file existence when cross compiling" >&5 + { { echo "$as_me:15255: error: cannot check for file existence when cross compiling" >&5 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} { (exit 1); exit 1; }; } if test -r ""/dev/ptmx""; then @@ -15319,7 +15261,7 @@ ac_cv_file___dev_ptmx_=no fi fi -echo "$as_me:15322: result: $ac_cv_file___dev_ptmx_" >&5 +echo "$as_me:15264: result: $ac_cv_file___dev_ptmx_" >&5 echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6 if test $ac_cv_file___dev_ptmx_ = yes; then @@ -15333,13 +15275,13 @@ fi fi -echo "$as_me:15336: checking for \"/dev/ptc\"" >&5 +echo "$as_me:15278: checking for \"/dev/ptc\"" >&5 echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6 if test "${ac_cv_file___dev_ptc_+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else test "$cross_compiling" = yes && - { { echo "$as_me:15342: error: cannot check for file existence when cross compiling" >&5 + { { echo "$as_me:15284: error: cannot check for file existence when cross compiling" >&5 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} { (exit 1); exit 1; }; } if test -r ""/dev/ptc""; then @@ -15348,7 +15290,7 @@ ac_cv_file___dev_ptc_=no fi fi -echo "$as_me:15351: result: $ac_cv_file___dev_ptc_" >&5 +echo "$as_me:15293: result: $ac_cv_file___dev_ptc_" >&5 echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6 if test $ac_cv_file___dev_ptc_ = yes; then @@ -15371,7 +15313,7 @@ MANTYPE=$withval ;; *) - { { echo "$as_me:15374: error: invalid man type: $withval" >&5 + { { echo "$as_me:15316: error: invalid man type: $withval" >&5 echo "$as_me: error: invalid man type: $withval" >&2;} { (exit 1); exit 1; }; } ;; @@ -15384,7 +15326,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -echo "$as_me:15387: checking for $ac_word" >&5 +echo "$as_me:15329: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_NROFF+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -15401,7 +15343,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_NROFF="$ac_dir/$ac_word" - echo "$as_me:15404: found $ac_dir/$ac_word" >&5 + echo "$as_me:15346: found $ac_dir/$ac_word" >&5 break fi done @@ -15412,10 +15354,10 @@ NROFF=$ac_cv_path_NROFF if test -n "$NROFF"; then - echo "$as_me:15415: result: $NROFF" >&5 + echo "$as_me:15357: result: $NROFF" >&5 echo "${ECHO_T}$NROFF" >&6 else - echo "$as_me:15418: result: no" >&5 + echo "$as_me:15360: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -15472,10 +15414,10 @@ fi; if test -z "$disable_shadow" ; then - echo "$as_me:15475: checking if the systems has expire shadow information" >&5 + echo "$as_me:15417: checking if the systems has expire shadow information" >&5 echo $ECHO_N "checking if the systems has expire shadow information... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 15478 "configure" +#line 15420 "configure" #include "confdefs.h" #include @@ -15491,16 +15433,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:15494: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:15436: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:15497: \$? = $ac_status" >&5 + echo "$as_me:15439: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:15500: \"$ac_try\"") >&5 + { (eval echo "$as_me:15442: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15503: \$? = $ac_status" >&5 + echo "$as_me:15445: \$? = $ac_status" >&5 (exit $ac_status); }; }; then sp_expire_available=yes else @@ -15511,14 +15453,14 @@ rm -f conftest.$ac_objext conftest.$ac_ext if test "x$sp_expire_available" = "xyes" ; then - echo "$as_me:15514: result: yes" >&5 + echo "$as_me:15456: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HAS_SHADOW_EXPIRE 1 EOF else - echo "$as_me:15521: result: no" >&5 + echo "$as_me:15463: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi @@ -15555,13 +15497,13 @@ else -echo "$as_me:15558: checking for \"/etc/default/login\"" >&5 +echo "$as_me:15500: checking for \"/etc/default/login\"" >&5 echo $ECHO_N "checking for \"/etc/default/login\"... $ECHO_C" >&6 if test "${ac_cv_file___etc_default_login_+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else test "$cross_compiling" = yes && - { { echo "$as_me:15564: error: cannot check for file existence when cross compiling" >&5 + { { echo "$as_me:15506: error: cannot check for file existence when cross compiling" >&5 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} { (exit 1); exit 1; }; } if test -r ""/etc/default/login""; then @@ -15570,7 +15512,7 @@ ac_cv_file___etc_default_login_=no fi fi -echo "$as_me:15573: result: $ac_cv_file___etc_default_login_" >&5 +echo "$as_me:15515: result: $ac_cv_file___etc_default_login_" >&5 echo "${ECHO_T}$ac_cv_file___etc_default_login_" >&6 if test $ac_cv_file___etc_default_login_ = yes; then external_path_file=/etc/default/login @@ -15598,7 +15540,7 @@ withval="$with_default_path" if test "x$external_path_file" = "x/etc/login.conf" ; then - { echo "$as_me:15601: WARNING: + { echo "$as_me:15543: WARNING: --with-default-path=PATH has no effect on this system. Edit /etc/login.conf instead." >&5 echo "$as_me: WARNING: @@ -15606,7 +15548,7 @@ Edit /etc/login.conf instead." >&2;} elif test "x$withval" != "xno" ; then if test ! -z "$external_path_file" ; then - { echo "$as_me:15609: WARNING: + { echo "$as_me:15551: WARNING: --with-default-path=PATH will only be used if PATH is not defined in $external_path_file ." >&5 echo "$as_me: WARNING: @@ -15619,11 +15561,11 @@ else if test "x$external_path_file" = "x/etc/login.conf" ; then - { echo "$as_me:15622: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 + { echo "$as_me:15564: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} else if test ! -z "$external_path_file" ; then - { echo "$as_me:15626: WARNING: + { echo "$as_me:15568: WARNING: If PATH is defined in $external_path_file, ensure the path to scp is included, otherwise scp will not work." >&5 echo "$as_me: WARNING: @@ -15635,7 +15577,7 @@ else cat >conftest.$ac_ext <<_ACEOF -#line 15638 "configure" +#line 15580 "configure" #include "confdefs.h" /* find out what STDPATH is */ @@ -15672,15 +15614,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:15675: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15617: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15678: \$? = $ac_status" >&5 + echo "$as_me:15620: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:15680: \"$ac_try\"") >&5 + { (eval echo "$as_me:15622: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15683: \$? = $ac_status" >&5 + echo "$as_me:15625: \$? = $ac_status" >&5 (exit $ac_status); }; }; then user_path=`cat conftest.stdpath` else @@ -15704,7 +15646,7 @@ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 if test $? -ne 0 ; then user_path=$user_path:$t_bindir - echo "$as_me:15707: result: Adding $t_bindir to USER_PATH so scp will work" >&5 + echo "$as_me:15649: result: Adding $t_bindir to USER_PATH so scp will work" >&5 echo "${ECHO_T}Adding $t_bindir to USER_PATH so scp will work" >&6 fi fi @@ -15734,7 +15676,7 @@ fi; -echo "$as_me:15737: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 +echo "$as_me:15679: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 echo $ECHO_N "checking if we need to convert IPv4 in IPv6-mapped addresses... $ECHO_C" >&6 IPV4_IN6_HACK_MSG="no" @@ -15743,7 +15685,7 @@ withval="$with_4in6" if test "x$withval" != "xno" ; then - echo "$as_me:15746: result: yes" >&5 + echo "$as_me:15688: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define IPV4_IN_IPV6 1 @@ -15751,14 +15693,14 @@ IPV4_IN6_HACK_MSG="yes" else - echo "$as_me:15754: result: no" >&5 + echo "$as_me:15696: result: no" >&5 echo "${ECHO_T}no" >&6 fi else if test "x$inet6_default_4in6" = "xyes"; then - echo "$as_me:15761: result: yes (default)" >&5 + echo "$as_me:15703: result: yes (default)" >&5 echo "${ECHO_T}yes (default)" >&6 cat >>confdefs.h <<\EOF #define IPV4_IN_IPV6 1 @@ -15766,7 +15708,7 @@ IPV4_IN6_HACK_MSG="yes" else - echo "$as_me:15769: result: no (default)" >&5 + echo "$as_me:15711: result: no (default)" >&5 echo "${ECHO_T}no (default)" >&6 fi @@ -15812,12 +15754,11 @@ EOF ssh_x509store="yes" -ssh_x509dn_email="yes" # Check whether --enable-x509store or --disable-x509store was given. if test "${enable_x509store+set}" = set; then enableval="$enable_x509store" - if test "x$enableval" = "xno" ; then + if test "x$enableval" = "xno"; then ssh_x509store="no" fi @@ -15828,17 +15769,20 @@ #define SSH_X509STORE_DISABLED 1 EOF -else +fi + +ssh_x509dn_email="yes" +if test "x$ssh_x509store" = "xyes"; then # Check for Email in X.509 'Distinguished Name' - echo "$as_me:15833: checking for Email in X.509 'Distinguished Name'" >&5 + echo "$as_me:15777: checking for Email in X.509 'Distinguished Name'" >&5 echo $ECHO_N "checking for Email in X.509 'Distinguished Name'... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:15836: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:15780: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 15841 "configure" +#line 15785 "configure" #include "confdefs.h" #include @@ -15854,18 +15798,18 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:15857: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15801: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15860: \$? = $ac_status" >&5 + echo "$as_me:15804: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:15862: \"$ac_try\"") >&5 + { (eval echo "$as_me:15806: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15865: \$? = $ac_status" >&5 + echo "$as_me:15809: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:15868: result: yes" >&5 + echo "$as_me:15812: result: yes" >&5 echo "${ECHO_T}yes" >&6 else @@ -15873,7 +15817,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:15876: result: no" >&5 + echo "$as_me:15820: result: no" >&5 echo "${ECHO_T}no" >&6 ssh_x509dn_email="no" @@ -15906,7 +15850,7 @@ if test "x$withval" != "xno" ; then piddir=$withval if test ! -d $piddir ; then - { echo "$as_me:15909: WARNING: ** no $piddir directory on this system **" >&5 + { echo "$as_me:15853: WARNING: ** no $piddir directory on this system **" >&5 echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} fi fi @@ -16029,10 +15973,10 @@ fi; -echo "$as_me:16032: checking if your system defines LASTLOG_FILE" >&5 +echo "$as_me:15976: checking if your system defines LASTLOG_FILE" >&5 echo $ECHO_N "checking if your system defines LASTLOG_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16035 "configure" +#line 15979 "configure" #include "confdefs.h" #include @@ -16056,29 +16000,29 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16059: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16003: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16062: \$? = $ac_status" >&5 + echo "$as_me:16006: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16065: \"$ac_try\"") >&5 + { (eval echo "$as_me:16009: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16068: \$? = $ac_status" >&5 + echo "$as_me:16012: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16070: result: yes" >&5 + echo "$as_me:16014: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16076: result: no" >&5 + echo "$as_me:16020: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "$as_me:16078: checking if your system defines _PATH_LASTLOG" >&5 + echo "$as_me:16022: checking if your system defines _PATH_LASTLOG" >&5 echo $ECHO_N "checking if your system defines _PATH_LASTLOG... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16081 "configure" +#line 16025 "configure" #include "confdefs.h" #include @@ -16099,24 +16043,24 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16102: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16046: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16105: \$? = $ac_status" >&5 + echo "$as_me:16049: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16108: \"$ac_try\"") >&5 + { (eval echo "$as_me:16052: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16111: \$? = $ac_status" >&5 + echo "$as_me:16055: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16113: result: yes" >&5 + echo "$as_me:16057: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16119: result: no" >&5 + echo "$as_me:16063: result: no" >&5 echo "${ECHO_T}no" >&6 system_lastlog_path=no @@ -16134,7 +16078,7 @@ fi done if test -z "$conf_lastlog_location"; then - { echo "$as_me:16137: WARNING: ** Cannot find lastlog **" >&5 + { echo "$as_me:16081: WARNING: ** Cannot find lastlog **" >&5 echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;} fi fi @@ -16147,10 +16091,10 @@ fi -echo "$as_me:16150: checking if your system defines UTMP_FILE" >&5 +echo "$as_me:16094: checking if your system defines UTMP_FILE" >&5 echo $ECHO_N "checking if your system defines UTMP_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16153 "configure" +#line 16097 "configure" #include "confdefs.h" #include @@ -16168,23 +16112,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16171: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16115: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16174: \$? = $ac_status" >&5 + echo "$as_me:16118: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16177: \"$ac_try\"") >&5 + { (eval echo "$as_me:16121: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16180: \$? = $ac_status" >&5 + echo "$as_me:16124: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16182: result: yes" >&5 + echo "$as_me:16126: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16187: result: no" >&5 + echo "$as_me:16131: result: no" >&5 echo "${ECHO_T}no" >&6 system_utmp_path=no @@ -16212,10 +16156,10 @@ fi -echo "$as_me:16215: checking if your system defines WTMP_FILE" >&5 +echo "$as_me:16159: checking if your system defines WTMP_FILE" >&5 echo $ECHO_N "checking if your system defines WTMP_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16218 "configure" +#line 16162 "configure" #include "confdefs.h" #include @@ -16233,23 +16177,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16236: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16180: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16239: \$? = $ac_status" >&5 + echo "$as_me:16183: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16242: \"$ac_try\"") >&5 + { (eval echo "$as_me:16186: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16245: \$? = $ac_status" >&5 + echo "$as_me:16189: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16247: result: yes" >&5 + echo "$as_me:16191: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16252: result: no" >&5 + echo "$as_me:16196: result: no" >&5 echo "${ECHO_T}no" >&6 system_wtmp_path=no @@ -16277,10 +16221,10 @@ fi -echo "$as_me:16280: checking if your system defines UTMPX_FILE" >&5 +echo "$as_me:16224: checking if your system defines UTMPX_FILE" >&5 echo $ECHO_N "checking if your system defines UTMPX_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16283 "configure" +#line 16227 "configure" #include "confdefs.h" #include @@ -16301,23 +16245,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16304: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16248: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16307: \$? = $ac_status" >&5 + echo "$as_me:16251: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16310: \"$ac_try\"") >&5 + { (eval echo "$as_me:16254: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16313: \$? = $ac_status" >&5 + echo "$as_me:16257: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16315: result: yes" >&5 + echo "$as_me:16259: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16320: result: no" >&5 + echo "$as_me:16264: result: no" >&5 echo "${ECHO_T}no" >&6 system_utmpx_path=no @@ -16337,10 +16281,10 @@ fi -echo "$as_me:16340: checking if your system defines WTMPX_FILE" >&5 +echo "$as_me:16284: checking if your system defines WTMPX_FILE" >&5 echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16343 "configure" +#line 16287 "configure" #include "confdefs.h" #include @@ -16361,23 +16305,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16364: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16308: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16367: \$? = $ac_status" >&5 + echo "$as_me:16311: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16370: \"$ac_try\"") >&5 + { (eval echo "$as_me:16314: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16373: \$? = $ac_status" >&5 + echo "$as_me:16317: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16375: result: yes" >&5 + echo "$as_me:16319: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16380: result: no" >&5 + echo "$as_me:16324: result: no" >&5 echo "${ECHO_T}no" >&6 system_wtmpx_path=no @@ -16399,7 +16343,7 @@ if test ! -z "$blibpath" ; then LDFLAGS="$LDFLAGS $blibflags$blibpath" - { echo "$as_me:16402: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 + { echo "$as_me:16346: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} fi @@ -16491,7 +16435,7 @@ : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ echo "$as_me:16494: creating $CONFIG_STATUS" >&5 +{ echo "$as_me:16438: creating $CONFIG_STATUS" >&5 echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF #! $SHELL @@ -16664,7 +16608,7 @@ echo "$ac_cs_version"; exit 0 ;; --he | --h) # Conflict between --help and --header - { { echo "$as_me:16667: error: ambiguous option: $1 + { { echo "$as_me:16611: error: ambiguous option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2;} @@ -16683,7 +16627,7 @@ ac_need_defaults=false;; # This is an error. - -*) { { echo "$as_me:16686: error: unrecognized option: $1 + -*) { { echo "$as_me:16630: error: unrecognized option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2;} @@ -16724,7 +16668,7 @@ "ssh_prng_cmds" ) CONFIG_FILES="$CONFIG_FILES ssh_prng_cmds" ;; "tests/CA/Makefile" ) CONFIG_FILES="$CONFIG_FILES tests/CA/Makefile" ;; "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; - *) { { echo "$as_me:16727: error: invalid argument: $ac_config_target" >&5 + *) { { echo "$as_me:16671: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac @@ -16981,7 +16925,7 @@ esac if test x"$ac_file" != x-; then - { echo "$as_me:16984: creating $ac_file" >&5 + { echo "$as_me:16928: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} rm -f "$ac_file" fi @@ -16999,7 +16943,7 @@ -) echo $tmp/stdin ;; [\\/$]*) # Absolute (can't be DOS-style, as IFS=:) - test -f "$f" || { { echo "$as_me:17002: error: cannot find input file: $f" >&5 + test -f "$f" || { { echo "$as_me:16946: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } echo $f;; @@ -17012,7 +16956,7 @@ echo $srcdir/$f else # /dev/null tree - { { echo "$as_me:17015: error: cannot find input file: $f" >&5 + { { echo "$as_me:16959: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } fi;; @@ -17073,7 +17017,7 @@ * ) ac_file_in=$ac_file.in ;; esac - test x"$ac_file" != x- && { echo "$as_me:17076: creating $ac_file" >&5 + test x"$ac_file" != x- && { echo "$as_me:17020: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} # First look for the input files in the build tree, otherwise in the @@ -17084,7 +17028,7 @@ -) echo $tmp/stdin ;; [\\/$]*) # Absolute (can't be DOS-style, as IFS=:) - test -f "$f" || { { echo "$as_me:17087: error: cannot find input file: $f" >&5 + test -f "$f" || { { echo "$as_me:17031: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } echo $f;; @@ -17097,7 +17041,7 @@ echo $srcdir/$f else # /dev/null tree - { { echo "$as_me:17100: error: cannot find input file: $f" >&5 + { { echo "$as_me:17044: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } fi;; @@ -17214,7 +17158,7 @@ rm -f $tmp/in if test x"$ac_file" != x-; then if cmp -s $ac_file $tmp/config.h 2>/dev/null; then - { echo "$as_me:17217: $ac_file is unchanged" >&5 + { echo "$as_me:17161: $ac_file is unchanged" >&5 echo "$as_me: $ac_file is unchanged" >&6;} else ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ diff -ruN openssh-3.7.1p2+x509g2/configure.ac openssh-3.7.1p2+x509g4/configure.ac --- openssh-3.7.1p2+x509g2/configure.ac 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/configure.ac 2004-03-09 09:06:00.000000000 +0200 @@ -1066,35 +1066,6 @@ ] ) -# Check vulnerable for ASN.1 encoding errors OpenSSL version. -# see http://www.openssl.org/news/secadv_20020730.txt -AC_MSG_CHECKING([for ASN.1 encoding errors vulnerable OpenSSL version]) -AC_TRY_RUN( - [ -#include -#include - -int main(void) { - unsigned long ssl_ver = SSLeay(); - /* 0.9.6X where X > e */ - if ((0x0090606fL <= ssl_ver) && (ssl_ver <= 0x00906fffL)) - exit (0); - /* 0.9.7X where X > beta2 */ - if ((0x00907003L <= ssl_ver)) - exit (0); - exit (1); - return (1); -} - ], - [ - AC_MSG_RESULT(no) - ], - [ - AC_MSG_RESULT(yes) - AC_MSG_WARN(Your OpenSSL library might is vulnerable for ASN.1 encoding errors) - ] -) - # Some Linux systems (Slackware) need crypt() from libcrypt, *not* the # version in OpenSSL. Skip this for PAM if test "x$check_for_libcrypt_later" = "x1"; then @@ -2416,11 +2387,10 @@ ssh_x509store="yes" -ssh_x509dn_email="yes" AC_ARG_ENABLE(x509store, [ --disable-x509store Disable X.509 store], [ - if test "x$enableval" = "xno" ; then + if test "x$enableval" = "xno"; then ssh_x509store="no" fi ] @@ -2429,7 +2399,11 @@ AC_DEFINE_UNQUOTED( SSH_X509STORE_DISABLED, 1, [Define if you don't want to verify certificates]) -else +fi + + +ssh_x509dn_email="yes" +if test "x$ssh_x509store" = "xyes"; then # Check for Email in X.509 'Distinguished Name' AC_MSG_CHECKING([for Email in X.509 'Distinguished Name']) AC_TRY_RUN( diff -ruN openssh-3.7.1p2+x509g2/key.c openssh-3.7.1p2+x509g4/key.c --- openssh-3.7.1p2+x509g2/key.c 2003-09-25 09:06:01.000000000 +0300 +++ openssh-3.7.1p2+x509g4/key.c 2004-03-09 09:06:01.000000000 +0200 @@ -615,7 +615,7 @@ } char * -key_type(Key *k) +key_type(const Key *k) { switch (k->type) { case KEY_RSA1: @@ -640,7 +640,7 @@ } char * -key_ssh_name(Key *k) +key_ssh_name(const Key *k) { switch (k->type) { case KEY_RSA: diff -ruN openssh-3.7.1p2+x509g2/key.h openssh-3.7.1p2+x509g4/key.h --- openssh-3.7.1p2+x509g2/key.h 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/key.h 2004-03-09 09:06:00.000000000 +0200 @@ -68,7 +68,7 @@ int key_equal(Key *, Key *); char *key_fingerprint(Key *, enum fp_type, enum fp_rep); u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); -char *key_type(Key *); +char *key_type(const Key *); int key_write(Key *, FILE *); int key_read(Key *, char **); u_int key_size(Key *); @@ -79,7 +79,7 @@ Key *key_from_blob(u_char *, u_int); int key_to_blob(Key *, u_char **, u_int *); -char *key_ssh_name(Key *); +char *key_ssh_name(const Key *); int key_names_valid2(const char *); int key_sign(Key *, u_char **, u_int *, u_char *, u_int); diff -ruN openssh-3.7.1p2+x509g2/LICENCE openssh-3.7.1p2+x509g4/LICENCE --- openssh-3.7.1p2+x509g2/LICENCE 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/LICENCE 2004-03-09 09:06:00.000000000 +0200 @@ -178,10 +178,10 @@ Kevin Steves Daniel Kouril Per Allansson - Roumen Petrov Wesley Griffin Nils Nordman Simon Wilkinson + Roumen Petrov Portable OpenSSH additionally includes code from the following copyright holders, also under the 2-term BSD license: @@ -329,4 +329,4 @@ ------ -$OpenBSD: LICENCE,v 1.17 2003/08/22 20:55:06 markus Exp $ +$OpenBSD$ diff -ruN openssh-3.7.1p2+x509g2/readconf.c openssh-3.7.1p2+x509g4/readconf.c --- openssh-3.7.1p2+x509g2/readconf.c 2003-09-25 09:06:01.000000000 +0300 +++ openssh-3.7.1p2+x509g4/readconf.c 2004-03-09 09:06:01.000000000 +0200 @@ -11,7 +11,7 @@ * called by a name other than "ssh" or "Secure Shell". * * X509 certificate support, - * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -806,6 +806,7 @@ } break; +#ifndef SSH_X509STORE_DISABLED case oCACertificateFile: case oCACertificatePath: case oCARevocationFile: @@ -815,7 +816,6 @@ case oUserCARevocationFile: case oUserCARevocationPath: arg = strdelim(&s); -#ifndef SSH_X509STORE_DISABLED if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); switch (opcode) { @@ -836,19 +836,26 @@ case oUserCARevocationPath: options->userca.revocation_path = xstrdup(arg); break; default: + break; } -#else /*def SSH_X509STORE_DISABLED*/ - debug("%s line %d: Unsupported option \"%s\"", - filename, linenum, keyword); - for(; arg; arg = strdelim(&s)); -#endif /*def SSH_X509STORE_DISABLED*/ break; +#endif /*ndef SSH_X509STORE_DISABLED*/ case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); return 0; +#ifdef SSH_X509STORE_DISABLED + case oCACertificateFile: + case oCACertificatePath: + case oCARevocationFile: + case oCARevocationPath: + case oUserCACertificateFile: + case oUserCACertificatePath: + case oUserCARevocationFile: + case oUserCARevocationPath: +#endif /*def SSH_X509STORE_DISABLED*/ case oUnsupported: error("%s line %d: Unsupported option \"%s\"", filename, linenum, keyword); @@ -1002,15 +1009,15 @@ #ifndef SSH_X509STORE_DISABLED static void -tilde_expand_filename2(char **_fn, char* _default) { +tilde_expand_filename2(const char **_fn, const char* _default) { extern uid_t original_real_uid; if (*_fn == NULL) { *_fn = tilde_expand_filename(_default, original_real_uid); } else { - char *p = *_fn; + const char *p = *_fn; *_fn = tilde_expand_filename(p, original_real_uid); - xfree(p); + xfree((void*)p); } } #endif /*ndef SSH_X509STORE_DISABLED*/ diff -ruN openssh-3.7.1p2+x509g2/README.x509v3 openssh-3.7.1p2+x509g4/README.x509v3 --- openssh-3.7.1p2+x509g2/README.x509v3 2003-06-11 11:51:51.000000000 +0300 +++ openssh-3.7.1p2+x509g4/README.x509v3 2004-03-07 13:10:20.000000000 +0200 @@ -1,12 +1,12 @@ Roumen Petrov Sofia, Bulgaria - Tue Jun 11 2003 + Sat Mar 6 2004 How to use X.509 certificates with OpenSSH? Identity or hostkey file for protocol version 2 can contain private key -plus x509 certificate in PEM format. Note that protocol version 2 keys +plus X.509 certificate in PEM format. Note that protocol version 2 keys are in PEM format. To use X.509 certificate as identity or hostkey user should convert certificate in PEM format and append to file. After this with "ssh-keygen -y ..." user must update "pub" file. @@ -22,31 +22,34 @@ 1.) server configuration: + 1.1.) .../sshd_config -1.1.1.) -AllowedCertPurpose sslclient + +1.1.1.) AllowedCertPurpose sslclient The intended use off the X.509 client certificate. -1.1.2.) "X509 store". Server use "X509 store" to verify client keys. -CACertificateFile /etc/ssh/ca/ca-bundle.crt +1.1.2.) "X509 store". + Server use "X509 store" to verify and validate client keys. + +1.1.2.1.) CACertificateFile /etc/ssh/ca/ca-bundle.crt This file contain multiple certificates of certificate signers in PEM format concatenated together. You can get a copy from openssl, apache, KDE, mutt, etc. packages. Original file might is exported from Netscape certificate database and one download URL is: http://www.modssl.org/contrib/ca-bundle.crt.tar.gz -CACertificatePath /etc/ssh/ca/crt +1.1.2.2.) CACertificatePath /etc/ssh/ca/crt "Hash dir" with certificates of certificate signers. Each certificate should be stored in separate file with name [HASH].[NUMBER], where [HASH] is certificate hash value and [NUMBER] is an integer starting from zero. Hash is result from command like this: $ openssl x509 -in certificate_file_name -noout -hash -CARevocationFile /etc/ssh/ca/ca-bundle.crl +1.1.2.3.) CARevocationFile /etc/ssh/ca/ca-bundle.crl This file contain multiple "Certificate Revocation List" (CRL) of certificate signers in PEM format concatenated together. -CARevocationPath /etc/ssh/ca/crl +1.1.2.4.) CARevocationPath /etc/ssh/ca/crl "Hash dir" with "Certificate Revocation List" (CRL) of certificate signers. Each CRL should be stored in separate file with name [HASH].r[NUMBER], where [HASH] is CRL hash value and [NUMBER] is an @@ -54,11 +57,10 @@ $ openssl crl -in crl_file_name -noout -hash 1.1.3.) HostKey files... - Host key for protocol version 2 can contain private key plus x509 + Host key for protocol version 2 can contain private key plus X.509 certificate in PEM format. -1.1.4.) -X509rsaSigType=md5 +1.1.4.) X509rsaSigType=md5 Specifies prefered signature digest type for "x509v3-sign-rsa" keys. The possible values are "md5" and "sha1". When X.509 certificate signature blob fail with specified value, server try other and print @@ -69,8 +71,8 @@ When you see this PLEASE send a EMAIL with "X509COMPAT" lines from log files. - -1.2.) append in USER_HOME/.ssh/authorized_keys a record with following +1.2.) user files on the server + Append in USER_HOME/.ssh/authorized_keys a record with following format: {|CertBlob} where: @@ -114,10 +116,11 @@ NOTES: - adjust user authorized_keys file ownership - user must have at least read access. -- SecSH x509v3 key type is "x509v3-sign-rsa" or "x509v3-sign-dss". -- When OpenSSH is build with "--disable-x509store" YOU CANNOT USE +- SecSH X.509 key type is "x509v3-sign-rsa" or "x509v3-sign-dss". +- When OpenSSH is build with "--disable-x509store" YOU CANNOT USE "Distinguished Name" format. You shold use ONLY "blob" format. + 2.) client settings: 2.1.) IdentityFile Depends from client. To use X.509 certificate "OpenSSH id-file" must @@ -128,24 +131,22 @@ 2.2.) global ssh_config, $HOME/.ssh/config or command line -2.2.1.) -AllowedCertPurpose sslserver - The intended use off the X.509 server certificate. +2.2.1.) AllowedCertPurpose sslserver + The intended use of the X.509 server certificate. -2.2.2.) "X509 store". Client use "x509 store" to verify server hostkey. - Check options: +2.2.2.) "X509 store". + Client use "X509 store" to verify and validate server hostkey. + See p. 1.1.2.) and check the options: - [User]CACertificatePath; - [User]CACertificateFile; - [User]CARevocationFile; - [User]CARevocationPath. - See p. 1.1.2.). Note: When we use own CA we must import CA certificate[s] to -"x509 store". More info on: +"X509 store". More info on: http://roumenpetrov.info/domino_CA/#dca2bundle -2.2.3.) -X509rsaSigType=md5 +2.2.3.) X509rsaSigType=md5 Temporary option. Specifies signature digest type for 'x509v3-sign-rsa' keys. The possible values are "md5" and "sha1". Use this option only in session with other SecSH servers with X.509 @@ -159,14 +160,21 @@ Note: ssh-agent use only md5 digest for X.509 certificates. -3.) test x509 certificates. +3.) test X.509 certificates. -3.1.) In openssh build dir run "make check". -If x509 test scripts fail edit file OPENSSH_SOURCE_PATH/tests/CA/config -or set some environment variables. -Output from make check is in color and when is redirected to file later -we can see content best with command "less -r ...". -When script run a test command print star '*' followed by simple +3.1.) In openssh build dir run "make check" or "make test". + Both commands are equivalent and run regression tests. + If you lake to test only X.509 certificates you can run +$ make check-certs + + If certificate test scripts fail might you should setup test +configuration in the file OPENSSH_SOURCE_PATH/tests/CA/config or +use some environment variables. Used variables are described +later in the document. + + Output from "make check-certs" is in color and when is redirected to +file later we can see content best with command "less -r ...". + When script run a test command print star '*' followed by simple information about command. When command succeed script print at right "done" in GREEN(!) otherwise "failed" in RED(!). After failed command script show on next lines in RED(!) response, skip execution of next @@ -175,8 +183,8 @@ Testing OpenSSH client with certificates finished. status: failed .... -Note that failed is in RED(!) and exit code is NONZERO(!). -Some command in a test script must fail. Part of "simple information" + Note that failed is in RED(!) and exit code is NONZERO(!). + Some command in a test script must fail. Part of "simple information" about command expected to fail is in RED(!). When command fail script print "done" (THIS IS CORRECT - COMMAND MUST FAIL) and on next lines print in GREEN(!) response. Usually this occur when server reject logon. @@ -185,15 +193,14 @@ Testing OpenSSH client with certificates finished. status: done .... -Note that "done" is in GREEN(!) and exit code is ZERO(!). - - + Note that "done" is in GREEN(!) and exit code is ZERO(!). 3.1.1.) Description of variables in Makefile file: - SHELL Used shell to run tests. Supported shell are bash, ksh, zsh and ash. + Script might run without porblems on standard unix sh. Example: - $ make check SHELL=/bin/zsh + $ make check-certs SHELL=/bin/zsh 3.1.2.) Description of variables in config file: @@ -248,28 +255,28 @@ (only in config) 3.1.3.) Sample commands to run tests: -$ OPENSSL=/usr/local/ssl/bin/openssl make check -$ SSHD_PORT=1122 SSH_X509TESTS="agent blob_auth" make check -$ RSA_DIGEST_LIST="md5 sha1" make check -$ make check SHELL=/bin/ksh +$ OPENSSL=/usr/local/ssl/bin/openssl make check-certs +$ SSHD_PORT=1122 SSH_X509TESTS="agent blob_auth" make check-certs +$ RSA_DIGEST_LIST="md5 sha1" make check-certs +$ make check-certs SHELL=/bin/ksh When check fail see "Troubleshooting" later in document. 3.2.) Current test scripts uses only rsa as server hostkey. - To test sshd with x509 certificate please find in file + To test sshd with X.509 certificate please find in file openssh_tests.sh variable TEST_SSHD_HOSTKEY and change it. Sample: TEST_SSH_HOSTKEY="${CWD}/testhostkey_rsa-rsa_md5" -3.3.) Test SecSH from "Microsoft Windows OSes". +3.3.) Test SecSH from "Microsoft Windows OS-es". This is not part of document. -Tips: use created after make check files: +Tips: use created after "make check-certs" files: - convert OPENSSH_BUILD_PATH/tests/CA/ca-test/crt/*crt.pem CA certificates from PEM to DER format and import in - "Windows keystore" -- import OPENSSH_BUILD_PATH/tests/CA/testid_*.p12 in - "Windows keystore" + "Windows keystore"; +- import OPENSSH_BUILD_PATH/tests/CA/testid_*.p12 files in + "Windows keystore"; - setup your client to use certificate[s](see SecSH client manuals). DON'T FORGET TO REMOVE entries from "Windows keystore" after test! @@ -279,42 +286,48 @@ 3.5.) files in OPENSSH_SOURCE_PATH/tests/CA directory: -config : configuration file +config: + Configuration file. + +shell.rc: + Shell settings. 1-cre_cadb.sh: - create "Test CA" directories and files. + Create "Test CA" directories and files. 2-cre_cakeys.sh: - create "Test CA" private keys and certificates. + Create "Test CA" private keys and certificates. 3-cre_certs.sh: - create client/server certificates. - this command create files with mask + Create client/server certificates. + This command create files with mask "PATH_TO_KEYFILEn-[.]" - , where is in format "rsa_" or "dsa". + , where is in format "rsa_" or "dsa". DIGEST are form variable "RSA_DIGEST_LIST" specified in "config" file. Files without extention are openssh identity or hostkey files. File with .pub extention contain openssh public key (BLOB format). File with .crt extention contain openssl "text output" for identity files. Files with .p12 extention are for "Microsoft Windows keystore". Note: .p12 = .pfx for Windows. +4-cre_crls.sh: + Revoke part of client certificates. verify.sh: - to check certificates against "Test CA". Note: check only + To check certificates against "Test CA". Note: check only testid_*.crt and testhostkey_*.crt files in current directory. functions: - common usefull functions + Common usefull functions. openssh_tests.sh: - main test script - call other testscripts. + Main test script - call other testscripts. test-blob_auth.sh.inc, test-dn_auth_file.sh.inc, test-dn_auth_path.sh.inc, test-agent.sh.inc, test-crl.sh.inc: - see DESCRIPTION in each file. + Test shell scripts. See DESCRIPTION in each file. Note that hostbased authentication we cannot test without to install. Generated testhostkey_* certificates are with sslserver and sslclient @@ -322,40 +335,80 @@ 4.) Troubleshooting -make check fails on: - -4.1.) "... 1-cre_cadb.sh: local: not found" -try other shell: [ENVSETTINGS] make check SHELL=/bin/ksh +"make check-certs" fails on: -4.2.) "generating a new ... private key for the TEST CA ..." +4.1.) "generating a new ... private key for the TEST CA ..." Usually this happen on system without /dev/{u}random. In file [BUILDDIR]/tests/CA/openssh_ca-2.log we can see a message: "... PRNG not seeded ...". Read again WARNING.RNG from OpenSSH sourcedir and/or http://www.openssl.org/support/faq.html -4.2.1.) reconfigure your system and/or openssl -4.2.2.) or do next -4.2.2.1.) install OpenSSH :-( otherwise later "make check" +4.1.1.) reconfigure your system and/or openssl +4.1.2.) or do next +4.1.2.1.) install OpenSSH :-( otherwise later "make check-certs" (ssh-keygen) fail with message: "couldn't exec '.../libexec/ssh-rand-helper': ..." and second ./ssh-rand-helper fail with message: "couldn't read entropy commands file ../ssh_prng_cmds: ..." Tip: configure OpenSSH with prefix for example $HOME/test -4.2.2.2.) run: +4.1.2.2.) run: ssh-rand-helper rm -f $HOME/.rnd ln -s .ssh/prng_seed $HOME/.rnd -4.2.2.3.) test openssl with command: +4.1.2.3.) test openssl with command: /usr/local/ssl/bin/openssl genrsa -des3 -passout pass:change_it Tip: before to create every key with OpenSSL run ssh-rand-helper ! -4.2.2.4.) run again "... make check ..." +4.1.2.4.) run again "... make check-certs ..." -4.3.) fail on first check: "* rsa_md5 valid blob failed" -Usually SUDO command is not set. See p. 3.1.2.1. +4.2.) fail on first check: "* rsa_md5 valid blob failed" +- Usually SUDO command is not set. See p. 3.1.2.1. +- When you build with tcpwrappers your hosts.allow must permit +connections from localhost, otherwise you can see in failed message +text like this: "... connection closed by remote host ..." + + +5.) FAQ + +Q.) How to convert a certificate from DER to PEM format? +A.) Run command "openssl x509 ..." with command line options +-inform/-outform - you can select one of formats: DER, NET or PEM. +The default is PEM. + +Q.) How to convert pfx to p12 file? +A.) Just change file extension ;-). + +Q.) How to use my p12 file in OpenSSH as identity? +A.) Run commands: +$ openssl pkcs12 -in FILE.p12 -clcerts > id_x509 +$ ssh-keygen -f id_x509 -y > id_x509.pub + Don't forget to set properly permition on file id_x509, as +example "chmod 600 id_x509". + Note name of identity file can be one of defaults: + 'id_rsa' or 'id_dsa'. + Configure client. + +Q.) How to use p12 file in OpenSSH as hostkey? +A.) Note that host keys are password less! + It is similar to client identity. + Remember umask settings. + Run as root commands: +# umask 0077 +# openssl pkcs12 -in FILE.p12 -clcerts > ssh_host_x509 + Note: you must enter export password! +# ssh-keygen -p -f ssh_host_x509 -N '' + Now hostkey file is password less ! +# ssh-keygen -f ssh_host_x509 -y > ssh_host_x509.pub + Restore umask settings. + Note name of hostkey file can be one of defaults: + 'ssh_host_dsa_key' or 'ssh_host_rsa_key'. + Configure server, test configuration with command +# sshd -t ..../sshd_config + and start/restart the server. Don't forget to inform users + that hostkey is changed! Enjoy ;-) diff -ruN openssh-3.7.1p2+x509g2/servconf.c openssh-3.7.1p2+x509g4/servconf.c --- openssh-3.7.1p2+x509g2/servconf.c 2003-09-25 09:06:01.000000000 +0300 +++ openssh-3.7.1p2+x509g4/servconf.c 2004-03-09 09:06:01.000000000 +0200 @@ -9,7 +9,7 @@ * called by a name other than "ssh" or "Secure Shell". * * X509 certificate support, - * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -970,11 +970,11 @@ } break; +#ifndef SSH_X509STORE_DISABLED case sCACertificateFile: case sCACertificatePath: case sCARevocationFile: case sCARevocationPath: -#ifndef SSH_X509STORE_DISABLED arg = strdelim(&cp); if (!arg || *arg == '\0') fatal("%s line %d: Missing argument.", filename, linenum); @@ -988,13 +988,10 @@ case sCARevocationPath: options->ca.revocation_path = xstrdup(arg); break; default: + break; } -#else /*def SSH_X509STORE_DISABLED*/ - logit("%s line %d: Unsupported option %s", - filename, linenum, arg); - for (; arg; arg = strdelim(&cp)); -#endif /*def SSH_X509STORE_DISABLED*/ break; +#endif /*ndef SSH_X509STORE_DISABLED*/ case sDeprecated: logit("%s line %d: Deprecated option %s", @@ -1003,6 +1000,12 @@ arg = strdelim(&cp); break; +#ifdef SSH_X509STORE_DISABLED + case sCACertificateFile: + case sCACertificatePath: + case sCARevocationFile: + case sCARevocationPath: +#endif /*def SSH_X509STORE_DISABLED*/ case sUnsupported: logit("%s line %d: Unsupported option %s", filename, linenum, arg); diff -ruN openssh-3.7.1p2+x509g2/ssh.0 openssh-3.7.1p2+x509g4/ssh.0 --- openssh-3.7.1p2+x509g2/ssh.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh.0 2004-03-09 09:06:00.000000000 +0200 @@ -92,15 +92,15 @@ The public key method is similar to RSA authentication described in the previous section and allows the RSA or DSA algorithm to be used: The client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, - which can contain a x509 certificate in addition to key to sign the ses- + which can contain a X.509 certificate in addition to key to sign the ses- sion identifier and sends the result to the server. The server checks whether the matching public key or certificate is listed in $HOME/.ssh/authorized_keys and grants access if both the key is found and - the signature is correct. In case with x509 certificate server perform - additional verification of that certificate through database with cer- - tificates and CRLs of certificate signers. The session identifier is - derived from a shared Diffie-Hellman value and is only known to the - client and the server. + the signature is correct. In case with X.509 certificate server perform + additional verification and validation of that certificate through + database with certificates and CRLs of certificate signers. The session + identifier is derived from a shared Diffie-Hellman value and is only + known to the client and the server. If public key authentication fails or is not available a password can be sent encrypted to the remote host for proving the user's identity. @@ -270,7 +270,7 @@ DSA authentication is read. The default is $HOME/.ssh/identity for protocol version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for protocol version 2. For protocol version 2 - is possible identity to contain in addition a x509 certificate. + is possible identity to contain in addition a X.509 certificate. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). @@ -475,14 +475,15 @@ FILES $HOME/.ssh/known_hosts - Records host keys for all hosts the user has logged into that are - not in /etc/ssh/ssh_known_hosts. See sshd(8). + Records host keys or certificates for all hosts the user has + logged into that are not in /etc/ssh/ssh_known_hosts. See + sshd(8). $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa Contains the authentication identity of the user. They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. It is possible protocol version 2 identity to contain identity - plus x509 certificate. These files contain sensitive data and + plus X.509 certificate. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). Note that ssh ignores a private key file if it is accessible by others. It is possible to specify a @@ -492,7 +493,7 @@ $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub Contains the public key for authentication (public part of the identity file in human-readable form). Note that protocol ver- - sion 2 while a identity contain private key and x509 certificate + sion 2 while a identity contain private key and X.509 certificate this file must contain that certificate. The contents of the $HOME/.ssh/identity.pub file should be added to $HOME/.ssh/authorized_keys on all machines where the user wishes @@ -500,7 +501,7 @@ tents of the $HOME/.ssh/id_dsa.pub and $HOME/.ssh/id_rsa.pub file should be added to $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using protocol version 2 DSA/RSA - authentication. In case with x509 certificates user can use + authentication. In case with X.509 certificates user can use ``new style''. Instead to add content of file to authorized_keys user can write certificate ``Distinguished Name''. See sshd(8) manual page. These files are not sensitive and can (but need @@ -521,17 +522,17 @@ for the user, and not accessible by others. /etc/ssh/ssh_known_hosts - Systemwide list of known host keys. This file should be prepared - by the system administrator to contain the public host keys of - all machines in the organization. This file should be world- - readable. This file contains public keys, one per line, in the - following format (fields separated by spaces): system name, pub- - lic key and optional comment field. When a x509 certificate is - used as host key instead of public key line contain certificate - (old style) or certificate ``Distinguished Name''. When differ- - ent names are used for the same machine, all such names should be - listed, separated by commas. The format is described on the - sshd(8) manual page. + Systemwide list of known host keys or certificates. This file + should be prepared by the system administrator to contain the + public host keys or certificates of all machines in the organiza- + tion. This file should be world-readable. This file contains + public keys, one per line, in the following format (fields sepa- + rated by spaces): system name, public key and optional comment + field. When a X.509 certificate is used as host key instead of + public key line contain certificate (old style) or certificate + ``Distinguished Name''. When different names are used for the + same machine, all such names should be listed, separated by com- + mas. The format is described on the sshd(8) manual page. The canonical system name (as returned by name servers) is used by sshd(8) to verify the client host when logging in; other names @@ -548,7 +549,7 @@ /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for RhostsRSAAuthentication and HostbasedAuthentication. - It is possible files to contain private part plus x509 certifi- + It is possible files to contain private part plus X.509 certifi- cate for protocol version 2 keys. If the protocol version 1 RhostsRSAAuthentication method is used, ssh must be setuid root, since the host key is readable only by root. For protocol ver- @@ -559,27 +560,29 @@ host key for hostbased authentication that certificate must have client purpose too or server configuration must permit connection without client purpose. For allowed client certificate purposes - see sshd_config(5). + see ssh_config(5). /etc/ssh/ca/ca-bundle.crt and /etc/ssh/ca/ca-bundle.crl - Part of systemwide ``X509 store''. The first file contain multi- - ple certificates and the second ``Certificate Revocation List'' + Part of systemwide ``X.509 store''. The first file contain mul- + tiple certificates and the second ``Certificate Revocation List'' (CRLs) of certificate signers in PEM format concatenated - together. Used in verification of server host key certificate. + together. Used in verification and validation of server host + certificate. /etc/ssh/ca/crt and /etc/ssh/ca/crl - Part of systemwide ``X509 store''. ``Hash dirs'' with certifi- + Part of systemwide ``X.509 store''. ``Hash dirs'' with certifi- cates, the first file or CLRs, the second of certificate signers. Each certificate should be stored in separate file with name [HASH].[NUMBER] or [HASH].r[NUMBER] for the CRL, where [HASH] is certificate or CRL hash value and [NUMBER] is an integer starting - from zero. Used in verification of server host key certificate. + from zero. Used in verification and validation of server host + certificate. ~/.ssh/ca/ca-bundle.crt and ~/.ssh/ca/ca-bundle.crl - Part of user ``X509 store''. Same as above systemwide files. + Part of user ``X.509 store''. Same as above systemwide files. ~/.ssh/ca/crt and ~/.ssh/ca/crl - Part of user ``X509 store''. Same as above systemwide directo- + Part of user ``X.509 store''. Same as above systemwide directo- ries. $HOME/.rhosts diff -ruN openssh-3.7.1p2+x509g2/ssh.1 openssh-3.7.1p2+x509g4/ssh.1 --- openssh-3.7.1p2+x509g2/ssh.1 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh.1 2004-03-09 09:06:00.000000000 +0200 @@ -227,15 +227,15 @@ .Pa $HOME/.ssh/id_dsa or .Pa $HOME/.ssh/id_rsa , -which can contain a x509 certificate in addition to key +which can contain a X.509 certificate in addition to key to sign the session identifier and sends the result to the server. The server checks whether the matching public key or certificate is listed in .Pa $HOME/.ssh/authorized_keys and grants access if both the key is found and the signature is correct. -In case with x509 certificate server perform additional verification of -that certificate through database with certificates and CRLs of certificate -signers. +In case with X.509 certificate server perform additional verification +and validation of that certificate through database with certificates +and CRLs of certificate signers. The session identifier is derived from a shared Diffie-Hellman value and is only known to the client and the server. .Pp @@ -488,7 +488,7 @@ .Pa $HOME/.ssh/id_dsa for protocol version 2. For protocol version 2 is possible identity to contain in addition -a x509 certificate. +a X.509 certificate. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple @@ -783,8 +783,8 @@ .Sh FILES .Bl -tag -width Ds .It Pa $HOME/.ssh/known_hosts -Records host keys for all hosts the user has logged into that are not -in +Records host keys or certificates for all hosts the user has logged +into that are not in .Pa /etc/ssh/ssh_known_hosts . See .Xr sshd 8 . @@ -792,7 +792,7 @@ Contains the authentication identity of the user. They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. It is possible protocol version 2 identity to contain identity plus -x509 certificate. +X.509 certificate. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). @@ -806,7 +806,7 @@ Contains the public key for authentication (public part of the identity file in human-readable form). Note that protocol version 2 while a identity contain private key and -x509 certificate this file must contain that certificate. +X.509 certificate this file must contain that certificate. The contents of the .Pa $HOME/.ssh/identity.pub file should be added to @@ -821,7 +821,7 @@ .Pa $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using protocol version 2 DSA/RSA authentication. -In case with x509 certificates user can use +In case with X.509 certificates user can use .Dq "new style" . Instead to add content of file to authorized_keys user can write certificate @@ -849,15 +849,15 @@ This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. .It Pa /etc/ssh/ssh_known_hosts -Systemwide list of known host keys. +Systemwide list of known host keys or certificates. This file should be prepared by the -system administrator to contain the public host keys of all machines in the -organization. +system administrator to contain the public host keys or certificates +of all machines in the organization. This file should be world-readable. This file contains public keys, one per line, in the following format (fields separated by spaces): system name, public key and optional comment field. -When a x509 certificate is used as host key instead of public key line +When a X.509 certificate is used as host key instead of public key line contain certificate (old style) or certificate .Dq "Distinguished Name" . When different names are used @@ -884,7 +884,7 @@ .Cm RhostsRSAAuthentication and .Cm HostbasedAuthentication . -It is possible files to contain private part plus x509 certificate for +It is possible files to contain private part plus X.509 certificate for protocol version 2 keys. If the protocol version 1 .Cm RhostsRSAAuthentication @@ -907,17 +907,17 @@ that certificate must have client purpose too or server configuration must permit connection without client purpose. For allowed client certificate purposes see -.Xr sshd_config 5 . +.Xr ssh_config 5 . .It Pa "/etc/ssh/ca/ca-bundle.crt" and "/etc/ssh/ca/ca-bundle.crl" Part of systemwide -.Dq "X509 store" . +.Dq "X.509 store" . The first file contain multiple certificates and the second .Dq "Certificate Revocation List" (CRLs) of certificate signers in PEM format concatenated together. -Used in verification of server host key certificate. +Used in verification and validation of server host certificate. .It Pa "/etc/ssh/ca/crt" and Pa "/etc/ssh/ca/crl" Part of systemwide -.Dq "X509 store" . +.Dq "X.509 store" . .Dq "Hash dirs" with certificates, the first file or CLRs, the second of certificate signers. @@ -925,14 +925,14 @@ [HASH].[NUMBER] or [HASH].r[NUMBER] for the CRL, where [HASH] is certificate or CRL hash value and [NUMBER] is an integer starting from zero. -Used in verification of server host key certificate. +Used in verification and validation of server host certificate. .It Pa "~/.ssh/ca/ca-bundle.crt" and "~/.ssh/ca/ca-bundle.crl" Part of user -.Dq "X509 store" . +.Dq "X.509 store" . Same as above systemwide files. .It Pa "~/.ssh/ca/crt" and Pa "~/.ssh/ca/crl" Part of user -.Dq "X509 store" . +.Dq "X.509 store" . Same as above systemwide directories. .It Pa $HOME/.rhosts This file is used in diff -ruN openssh-3.7.1p2+x509g2/ssh-add.0 openssh-3.7.1p2+x509g4/ssh-add.0 --- openssh-3.7.1p2+x509g2/ssh-add.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-add.0 2004-03-09 09:06:00.000000000 +0200 @@ -10,7 +10,8 @@ DESCRIPTION ssh-add adds RSA or DSA identities to the authentication agent, - ssh-agent(1). When run without arguments, it adds the files + ssh-agent(1). It is possible identity to contain in addition correspond- + ing X.509 certificate. When run without arguments, it adds the files $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. Alterna- tive file names can be given on the command line. If any file requires a passphrase, ssh-add asks for the passphrase from the user. The @@ -25,8 +26,8 @@ -l Lists fingerprints of all identities currently represented by the agent. - -L Lists public key parameters of all identities currently repre- - sented by the agent. + -L Lists public key or certificate parameters of all identities cur- + rently represented by the agent. -d Instead of adding the identity, removes the identity from the agent. @@ -76,12 +77,12 @@ $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of - the user. It is possible to contain identity plus x509 certifi- + the user. It is possible to contain identity plus X.509 certifi- cate. $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of - the user. It is possible to contain identity plus x509 certifi- + the user. It is possible to contain identity plus X.509 certifi- cate. Identity files should not be readable by anyone but the user. Note that @@ -99,7 +100,7 @@ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. Roumen Petrov contributed support for x509 cer- + versions 1.5 and 2.0. Roumen Petrov contributed support for X.509 cer- tificates. BSD September 25, 1999 BSD diff -ruN openssh-3.7.1p2+x509g2/ssh-add.1 openssh-3.7.1p2+x509g4/ssh-add.1 --- openssh-3.7.1p2+x509g2/ssh-add.1 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-add.1 2004-03-09 09:06:00.000000000 +0200 @@ -57,6 +57,8 @@ .Nm adds RSA or DSA identities to the authentication agent, .Xr ssh-agent 1 . +It is possible identity to contain in addition +corresponding X.509 certificate. When run without arguments, it adds the files .Pa $HOME/.ssh/id_rsa , .Pa $HOME/.ssh/id_dsa @@ -80,7 +82,8 @@ .It Fl l Lists fingerprints of all identities currently represented by the agent. .It Fl L -Lists public key parameters of all identities currently represented by the agent. +Lists public key or certificate parameters of +all identities currently represented by the agent. .It Fl d Instead of adding the identity, removes the identity from the agent. .It Fl D @@ -145,10 +148,10 @@ Contains the protocol version 1 RSA authentication identity of the user. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. -It is possible to contain identity plus x509 certificate. +It is possible to contain identity plus X.509 certificate. .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -It is possible to contain identity plus x509 certificate. +It is possible to contain identity plus X.509 certificate. .El .Pp Identity files should not be readable by anyone but the user. @@ -174,4 +177,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -Roumen Petrov contributed support for x509 certificates. +Roumen Petrov contributed support for X.509 certificates. diff -ruN openssh-3.7.1p2+x509g2/ssh-agent.0 openssh-3.7.1p2+x509g4/ssh-agent.0 --- openssh-3.7.1p2+x509g2/ssh-agent.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-agent.0 2004-03-09 09:06:00.000000000 +0200 @@ -9,7 +9,8 @@ DESCRIPTION ssh-agent is a program to hold private keys used for public key authenti- - cation (RSA, DSA). The idea is that ssh-agent is started in the begin- + cation (RSA, DSA). It is possible to contain in addition corresponding + X.509 certificate. The idea is that ssh-agent is started in the begin- ning of an X-session or a login session, and all other windows or pro- grams are started as clients to the ssh-agent program. Through use of environment variables the agent can be located and automatically used for @@ -48,10 +49,10 @@ $HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. If the identity has a passphrase, ssh-add(1) asks for the passphrase (using a small X11 application if running under X11, or from the terminal if run- - ning without X). It then sends the identity to the agent. Several iden- - tities can be stored in the agent; the agent can automatically use any of - these identities. ssh-add -l displays the identities currently held by - the agent. + ning without X). It then sends the identity to the agent. Identity can + contain in addition a X.509 certificate. Several identities can be + stored in the agent; the agent can automatically use any of these identi- + ties. ssh-add -l displays the identities currently held by the agent. The idea is that the agent is run in the user's local PC, laptop, or ter- minal. Authentication data need not be stored on any other machine, and diff -ruN openssh-3.7.1p2+x509g2/ssh-agent.1 openssh-3.7.1p2+x509g4/ssh-agent.1 --- openssh-3.7.1p2+x509g2/ssh-agent.1 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-agent.1 2004-03-09 09:06:00.000000000 +0200 @@ -55,6 +55,7 @@ .Nm is a program to hold private keys used for public key authentication (RSA, DSA). +It is possible to contain in addition corresponding X.509 certificate. The idea is that .Nm is started in the beginning of an X-session or a login session, and @@ -121,6 +122,7 @@ asks for the passphrase (using a small X11 application if running under X11, or from the terminal if running without X). It then sends the identity to the agent. +Identity can contain in addition a X.509 certificate. Several identities can be stored in the agent; the agent can automatically use any of these identities. .Ic ssh-add -l diff -ruN openssh-3.7.1p2+x509g2/ssh_config.0 openssh-3.7.1p2+x509g4/ssh_config.0 --- openssh-3.7.1p2+x509g2/ssh_config.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh_config.0 2004-03-09 09:06:00.000000000 +0200 @@ -54,10 +54,9 @@ The intended use for the X509 server certificate. Without this option no chain verification will be done. Currently accepted uses are case insensitive: - - `sslserver' , `SSL server' , `SSL_server' or `server' - - `any' , `Any Purpose' , `Any_Purpose' or `AnyPurpose' - - `skip' or `' (empty): do not check purpose. - + o `sslserver' , `SSL server' , `SSL_server' or `server' ; + o `any' , `Any Purpose' , `Any_Purpose' or `AnyPurpose' ; + o `skip' or `' (empty): do not check purpose. The default is ``sslserver''. BatchMode @@ -74,25 +73,25 @@ CACertificateFile This file contain multiple certificates of certificate signers in PEM format concatenated together. The default is - /etc/ssh/ca/ca-bundle.crt + /etc/ssh/ca/ca-bundle.crt. CACertificatePath ``Hash dir'' with certificates of certificate signers. Each cer- tificate should be stored in separate file with name [HASH].[NUM- BER], where [HASH] is certificate hash value and [NUMBER] is an - integer starting from zero. The default is /etc/ssh/ca/crt + integer starting from zero. The default is /etc/ssh/ca/crt. CARevocationFile This file contain multiple ``Certificate Revocation List'' (CRL) of certificate signers in PEM format concatenated together. The - default is /etc/ssh/ca/ca-bundle.crl + default is /etc/ssh/ca/ca-bundle.crl. CARevocationPath ``Hash dir'' with ``Certificate Revocation List'' (CRL) of cer- tificate signers. Each CRL should be stored in separate file with name [HASH].r[NUMBER], where [HASH] is CRL hash value and [NUM- BER] is an integer starting from zero. The default is - /etc/ssh/ca/crl + /etc/ssh/ca/crl. ChallengeResponseAuthentication Specifies whether to use challenge response authentication. The @@ -253,7 +252,7 @@ identity is read. The default is $HOME/.ssh/identity for proto- col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for protocol version 2. For version 2 is possible identity file to - contain key plus x509 certificate. Additionally, any identities + contain key plus X.509 certificate. Additionally, any identities represented by the authentication agent will be used for authen- tication. The file name may use the tilde syntax to refer to a user's home directory. It is possible to have multiple identity @@ -407,16 +406,16 @@ mand line. UserCACertificateFile - User CACertificateFile , the default is ~/.ssh/ca-bundle.crt + User CACertificateFile , the default is ~/.ssh/ca-bundle.crt. UserCACertificatePath - User CACertificatePath , the default is ~/.ssh/crt + User CACertificatePath , the default is ~/.ssh/crt. UserCARevocationFile - User CARevocationFile , the default is ~/.ssh/ca-bundle.crl + User CARevocationFile , the default is ~/.ssh/ca-bundle.crl. UserCARevocationPath - User CARevocationPath , the default is ~/.ssh/crl + User CARevocationPath , the default is ~/.ssh/crl. UserKnownHostsFile Specifies a file to use for the user host key database instead of @@ -433,7 +432,7 @@ X509rsaSigType Temporary option. Specifies signature digest type for - `x509v3-sign-rsa keys'. The possible values are ``md5'' and + `x509v3-sign-rsa' identities. The possible values are ``md5'' and ``sha1''. Use this option only in session with other SecSH servers with X.509 certificates as identity or host key. The default is ``md5''. @@ -460,7 +459,7 @@ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. Roumen Petrov contributed support for x509 cer- + versions 1.5 and 2.0. Roumen Petrov contributed support for X.509 cer- tificates. BSD September 25, 1999 BSD diff -ruN openssh-3.7.1p2+x509g2/ssh_config.5 openssh-3.7.1p2+x509g4/ssh_config.5 --- openssh-3.7.1p2+x509g2/ssh_config.5 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh_config.5 2004-03-09 09:06:00.000000000 +0200 @@ -128,7 +128,8 @@ The intended use for the X509 server certificate. Without this option no chain verification will be done. Currently accepted uses are case insensitive: - - +.Bl -bullet -compact +.It .Sq sslserver , .Sq SSL server @@ -136,7 +137,8 @@ .Sq SSL_server or .Sq server - - +; +.It .Sq any , .Sq Any Purpose @@ -144,13 +146,14 @@ .Sq Any_Purpose or .Sq AnyPurpose - - +; +.It .Sq skip or .Sq .. (empty): do not check purpose. -.Pp +.El The default is .Dq sslserver . .It Cm BatchMode @@ -176,7 +179,7 @@ .It Cm CACertificateFile This file contain multiple certificates of certificate signers in PEM format concatenated together. The default is -.Pa /etc/ssh/ca/ca-bundle.crt +.Pa /etc/ssh/ca/ca-bundle.crt . .Pp .It Cm CACertificatePath .Dq "Hash dir" @@ -184,14 +187,14 @@ stored in separate file with name [HASH].[NUMBER], where [HASH] is certificate hash value and [NUMBER] is an integer starting from zero. The default is -.Pa /etc/ssh/ca/crt +.Pa /etc/ssh/ca/crt . .Pp .It Cm CARevocationFile This file contain multiple .Dq "Certificate Revocation List" (CRL) of certificate signers in PEM format concatenated together. The default is -.Pa /etc/ssh/ca/ca-bundle.crl +.Pa /etc/ssh/ca/ca-bundle.crl . .Pp .It Cm CARevocationPath .Dq "Hash dir" @@ -200,7 +203,7 @@ (CRL) of certificate signers. Each CRL should be stored in separate file with name [HASH].r[NUMBER], where [HASH] is CRL hash value and [NUMBER] is an integer starting from zero. The default is -.Pa /etc/ssh/ca/crl +.Pa /etc/ssh/ca/crl . .It Cm ChallengeResponseAuthentication Specifies whether to use challenge response authentication. The argument to this keyword must be @@ -442,7 +445,7 @@ and .Pa $HOME/.ssh/id_dsa for protocol version 2. -For version 2 is possible identity file to contain key plus x509 certificate. +For version 2 is possible identity file to contain key plus X.509 certificate. Additionally, any identities represented by the authentication agent will be used for authentication. The file name may use the tilde @@ -682,25 +685,25 @@ User .Cm CACertificateFile , the default is -.Pa ~/.ssh/ca-bundle.crt +.Pa ~/.ssh/ca-bundle.crt . .Pp .It Cm UserCACertificatePath User .Cm CACertificatePath , the default is -.Pa ~/.ssh/crt +.Pa ~/.ssh/crt . .Pp .It Cm UserCARevocationFile User .Cm CARevocationFile , the default is -.Pa ~/.ssh/ca-bundle.crl +.Pa ~/.ssh/ca-bundle.crl . .Pp .It Cm UserCARevocationPath User .Cm CARevocationPath , the default is -.Pa ~/.ssh/crl +.Pa ~/.ssh/crl . .It Cm UserKnownHostsFile Specifies a file to use for the user host key database instead of @@ -720,8 +723,8 @@ .It Cm X509rsaSigType Temporary option. Specifies signature digest type for -.Sq x509v3-sign-rsa keys . -The possible values are +.Sq x509v3-sign-rsa +identities. The possible values are .Dq md5 and .Dq sha1 . @@ -759,4 +762,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -Roumen Petrov contributed support for x509 certificates. +Roumen Petrov contributed support for X.509 certificates. diff -ruN openssh-3.7.1p2+x509g2/sshconnect.c openssh-3.7.1p2+x509g4/sshconnect.c --- openssh-3.7.1p2+x509g2/sshconnect.c 2003-09-25 09:06:01.000000000 +0300 +++ openssh-3.7.1p2+x509g4/sshconnect.c 2004-03-09 09:06:01.000000000 +0200 @@ -45,8 +45,8 @@ char *server_version_string = NULL; /* rumen-XXX: X.509 RSASIG check */ -extern void (*plogx509rsasig)(char *msg); -static void logx509rsasig(char *msg) { +extern void (*plogx509rsasig)(const char *msg); +static void logx509rsasig(const char *msg) { logit("%.400s: server=%.200s (client=%.200s)", msg, (server_version_string ? server_version_string : "undefined"), diff -ruN openssh-3.7.1p2+x509g2/sshd.0 openssh-3.7.1p2+x509g4/sshd.0 --- openssh-3.7.1p2+x509g2/sshd.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/sshd.0 2004-03-09 09:06:00.000000000 +0200 @@ -63,7 +63,7 @@ Version 2 works similarly: Each host has a host-specific key (RSA or DSA) used to identify the host. It is possible host key to contain key plus - x509 certificate. However, when the daemon starts, it does not generate + X.509 certificate. However, when the daemon starts, it does not generate a server key. Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. @@ -139,7 +139,7 @@ tocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. It is possible host key for protocol version 2 to contain key plus - x509 certificate. + X.509 certificate. -i Specifies that sshd is being run from inetd(8). sshd is normally not run from inetd because it needs to generate the server key @@ -236,9 +236,9 @@ $HOME/.ssh/authorized_keys is the default file that lists the public keys that are permitted for RSA authentication in protocol version 1 and for public key authentication (PubkeyAuthentication) in protocol version 2. - It is posible for protocol version 2 to contain x509 certificate or cer- - tificate ``Distinguished Name''. AuthorizedKeysFile may be used to spec- - ify an alternative file. + It is posible for protocol version 2 to contain X.509 certificates or + certificates ``Distinguished Name''. AuthorizedKeysFile may be used to + specify an alternative file. Each line of the file contains one key (empty lines and lines starting with a `#' are ignored as comments). Each RSA public key consists of the @@ -250,15 +250,16 @@ ulus and comment fields give the RSA key for protocol version 1; the com- ment field is not used for anything (but may be convenient for the user to identify the key). For protocol version 2 the keytype is ``ssh-dss'' - or ``ssh-rsa''. In addition for protocol version 2 user can use x509 + or ``ssh-rsa''. In addition for protocol version 2 user can use X.509 certificates. In that case keytype is ``x509v3-sign-rsa'' or ``x509v3-sign-dss''. Instead of ``base64 encoded key'' line must contain base64 encoded certicate (old style) or a keyword (new style), optional - followed by symbol equal `=' or colon , zero or more spaces and certifi- - cate ``Distinguished Name'' (Subject). Keyword is case insensitive and - can be one of `Subject' , `Distinguished Name' , `Distinguished-Name' , - `Distinguished_Name' , `DistinguishedName' or `DN'. Separator of Subject - items can be slash `/' , comma or mixed and order is not important. + followed by symbol `=' (equal) or `:' (colon), zero or more spaces and + certificate ``Distinguished Name'' (Subject). Keyword is case insensitive + and can be one of `Subject' , `Distinguished Name' , `Distinguished-Name' + , `Distinguished_Name' , `DistinguishedName' or `DN'. Separator of Sub- + ject items can be `/' (slash), `,' (comma) or mixed and order is not + important. Note that lines in this file are usually several hundred bytes long (because of the size of the public key encoding). You don't want to type @@ -348,11 +349,11 @@ SSH_KNOWN_HOSTS FILE FORMAT The /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts files contain - host public keys, certificates (old style) or certificate ``Distinguished - Name'' for all known hosts. The global file should be prepared by the - administrator (optional), and the per-user file is maintained automati- - cally: whenever the user connects from an unknown host its key is added - to the per-user file. + host public keys, certificates (old style) or certificates + ``Distinguished Name'' for all known hosts. The global file should be + prepared by the administrator (optional), and the per-user file is main- + tained automatically: whenever the user connects from an unknown host its + key is added to the per-user file. Each line in these files contains the following fields: hostnames, bits, exponent, modulus, comment. The fields are separated by spaces. @@ -397,7 +398,7 @@ /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. It - is possible to contain private part plus x509 certificate for + is possible to contain private part plus X.509 certificate for protocol version 2 keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that sshd does not start if this file is group/world-accessible. @@ -431,7 +432,7 @@ able. $HOME/.ssh/authorized_keys - Lists the public keys (RSA or DSA), certificates or certificate + Lists the public keys (RSA or DSA), certificates or certificates ``Distinguished Names'' (recommendet) that can be used to log into the user's account. This file must be readable by root (which may on some machines imply it being world-readable if the @@ -454,16 +455,16 @@ /etc/ssh/ca/ca-bundle.crt and /etc/ssh/ca/ca-bundle.crl The first file contain multiple certificates and the second ``Certificate Revocation List'' (CRLs) of certificate signers in - PEM format concatenated together. Used to verify client certifi- - cate. + PEM format concatenated together. Used to verify and validate + client certificate. /etc/ssh/ca/crt and /etc/ssh/ca/crl ``Hash dirs'' with certificates, the first directory or CLRs, the second of certificate signers. Each certificate should be stored in separate file with name [HASH].[NUMBER] or [HASH].r[NUMBER] for the CRL, where [HASH] is certificate or CRL hash value and - [NUMBER] is an integer starting from zero. Used to verify client - certificate. + [NUMBER] is an integer starting from zero. Used to verify and + validate client certificate. /etc/nologin If this file exists, sshd refuses to let anyone except root log @@ -587,7 +588,7 @@ de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support - for privilege separation. Roumen Petrov contributed support for x509 + for privilege separation. Roumen Petrov contributed support for X.509 certificates. BSD September 25, 1999 BSD diff -ruN openssh-3.7.1p2+x509g2/sshd.8 openssh-3.7.1p2+x509g4/sshd.8 --- openssh-3.7.1p2+x509g2/sshd.8 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/sshd.8 2004-03-09 09:06:00.000000000 +0200 @@ -156,7 +156,7 @@ .Pp Version 2 works similarly: Each host has a host-specific key (RSA or DSA) used to identify the host. -It is possible host key to contain key plus x509 certificate. +It is possible host key to contain key plus X.509 certificate. However, when the daemon starts, it does not generate a server key. Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. @@ -251,7 +251,7 @@ for protocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. -It is possible host key for protocol version 2 to contain key plus x509 +It is possible host key for protocol version 2 to contain key plus X.509 certificate. .It Fl i Specifies that @@ -408,8 +408,8 @@ permitted for RSA authentication in protocol version 1 and for public key authentication (PubkeyAuthentication) in protocol version 2. -It is posible for protocol version 2 to contain x509 certificate -or certificate +It is posible for protocol version 2 to contain X.509 certificates +or certificates .Dq "Distinguished Name" . .Cm AuthorizedKeysFile may be used to specify an alternative file. @@ -434,7 +434,7 @@ .Dq ssh-dss or .Dq ssh-rsa . -In addition for protocol version 2 user can use x509 certificates. +In addition for protocol version 2 user can use X.509 certificates. In that case keytype is .Dq x509v3-sign-rsa or @@ -442,14 +442,11 @@ Instead of .Dq "base64 encoded key" line must contain base64 encoded certicate (old style) or -a keyword (new style), optional followed by symbol equal +a keyword (new style), optional followed by symbol .Sq = -or colon -.\" .roumen:howto quote colon ? -.\" .Sq : work only in man2html -.\" .Sq \N'58' work only in GNU nroff -.\" -, zero or more spaces and certificate +(equal) or +.Sq \&: +(colon), zero or more spaces and certificate .Dq "Distinguished Name" (Subject). Keyword is case insensitive and can be one of .Sq Subject @@ -463,9 +460,11 @@ .Sq DistinguishedName or .Sq DN . -Separator of Subject items can be slash +Separator of Subject items can be .Sq / -, comma or mixed and order is not important. +(slash), +.Sq \&, +(comma) or mixed and order is not important. .Pp Note that lines in this file are usually several hundred bytes long (because of the size of the public key encoding). @@ -571,13 +570,13 @@ .Pp permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 .Pp -x509v3-sign-dss subject= /C=XX/ST=World/O=OpenSSH Test Team.\|.\|.\| +x509v3-sign-dss subject= /C=XX/ST=World/O=OpenSSH Test Team... .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh/ssh_known_hosts and .Pa $HOME/.ssh/known_hosts -files contain host public keys, certificates (old style) or certificate +files contain host public keys, certificates (old style) or certificates .Dq "Distinguished Name" for all known hosts. The global file should @@ -644,7 +643,7 @@ .Xr sshd_config 5 . .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. -It is possible to contain private part plus x509 certificate for +It is possible to contain private part plus X.509 certificate for protocol version 2 keys. These files should only be owned by root, readable only by root, and not accessible to others. @@ -682,7 +681,7 @@ started last). The content of this file is not sensitive; it can be world-readable. .It Pa $HOME/.ssh/authorized_keys -Lists the public keys (RSA or DSA), certificates or certificate +Lists the public keys (RSA or DSA), certificates or certificates .Dq "Distinguished Names" (recommendet) that can be used to log into the user's account. @@ -714,7 +713,7 @@ The first file contain multiple certificates and the second .Dq "Certificate Revocation List" (CRLs) of certificate signers in PEM format concatenated together. -Used to verify client certificate. +Used to verify and validate client certificate. .It Pa "/etc/ssh/ca/crt" and Pa "/etc/ssh/ca/crl" .Dq "Hash dirs" with certificates, the first directory or CLRs, the second of @@ -723,7 +722,7 @@ [HASH].[NUMBER] or [HASH].r[NUMBER] for the CRL, where [HASH] is certificate or CRL hash value and [NUMBER] is an integer starting from zero. -Used to verify client certificate. +Used to verify and validate client certificate. .It Pa /etc/nologin If this file exists, .Nm @@ -900,4 +899,4 @@ protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -Roumen Petrov contributed support for x509 certificates. +Roumen Petrov contributed support for X.509 certificates. diff -ruN openssh-3.7.1p2+x509g2/sshd.c openssh-3.7.1p2+x509g4/sshd.c --- openssh-3.7.1p2+x509g2/sshd.c 2003-09-25 09:06:01.000000000 +0300 +++ openssh-3.7.1p2+x509g4/sshd.c 2004-03-09 09:06:01.000000000 +0200 @@ -157,8 +157,8 @@ char *server_version_string = NULL; /* rumen-XXX: X.509 RSASIG check */ -extern void (*plogx509rsasig)(char *msg); -static void logx509rsasig(char *msg) { +extern void (*plogx509rsasig)(const char *msg); +static void logx509rsasig(const char *msg) { logit("%.400s: client=%.200s (server=%.200s)", msg, (client_version_string ? client_version_string : "undefined"), diff -ruN openssh-3.7.1p2+x509g2/sshd_config.0 openssh-3.7.1p2+x509g4/sshd_config.0 --- openssh-3.7.1p2+x509g2/sshd_config.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/sshd_config.0 2004-03-09 09:06:00.000000000 +0200 @@ -19,9 +19,9 @@ The intended use for the X509 client certificate. Without this option no chain verification will be done. Currently accepted uses are case insensitive: - - `sslclient' , `SSL client' , `SSL_client' or `client' - - `any' , `Any Purpose' , `Any_Purpose' or `AnyPurpose' - - `skip' or `' (empty): do not check purpose. + o `sslclient' , `SSL client' , `SSL_client' or `client' ; + o `any' , `Any Purpose' , `Any_Purpose' or `AnyPurpose' ; + o `skip' or `' (empty): do not check purpose. The default is ``sslclient''. @@ -69,25 +69,25 @@ CACertificateFile This file contain multiple certificates of certificate signers in PEM format concatenated together. The default is - /etc/ssh/ca/ca-bundle.crt + /etc/ssh/ca/ca-bundle.crt. CACertificatePath ``Hash dir'' with certificates of certificate signers. Each cer- tificate should be stored in separate file with name [HASH].[NUM- BER], where [HASH] is certificate hash value and [NUMBER] is an - integer starting from zero. The default is /etc/ssh/ca/crt + integer starting from zero. The default is /etc/ssh/ca/crt. CARevocationFile This file contain multiple ``Certificate Revocation List'' (CRL) of certificate signers in PEM format concatenated together. The - default is /etc/ssh/ca/ca-bundle.crl + default is /etc/ssh/ca/ca-bundle.crl. CARevocationPath ``Hash dir'' with ``Certificate Revocation List'' (CRL) of cer- tificate signers. Each CRL should be stored in separate file with name [HASH].r[NUMBER], where [HASH] is CRL hash value and [NUM- BER] is an integer starting from zero. The default is - /etc/ssh/ca/crl + /etc/ssh/ca/crl. ChallengeResponseAuthentication Specifies whether challenge response authentication is allowed. @@ -182,7 +182,7 @@ is group/world-accessible. It is possible to have multiple host key files. ``rsa1'' keys are used for version 1 and ``dsa'' or ``rsa'' are used for version 2 of the SSH protocol. It is possi- - ble host key to contain key plus x509 certificate for version 2. + ble host key to contain key plus X.509 certificate for version 2. IgnoreRhosts Specifies that .rhosts and .shosts files will not be used in @@ -501,7 +501,7 @@ de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support - for privilege separation. Roumen Petrov contributed support for x509 + for privilege separation. Roumen Petrov contributed support for X.509 certificates. BSD September 25, 1999 BSD diff -ruN openssh-3.7.1p2+x509g2/sshd_config.5 openssh-3.7.1p2+x509g4/sshd_config.5 --- openssh-3.7.1p2+x509g2/sshd_config.5 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/sshd_config.5 2004-03-09 09:06:00.000000000 +0200 @@ -66,7 +66,8 @@ The intended use for the X509 client certificate. Without this option no chain verification will be done. Currently accepted uses are case insensitive: - - +.Bl -bullet -compact +.It .Sq sslclient , .Sq SSL client @@ -74,7 +75,8 @@ .Sq SSL_client or .Sq client - - +; +.It .Sq any , .Sq Any Purpose @@ -82,12 +84,14 @@ .Sq Any_Purpose or .Sq AnyPurpose - - +; +.It .Sq skip or .Sq .. (empty): do not check purpose. +.El .Pp The default is .Dq sslclient . @@ -155,7 +159,7 @@ .It Cm CACertificateFile This file contain multiple certificates of certificate signers in PEM format concatenated together. The default is -.Pa /etc/ssh/ca/ca-bundle.crt +.Pa /etc/ssh/ca/ca-bundle.crt . .Pp .It Cm CACertificatePath .Dq "Hash dir" @@ -163,14 +167,14 @@ stored in separate file with name [HASH].[NUMBER], where [HASH] is certificate hash value and [NUMBER] is an integer starting from zero. The default is -.Pa /etc/ssh/ca/crt +.Pa /etc/ssh/ca/crt . .Pp .It Cm CARevocationFile This file contain multiple .Dq "Certificate Revocation List" (CRL) of certificate signers in PEM format concatenated together. The default is -.Pa /etc/ssh/ca/ca-bundle.crl +.Pa /etc/ssh/ca/ca-bundle.crl . .Pp .It Cm CARevocationPath .Dq "Hash dir" @@ -179,7 +183,7 @@ (CRL) of certificate signers. Each CRL should be stored in separate file with name [HASH].r[NUMBER], where [HASH] is CRL hash value and [NUMBER] is an integer starting from zero. The default is -.Pa /etc/ssh/ca/crl +.Pa /etc/ssh/ca/crl . .Pp .It Cm ChallengeResponseAuthentication Specifies whether challenge response authentication is allowed. @@ -325,7 +329,7 @@ or .Dq rsa are used for version 2 of the SSH protocol. -It is possible host key to contain key plus x509 certificate +It is possible host key to contain key plus X.509 certificate for version 2. .It Cm IgnoreRhosts Specifies that @@ -844,4 +848,4 @@ protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -Roumen Petrov contributed support for x509 certificates. +Roumen Petrov contributed support for X.509 certificates. diff -ruN openssh-3.7.1p2+x509g2/ssh-keygen.0 openssh-3.7.1p2+x509g4/ssh-keygen.0 --- openssh-3.7.1p2+x509g2/ssh-keygen.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-keygen.0 2004-03-09 09:06:00.000000000 +0200 @@ -95,6 +95,8 @@ -l Show fingerprint of specified public key file. Private RSA1 keys are also supported. For RSA and DSA keys ssh-keygen tries to find the matching public key file and prints its fingerprint. + When identity contain X.509 certificate its prints certificate + fingerprint. -p Requests changing the passphrase of a private key file instead of creating a new private key. The program will prompt for the file @@ -204,7 +206,7 @@ $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of - the user. It is possible to contain identity plus x509 certifi- + the user. It is possible to contain identity plus X.509 certifi- cate. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this @@ -218,16 +220,16 @@ $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. When file - $HOME/.ssh/id_dsa contain DSA identity plus X509 certificate this - file must contain user certificate! Use ssh-keygen(1) with option - -y to regenerate its content. Note in case with X509 certificate - you can append content to $HOME/.ssh/authorized_keys or to add - certificate ``Distinguished Name'' / ``Subject'' in corresponding - format to ``authorized keys'' file. See sshd(8). + $HOME/.ssh/id_dsa contain DSA identity plus X.509 certificate + this file must contain that certificate! Use ssh-keygen with + option -y to regenerate its content. Note in case with X.509 + certificate you can append content to $HOME/.ssh/authorized_keys + or to add certificate ``Distinguished Name'' / ``Subject'' in + corresponding format to ``authorized keys'' file. See sshd(8). $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of - the user. It is possible to contain identity plus x509 certifi- + the user. It is possible to contain identity plus X.509 certifi- cate. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this @@ -241,12 +243,12 @@ $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. When file - $HOME/.ssh/id_rsa contain RSA identity plus X509 certificate this - file must contain user certificate! Use ssh-keygen(1) with option - -y to regenerate its content. Note in case with X509 certificate - you can append content to $HOME/.ssh/authorized_keys or to add - certificate ``Distinguished Name'' / ``Subject'' in corresponding - format to ``authorized keys'' file. See sshd(8). + $HOME/.ssh/id_rsa contain RSA identity plus X.509 certificate + this file must contain that certificate! Use ssh-keygen with + option -y to regenerate its content. Note in case with X.509 + certificate you can append content to $HOME/.ssh/authorized_keys + or to add certificate ``Distinguished Name'' / ``Subject'' in + corresponding format to ``authorized keys'' file. See sshd(8). /etc/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format diff -ruN openssh-3.7.1p2+x509g2/ssh-keygen.1 openssh-3.7.1p2+x509g4/ssh-keygen.1 --- openssh-3.7.1p2+x509g2/ssh-keygen.1 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-keygen.1 2004-03-09 09:06:00.000000000 +0200 @@ -209,6 +209,7 @@ For RSA and DSA keys .Nm tries to find the matching public key file and prints its fingerprint. +When identity contain X.509 certificate its prints certificate fingerprint. .It Fl p Requests changing the passphrase of a private key file instead of creating a new private key. @@ -344,7 +345,7 @@ There is no need to keep the contents of this file secret. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. -It is possible to contain identity plus x509 certificate. +It is possible to contain identity plus X.509 certificate. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -363,11 +364,11 @@ There is no need to keep the contents of this file secret. When file .Pa $HOME/.ssh/id_dsa -contain DSA identity plus X509 certificate this file must contain -user certificate! Use -.Xr ssh-keygen 1 +contain DSA identity plus X.509 certificate this file must contain +that certificate! Use +.Nm with option -y to regenerate its content. -Note in case with X509 certificate you can append content to +Note in case with X.509 certificate you can append content to .Pa $HOME/.ssh/authorized_keys or to add certificate .Dq Distinguished Name @@ -379,7 +380,7 @@ .Xr sshd 8 . .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. -It is possible to contain identity plus x509 certificate. +It is possible to contain identity plus X.509 certificate. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -398,11 +399,11 @@ There is no need to keep the contents of this file secret. When file .Pa $HOME/.ssh/id_rsa -contain RSA identity plus X509 certificate this file must contain -user certificate! Use -.Xr ssh-keygen 1 +contain RSA identity plus X.509 certificate this file must contain +that certificate! Use +.Nm with option -y to regenerate its content. -Note in case with X509 certificate you can append content to +Note in case with X.509 certificate you can append content to .Pa $HOME/.ssh/authorized_keys or to add certificate .Dq Distinguished Name diff -ruN openssh-3.7.1p2+x509g2/ssh-keyscan.0 openssh-3.7.1p2+x509g4/ssh-keyscan.0 --- openssh-3.7.1p2+x509g2/ssh-keyscan.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-keyscan.0 2004-03-09 09:06:00.000000000 +0200 @@ -74,7 +74,7 @@ Where keytype is either ``ssh-rsa'' or ``ssh-dss''. - Output format for rsa and dsa keys with x509 certificates: + Output format for rsa and dsa keys with X.509 certificates: host-or-namelist keytype distinguished-name @@ -99,7 +99,7 @@ AUTHORS David Mazieres wrote the initial version, and Wayne Davison added support for protocol - version 2. Roumen Petrov contributed support for x509 certificates. + version 2. Roumen Petrov contributed support for X.509 certificates. BUGS It generates "Connection closed by remote host" messages on the consoles diff -ruN openssh-3.7.1p2+x509g2/ssh-keyscan.1 openssh-3.7.1p2+x509g4/ssh-keyscan.1 --- openssh-3.7.1p2+x509g2/ssh-keyscan.1 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-keyscan.1 2004-03-09 09:06:00.000000000 +0200 @@ -157,7 +157,7 @@ or .Dq ssh-dss . .Pp -.Pa Output format for rsa and dsa keys with x509 certificates: +.Pa Output format for rsa and dsa keys with X.509 certificates: .Bd -literal host-or-namelist keytype distinguished-name .Ed @@ -195,7 +195,7 @@ wrote the initial version, and .An Wayne Davison Aq wayned@users.sourceforge.net added support for protocol version 2. -Roumen Petrov contributed support for x509 certificates. +Roumen Petrov contributed support for X.509 certificates. .Sh BUGS It generates "Connection closed by remote host" messages on the consoles of all the machines it scans if the server is older than version 2.9. diff -ruN openssh-3.7.1p2+x509g2/ssh-keyscan.c openssh-3.7.1p2+x509g4/ssh-keyscan.c --- openssh-3.7.1p2+x509g2/ssh-keyscan.c 2003-09-25 09:06:01.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-keyscan.c 2004-03-09 09:06:01.000000000 +0200 @@ -6,7 +6,7 @@ * OpenBSD project by leaving this copyright notice intact. * * X509 certificates support, - * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -41,6 +41,7 @@ #include "ssh.h" #include "ssh1.h" #include "key.h" +#include "ssh-x509.h" #include "kex.h" #include "compat.h" #include "myproposal.h" @@ -384,7 +385,7 @@ fprintf(stderr, "keygrab_ssh2:Invalid keytype!\n"); exit(1); } - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = key_ssh_name(&k); + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = (char*)key_ssh_name(&k); } c->c_kex = kex_setup(myproposal); c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; diff -ruN openssh-3.7.1p2+x509g2/ssh-keysign.0 openssh-3.7.1p2+x509g4/ssh-keysign.0 --- openssh-3.7.1p2+x509g2/ssh-keysign.0 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-keysign.0 2004-03-09 09:06:00.000000000 +0200 @@ -29,7 +29,7 @@ readable only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if hostbased authentication is used. It is possible host key to - contain private parts plus x509 certificate. + contain private parts plus X.509 certificate. SEE ALSO ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) diff -ruN openssh-3.7.1p2+x509g2/ssh-keysign.8 openssh-3.7.1p2+x509g4/ssh-keysign.8 --- openssh-3.7.1p2+x509g2/ssh-keysign.8 2003-09-25 09:06:00.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-keysign.8 2004-03-09 09:06:00.000000000 +0200 @@ -68,7 +68,7 @@ Since they are readable only by root, .Nm must be set-uid root if hostbased authentication is used. -It is possible host key to contain private parts plus x509 certificate. +It is possible host key to contain private parts plus X.509 certificate. .El .Sh SEE ALSO .Xr ssh 1 , diff -ruN openssh-3.7.1p2+x509g2/ssh-x509.c openssh-3.7.1p2+x509g4/ssh-x509.c --- openssh-3.7.1p2+x509g2/ssh-x509.c 2003-09-12 09:48:49.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-x509.c 2004-02-22 18:34:20.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -37,17 +37,17 @@ /* clear rest of errors in OpenSSL "error buffer" */ ERR_clear_error(); - return buf; + return(buf); } /* rumen-XXX: X.509 RSASIG check */ -void (*plogx509rsasig)(char *msg) = NULL; +void (*plogx509rsasig)(const char *msg) = NULL; #ifndef SSH_X509STORE_DISABLED -static char* -x509key_find_subject(int _keytype, char* _cp) { - static char *keywords[] = { +static const char* +x509key_find_subject(int _keytype, const char* s) { + static const char *keywords[] = { "subject", "distinguished name", "distinguished-name", @@ -56,53 +56,60 @@ "dn", NULL }; - char **q, *p; + const char **q, *p; size_t len; if (_keytype != KEY_X509_RSA && _keytype != KEY_X509_DSA) { debug3("x509key_find_subject: %d is not x509 key ", _keytype); - return 0; + return(NULL); } for (q=keywords; *q; q++) { len = strlen(*q); - if (strncasecmp(_cp, *q, len) == 0) { - for (p = _cp + len; *p && isspace((int)*p); p++) - {} + if (strncasecmp(s, *q, len) != 0) continue; + + for (p = s + len; *p && isspace((int)*p); p++) + {/*skip space*/} + if (!*p) { + error("x509key_find_subject: no data after keyword"); + return(NULL); + } + if (*p == ':' || *p == '=') { + for (p++; *p && isspace((int)*p); p++) + {/*skip space*/} if (!*p) { - error("x509key_find_subject: no data"); - return NULL; + error("x509key_find_subject: no data after separator"); + return(NULL); } - if (*p == ':' || *p == '=') - p++; - for (; *p && isspace((int)*p); p++) - {} + } + if (*p == '/' || *p == ',') { + /*skip leading [Relative]DistinguishedName elements separator*/ + for (p++; *p && isspace((int)*p); p++) + {/*skip space*/} if (!*p) { error("x509key_find_subject: no data"); - return NULL; + return(NULL); } - if (*p == '/') - p++; - return p; } + return(p); } - return NULL; + return(NULL); } #endif /*ndef SSH_X509STORE_DISABLED*/ #ifndef SSH_X509STORE_DISABLED static int -x509key_str2X509NAME(char* _str, X509_NAME *_name) { - int ret = 1; +x509key_str2X509NAME(const char* _str, X509_NAME *_name) { + int ret = 1; char *p, *q, *token; - char ch; + char ch; - p = _str; + p = (char*)_str; while (*p) { - int nid; + int nid; for (; *p && isspace((int)*p); p++) - {} + {/*skip space*/} if (!*p) break; /* get shortest token */ @@ -147,18 +154,18 @@ ret = 0; } else { p = q + 1; - if(!*p) { + if (!*p) { error("x509key_str2X509NAME: no data"); ret = 0; } else { /* add */ char save; - for(q = token - 1; (q >= p) && isspace((int)*q); q--) - {/*skip unexpected \n,etc. from end*/} + for (q = token - 1; (q >= p) && isspace((int)*q); q--) + {/*skip unexpected \n, etc. from end*/} save = *++q; *q = 0; - ret = X509_NAME_add_entry_by_NID(_name, nid, MBSTRING_ASC, p, q - p, -1, 0); - if(ret <= 0) { + ret = X509_NAME_add_entry_by_NID(_name, nid, MBSTRING_ASC, (u_char*)p, q - p, -1, 0); + if (ret <= 0) { char ebuf[256]; error("x509key_str2X509NAME: X509_NAME_add_entry_by_NID" " fail with errormsg='%.256s'" @@ -172,14 +179,14 @@ } } *token = ch; - if(ret <= 0) { + if (ret <= 0) { break; } p = token; - if(*p) p++; + if (*p) p++; } debug3("x509key_str2X509NAME: return %d", ret); - return ret; + return(ret); } #endif /*ndef SSH_X509STORE_DISABLED*/ @@ -187,21 +194,21 @@ #ifndef SSH_X509STORE_DISABLED Key* x509key_from_subject(int _keytype, char* _cp) { - int ret = 1; - Key* key = NULL; - X509_NAME *subj; - char *subject; + int ret = 1; + Key* key = NULL; + X509_NAME *subj; + const char *subject; debug3("x509key_from_subject(%d, [%.200s]) called ", _keytype, _cp); subject = x509key_find_subject(_keytype, _cp); - if(subject == NULL) - return NULL; + if (subject == NULL) + return(NULL); debug3("x509key_from_subject: subject=[%.200s]", subject); key = key_new(_keytype); if (key == NULL) { error("x509key_from_subject: out of memory"); - return NULL; + return(NULL); } if (ret > 0) { @@ -217,35 +224,33 @@ } if (ret <= 0) { - if (key) { + if (key != NULL) { key_free(key); key = NULL; } } - debug3("x509key_from_subject: return %p", key); - return key; + debug3("x509key_from_subject: return %p", (void*)key); + return(key); } #endif /*ndef SSH_X509STORE_DISABLED*/ static Key* x509_to_key(X509 *x509) { - Key *key = NULL; + Key *key = NULL; EVP_PKEY *env_pkey; env_pkey = X509_get_pubkey(x509); - if (env_pkey == NULL) { char ebuf[256]; error("x509_to_key: X509_get_pubkey fail %.256s", openssl_errormsg(ebuf, sizeof(ebuf))); - return key; - } - else { - debug3("x509_to_key: X509_get_pubkey done!"); + return(NULL); } + /*else*/ + debug3("x509_to_key: X509_get_pubkey done!"); - switch(env_pkey->type) { + switch (env_pkey->type) { case EVP_PKEY_RSA: key = key_new(KEY_UNSPEC); key->x509 = x509; @@ -267,32 +272,30 @@ break; default: - debug3("x509_to_key: unspec key" ); + fatal("ssh_x509_key_size: unknow env_pkey->type %d", env_pkey->type); + /*unreachable code*/ } - return key; + return(key); } Key* -x509key_from_blob( - u_char *blob, - int blen -) { +x509key_from_blob(const u_char *blob, int blen) { Key* key = NULL; BIO *mbio; /* convert blob data to BIO certificate data */ - mbio=BIO_new(BIO_s_mem()); - if (mbio == NULL) return NULL; - BIO_write(mbio,blob,blen); + mbio = BIO_new(BIO_s_mem()); + if (mbio == NULL) return(NULL); + BIO_write(mbio, blob, blen); BIO_flush(mbio); - debug3("x509key_from_blob:We have %d bytes available in BIO",BIO_pending(mbio)); + debug3("x509key_from_blob:We have %d bytes available in BIO", BIO_pending(mbio)); { /* read X509 certificate from BIO data */ X509* x509 = NULL; - x509 = d2i_X509_bio(mbio,NULL); + x509 = d2i_X509_bio(mbio, NULL); if (x509 == NULL) { /* We will print only debug info !!! * This method is used in place where we can only check incomming data. @@ -301,8 +304,7 @@ char ebuf[256]; debug3("x509key_from_blob: read X509 from BIO fail %.256s", openssl_errormsg(ebuf, sizeof(ebuf))); - } - else { + } else { key = x509_to_key(x509); if (key == NULL) X509_free(x509); @@ -311,85 +313,75 @@ /* This call will walk the chain freeing all the BIOs */ BIO_free_all(mbio); - return key; + return(key); } static int -x509key_check(char* method, Key *key) { +x509key_check(const char* method, const Key *key) { if (key == NULL) - { error("%.50s: no key", method); return 0; } + { error("%.50s: no key", method); return(0); } if (key->type != KEY_X509_RSA && key->type != KEY_X509_DSA ) - { error("%.50s: cannot handle key type %d", method, key->type); return 0; } + { error("%.50s: cannot handle key type %d", method, key->type); return(0); } if (key->x509 == NULL) - { error("%.50s: no X509 key", method); return 0; } + { error("%.50s: no X509 key", method); return(0); } - return 1; + return(1); } int -x509key_to_blob( - Key *key, - Buffer *b -) { - int len; - void* str; - unsigned char *p; +x509key_to_blob(const Key *key, Buffer *b) { + int len; + void *str; + u_char *p; - if (!x509key_check("x509key_to_blob", key)) - return 0; + if (!x509key_check("x509key_to_blob", key)) return(0); len = i2d_X509(key->x509, NULL); - str = xmalloc(len); - if (str == NULL) - { error("x509key_to_blob: out of memory"); return 0; } - + str = xmalloc(len); /*fatal on error*/ p = str; i2d_X509(key->x509, &p); buffer_append(b, str, len); xfree(str); - return 1; + return(1); } char* -x509key_subject(Key *key) { +x509key_subject(const Key *key) { char *buf = NULL; - if (!x509key_check("x509key_subject", key)) - return buf; - buf = xmalloc(X509KEY_SUBJECT_MAXLEN); /* xmalloc exit if cannot allocate memory */ + + if (!x509key_check("x509key_subject", key)) return(buf); + + buf = xmalloc(X509KEY_SUBJECT_MAXLEN); /*fatal on error*/ X509_NAME_oneline(X509_get_subject_name(key->x509), buf, X509KEY_SUBJECT_MAXLEN); - return buf; + return(buf); } int -x509key_write( - Key *key, - FILE *f -) { +x509key_write(const Key *key, FILE *f) { int ret = 0; Buffer b; - int n; + size_t n; - if (!x509key_check("x509key_write_blob", key)) - return ret; + if (!x509key_check("x509key_write_blob", key)) return(ret); buffer_init(&b); - ret = x509key_to_blob(key,&b); + ret = x509key_to_blob(key, &b); if (ret) { /* write ssh key name */ - char * ktype = key_ssh_name(key); + const char *ktype = key_ssh_name(key); n = strlen(ktype); - ret = ( fwrite(ktype, 1, n, f) == n ) && - ( fwrite(" " , 1, 1, f) == 1 ); - } - if (ret) { - u_char uu[1<<12]; /* 4096 bytes */ + ret = ( fwrite(ktype, 1, n, f) == n ) && + ( fwrite(" ", 1, 1, f) == 1 ); + } + if (ret) { + char uu[1<<12]; /* 4096 bytes */ n = uuencode(buffer_ptr(&b), buffer_len(&b), uu, sizeof(uu)); ret = n > 0; @@ -398,23 +390,20 @@ } } buffer_free(&b); - return ret; + return(ret); } #ifndef SSH_X509STORE_DISABLED int -x509key_write_subject( - Key *key, - FILE *f -) { - BIO *out=NULL; - char buf[X509KEY_SUBJECT_MAXLEN]; +x509key_write_subject(const Key *key, FILE *f) { + BIO *out; + char buf[X509KEY_SUBJECT_MAXLEN]; - if (!x509key_check("x509key_write_subject", key)) - return 0; + if (!x509key_check("x509key_write_subject", key)) return(0); - out=BIO_new_fp(f, BIO_NOCLOSE); + out = BIO_new_fp(f, BIO_NOCLOSE); + if (out == NULL) return(0); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); @@ -428,17 +417,14 @@ BIO_puts(out, buf); BIO_free_all(out); - return 1; + return(1); } #endif /*ndef SSH_X509STORE_DISABLED*/ Key* -x509key_load_cert( - Key *key, - FILE *fp -) { - if (!key) return NULL; +x509key_load_cert(Key *key, FILE *fp) { + if (key == NULL) return(NULL); if ( (key->type == KEY_RSA) || (key->type == KEY_DSA) ) { @@ -454,20 +440,18 @@ key ? key_type(key) : ""); } } - return key; + return(key); } static int -x509key_save_cert( - FILE *fp, - X509 *x509 -) { - int ret = 0; - BIO *out=NULL; +x509key_save_cert(FILE *fp, X509 *x509) { + int ret = 0; + BIO *out; char buf[X509KEY_SUBJECT_MAXLEN]; - out=BIO_new_fp(fp, BIO_NOCLOSE); + out = BIO_new_fp(fp, BIO_NOCLOSE); + if (out == NULL) return(0); #ifdef VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); @@ -485,10 +469,9 @@ BIO_puts(out, buf); BIO_puts(out, "\n"); { - unsigned char *alstr; - alstr = X509_alias_get0(x509, NULL); - if (!alstr) alstr = ""; - BIO_puts(out,alstr); + const char *alstr = (const char*)X509_alias_get0(x509, NULL); + if (alstr == NULL) alstr = ""; + BIO_puts(out, alstr); BIO_puts(out, "\n"); } ret = PEM_write_bio_X509(out, x509); @@ -499,32 +482,31 @@ } BIO_free_all(out); - return ret; + return(ret); } int x509key_save_pem( FILE *fp, - Key *key, + const Key *key, const EVP_CIPHER *cipher, u_char *passphrase, int len ) { - if (!x509key_check("x509key_save_pem", key)) - return 0; + if (!x509key_check("x509key_save_pem", key)) return(0); switch (key->type) { case KEY_X509_DSA: - if(PEM_write_DSAPrivateKey(fp, key->dsa, cipher, passphrase, len, NULL, NULL)) - return x509key_save_cert(fp, key->x509); + if (PEM_write_DSAPrivateKey(fp, key->dsa, cipher, passphrase, len, NULL, NULL)) + return(x509key_save_cert(fp, key->x509)); break; case KEY_X509_RSA: - if(PEM_write_RSAPrivateKey(fp, key->rsa, cipher, passphrase, len, NULL, NULL)) - return x509key_save_cert(fp, key->x509); + if (PEM_write_RSAPrivateKey(fp, key->rsa, cipher, passphrase, len, NULL, NULL)) + return(x509key_save_cert(fp, key->x509)); break; } - return 0; + return(0); } @@ -535,9 +517,9 @@ int ret = memcmp(a->data, b->data, lmin); - return (ret == 0) + return((ret == 0) ? (b->length - a->length) - : ret; + : ret); } #endif /*ndef SSH_X509STORE_DISABLED*/ @@ -546,24 +528,23 @@ static int ssh_ASN1_STRING_casecmp(const ASN1_STRING *a, const ASN1_STRING *b) { - int lmin = MIN(M_ASN1_STRING_length(a), M_ASN1_STRING_length(b)); + int la = M_ASN1_STRING_length(a); + int lb = M_ASN1_STRING_length(b); + const char *sa = (const char *)M_ASN1_STRING_data(a); + const char *sb = (const char *)M_ASN1_STRING_data(b); - int ret = strncasecmp(M_ASN1_STRING_data(a), M_ASN1_STRING_data(b), lmin); - - return (ret != 0) - ? (M_ASN1_STRING_length(b) - M_ASN1_STRING_length(a)) - : ret; + return((strncasecmp(sa, sb, MIN(la, lb)) != 0) ? (lb - la) : 0); } #endif /*ndef SSH_X509STORE_DISABLED*/ #ifndef SSH_X509STORE_DISABLED /* from RFC2459 - (d) attribute values in PrintableString are compared after - removing leading and trailing white space and converting internal - substrings of one or more consecutive white space characters to a - single space. -*/ + * (d) attribute values in PrintableString are compared after + * removing leading and trailing white space and converting internal + * substrings of one or more consecutive white space characters to a + * single space. + */ static int ssh_ASN1_PRINTABLESTRING_casecmp(const ASN1_STRING *a, const ASN1_STRING *b) { @@ -571,7 +552,7 @@ u_char *pa = M_ASN1_STRING_data(a); int lb = M_ASN1_STRING_length(b); u_char *pb = M_ASN1_STRING_data(b); - + /* skip leading spaces */ for (; la > 0 && isspace(*pa); la--, pa++); for (; lb > 0 && isspace(*pb); lb--, pb++); @@ -582,14 +563,14 @@ for (p = pa + la - 1; la > 0 && isspace(*p); la--, p--); for (p = pb + lb - 1; lb > 0 && isspace(*p); lb--, p--); } - + while (la > 0 && lb > 0) { int chA = tolower(*pa); int chB = tolower(*pb); if (chA != chB) - return (chB - chA); + return(chB - chA); pa++; pb++; la--; lb--; @@ -598,35 +579,35 @@ for (; lb > 0 && isspace(*pb); lb--, pb++); } } - return (lb - la); + return(lb - la); } #endif /*ndef SSH_X509STORE_DISABLED*/ #ifndef SSH_X509STORE_DISABLED /* -1.) - Since version 0.9.7.beta4 and 0.9.6h OpenSSL function X509_NAME_cmp - is more restrictive but more correct (!). - Problem is that some x509 implementation set X509_NAME entry - incorrectly to "Printable String" :-[ . - O.K. when one entry is "Printable String" we will compare - to corresponding entry as "Printable String". -2.) - OpenSSL functions X509_NAME_cmp check nids order in X509_NAME. - i.e. X509_NAME{"/C=XX/O=YY"} is not equal to X509_NAME{"/O=YY/C=XX"} -*/ + * 1.) + * Since version 0.9.7.beta4 and 0.9.6h OpenSSL function X509_NAME_cmp + * is more restrictive but more correct (!). + * Problem is that some x509 implementation set X509_NAME entry + * incorrectly to "Printable String" :-[ . + * O.K. when one entry is "Printable String" we will compare + * to corresponding entry as "Printable String". + * 2.) + * OpenSSL functions X509_NAME_cmp check nids order in X509_NAME. + * i.e. X509_NAME{"/C=XX/O=YY"} is not equal to X509_NAME{"/O=YY/C=XX"} + */ static int ssh_X509_NAME_cmp(X509_NAME *_a, X509_NAME *_b) { int k, n; X509_NAME *b; - + k = sk_X509_NAME_ENTRY_num(_a->entries); n = sk_X509_NAME_ENTRY_num(_b->entries); - + if (k != n) - return (n - k); + return(n - k); b = X509_NAME_dup(_b); n = 0; @@ -637,7 +618,7 @@ X509_NAME_ENTRY *neB; ASN1_STRING *nvB; int loc; - + neA = sk_X509_NAME_ENTRY_value(_a->entries, k); nvA = neA->value; nid = OBJ_obj2nid(neA->object); @@ -645,7 +626,7 @@ if (loc < 0) { char buf1[X509KEY_SUBJECT_MAXLEN]; char buf2[X509KEY_SUBJECT_MAXLEN]; - + X509_NAME_oneline(_a, buf1, sizeof(buf1)); X509_NAME_oneline(_b, buf2, sizeof(buf2)); debug3("ssh_X509_NAME_cmp: insufficient entries with nid=%d(%.40s) in second name." @@ -665,14 +646,14 @@ u_char *pa = M_ASN1_STRING_data (nvA); int lb = M_ASN1_STRING_length(nvB); u_char *pb = M_ASN1_STRING_data (nvB); - + logit("nvA='%*s', nvB='%*s'", la, pa, lb, pb); } #endif if (nid == NID_pkcs9_emailAddress) { int tag; - + tag = M_ASN1_STRING_type(nvA); if (tag != V_ASN1_IA5STRING) { /* to be strict and return nonzero or ... ? XXX @@ -740,36 +721,35 @@ } X509_NAME_free(b); - return n; + return(n); } #endif /*ndef SSH_X509STORE_DISABLED*/ #ifndef SSH_X509STORE_DISABLED -/* we can check only by Subject (Distinguished Name): - - sshd receive from client only x509 certificate !!! - - sshadd -d ... send only x509 certificate !!! - - otherwise Key might contain private key -*/ +/* + * We can check only by Subject (Distinguished Name): + * - sshd receive from client only x509 certificate !!! + * - sshadd -d ... send only x509 certificate !!! + * - otherwise Key might contain private key + */ int -ssh_x509_equal(Key *a, Key *b) { - if (!x509key_check("ssh_x509_equal", a)) - return 1; - if (!x509key_check("ssh_x509_equal", b)) - return -1; +ssh_x509_equal(const Key *a, const Key *b) { + if (!x509key_check("ssh_x509_equal", a)) return(1); + if (!x509key_check("ssh_x509_equal", b)) return(-1); #if 1 -/* We must use own method to compare two X509_NAMEs - instead of OpenSSL function[s] ! See notes before - body of "ssh_X509_NAME_cmp()" . -*/ +/* + * We must use own method to compare two X509_NAMEs instead of OpenSSL + * function[s]! See notes before body of "ssh_X509_NAME_cmp()". + */ { X509_NAME *nameA = X509_get_subject_name(a->x509); X509_NAME *nameB = X509_get_subject_name(b->x509); - return ssh_X509_NAME_cmp(nameA, nameB); + return(ssh_X509_NAME_cmp(nameA, nameB)); } #else - return X509_subject_name_cmp(a->x509, b->x509); + return(X509_subject_name_cmp(a->x509, b->x509)); #endif } #endif /*ndef SSH_X509STORE_DISABLED*/ @@ -777,28 +757,25 @@ int ssh_x509_sign( - Key * key, + const Key *key, u_char **psignature, u_int *psignaturelen, - u_char *data, u_int datalen + const u_char *data, u_int datalen ) { - int ret = -1; + int ret = -1; u_char sigret[256]; u_int siglen; - if (!x509key_check("ssh_x509_sign", key)) - return ret; - if((key->rsa == NULL) && (key->dsa == NULL)) { + if (!x509key_check("ssh_x509_sign", key)) return(ret); + if ((key->rsa == NULL) && (key->dsa == NULL)) { error("ssh_x509_sign: missing private key"); - return ret; + return(ret); } debug3("ssh_x509_sign: key_type=%.20s, key_ssh_name=%.40s", key_type(key), key_ssh_name(key)); ret = 1; { - EVP_PKEY* privkey = NULL; - - privkey = EVP_PKEY_new(); - if (!privkey) { + EVP_PKEY *privkey = EVP_PKEY_new(); + if (privkey == NULL) { error("ssh_x509_sign: out of memory"); ret = -1; } @@ -822,17 +799,17 @@ } else { evp_md = EVP_dss1(); } - + debug3("ssh_x509_sign: evp_md { %d(%.30s), %d(%.30s), %d, ... }", evp_md->type, OBJ_nid2ln(evp_md->type), evp_md->pkey_type, OBJ_nid2ln(evp_md->pkey_type), evp_md->md_size); - EVP_SignInit(&ctx,evp_md); - EVP_SignUpdate(&ctx,data,datalen); + EVP_SignInit(&ctx, evp_md); + EVP_SignUpdate(&ctx, data, datalen); if (ret > 0) { - ret = EVP_SignFinal(&ctx,sigret,&siglen,privkey); + ret = EVP_SignFinal(&ctx, sigret, &siglen, privkey); if (ret <= 0) { char ebuf[256]; error("ssh_x509_sign: digest failed: %.256s", @@ -855,7 +832,7 @@ *psignaturelen = len; if (psignature != NULL) { - *psignature = xmalloc(len); + *psignature = xmalloc(len); /*fatal on error*/ memcpy(*psignature, buffer_ptr(&b), len); } } @@ -863,21 +840,21 @@ } ret = ret > 0 ? 0 : -1; debug3("ssh_x509_sign: return %d", ret); - return ret; + return(ret); } -int ssh_x509_verify( - Key *key, - u_char *signature, u_int signaturelen, - u_char *data, u_int datalen) -{ +int +ssh_x509_verify( + const Key *key, + const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen +) { int ret = -1; u_char *sigblob = NULL; uint len = 0; - if (!x509key_check("ssh_x509_verify", key)) - return ret; + if (!x509key_check("ssh_x509_verify", key)) return(ret); { /* get signature data only */ Buffer b; @@ -886,7 +863,7 @@ { /* check signature key type */ char *ktype = buffer_get_string(&b, NULL); - debug3("ssh_x509_verify: signature key type = %.40s", ktype ); + debug3("ssh_x509_verify: signature key type = %.40s", ktype); ret = strcmp("x509v3-sign-rsa", ktype) == 0 || strcmp("x509v3-sign-dss", ktype) == 0; if (!ret) { @@ -910,10 +887,8 @@ } if (ret > 0 ) { - EVP_PKEY* pubkey; - - pubkey = X509_get_pubkey(key->x509); - if (!pubkey) { + EVP_PKEY* pubkey = X509_get_pubkey(key->x509); + if (pubkey == NULL) { error("ssh_x509_verify: no 'X509 Public Key'"); ret = -1; } @@ -931,9 +906,9 @@ evp_md->pkey_type, OBJ_nid2ln(evp_md->pkey_type), evp_md->md_size); - EVP_VerifyInit(&ctx,evp_md); - EVP_VerifyUpdate(&ctx,data,datalen); - ret = EVP_VerifyFinal(&ctx,sigblob,len,pubkey); + EVP_VerifyInit(&ctx, evp_md); + EVP_VerifyUpdate(&ctx, data, datalen); + ret = EVP_VerifyFinal(&ctx, sigblob, len, pubkey); if ((ret <= 0) && key->rsa) { /* rumen-XXX: X.509 RSASIG check */ evp_md = (x509rsasigtype == SSH_X509RSA_SHA1) ? EVP_md5() : EVP_sha1(); @@ -942,11 +917,11 @@ evp_md->pkey_type, OBJ_nid2ln(evp_md->pkey_type), evp_md->md_size); - EVP_VerifyInit(&ctx,evp_md); - EVP_VerifyUpdate(&ctx,data,datalen); - ret = EVP_VerifyFinal(&ctx,sigblob,len,pubkey); + EVP_VerifyInit(&ctx, evp_md); + EVP_VerifyUpdate(&ctx, data, datalen); + ret = EVP_VerifyFinal(&ctx, sigblob, len, pubkey); if (ret > 0) { - char *pmsg; + const char *pmsg; if (x509rsasigtype == SSH_X509RSA_SHA1) pmsg = "X509COMPAT: RSA succeed for md5 digest"; else @@ -966,158 +941,44 @@ } EVP_PKEY_free(pubkey); /* XXX ?*/ } - if (ret > 0) { - ret = ssh_x509cert_check(key->x509); - } if (sigblob) { memset(sigblob, 's', len); xfree(sigblob); + sigblob = NULL; + } + if (ret > 0) { + ret = ssh_x509cert_check(key->x509); } ret = ret > 0 ? 1 : (ret < 0 ? -1 : 0); - debug3("ssh_x509_verify return %d", ret); - return ret; + debug3("ssh_x509_verify: return %d", ret); + return(ret); } u_int -ssh_x509_key_size(Key *key) { - EVP_PKEY *pkey=NULL; +ssh_x509_key_size(const Key *key) { + EVP_PKEY *pkey; int k = 0; - if (!x509key_check("key_size", key)) - return 0; - - pkey=X509_get_pubkey(key->x509); - if (pkey != NULL) { - if (pkey->type == EVP_PKEY_RSA) - { - /* BN_num_bits return int (!): XXX */ - k = BN_num_bits(pkey->pkey.rsa->n); - } - if (pkey->type == EVP_PKEY_DSA) - { - /*OpenSSH like this*/ - k = BN_num_bits(pkey->pkey.dsa->p); - } - } - EVP_PKEY_free(pkey); - return (u_int) k; -} + if (!x509key_check("key_size", key)) goto done; + pkey = X509_get_pubkey(key->x509); + if (pkey == NULL) goto done; -#ifdef SSHX509TEST - -#ifdef HAVE___PROGNAME -extern char *__progname; -#else -char *__progname; -#endif - - -#define DATA "test_certificate" -#define DATA2 "Test_Certificate" - -int -main (int argc, char *argv[]) { - X509_NAME* name; - - __progname = get_progname(argv[0]); - log_init(__progname, SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1); - - name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, DATA, -1, -1, 0); - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "CN", V_ASN1_PRINTABLESTRING, DATA, -1, -1, 0); - fprintf(stderr, "A1.1:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "CN", V_ASN1_PRINTABLESTRING, " " DATA " ", -1, -1, 0); - fprintf(stderr, "A1.2:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "CN", V_ASN1_PRINTABLESTRING, " " DATA2 " ", -1, -1, 0); - fprintf(stderr, "A1.3:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "OU", V_ASN1_PRINTABLESTRING, " " DATA2 " ", -1, -1, 0); - fprintf(stderr, "A1.4:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "CN", MBSTRING_ASC, " " DATA2 " ", -1, -1, 0); - fprintf(stderr, "A1.5:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - X509_NAME_free(name); - - - name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_ASC, DATA, -1, -1, 0); - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "emailAddress", V_ASN1_TELETEXSTRING, DATA2, -1, -1, 0); - fprintf(stderr, "A2.1:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "emailAddress", V_ASN1_IA5STRING, DATA2, -1, -1, 0); - fprintf(stderr, "A2.2:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - X509_NAME_free(name); - - name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_ASC, DATA "-e", -1, -1, 0); - X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, DATA "-cn", -1, -1, 0); - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "CN", V_ASN1_PRINTABLESTRING, " " DATA2 "-cn ", -1, -1, 0); - X509_NAME_add_entry_by_txt(x, "emailAddress", V_ASN1_IA5STRING, DATA2 "-e", -1, -1, 0); - fprintf(stderr, "A3 :ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - X509_NAME_free(name); - - name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, DATA "1", -1, -1, 0); - X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, DATA "2", -1, -1, 0); - X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, DATA "3", -1, -1, 0); - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "1", -1, -1, 0); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "3", -1, -1, 0); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "2", -1, -1, 0); - fprintf(stderr, "A4.1:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "2", -1, -1, 0); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "1", -1, -1, 0); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "2", -1, -1, 0); - fprintf(stderr, "A4.2:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); - } - { - X509_NAME* x = X509_NAME_new(); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "2", -1, -1, 0); - X509_NAME_add_entry_by_txt(x, "O" , MBSTRING_ASC, DATA "2", -1, -1, 0); - X509_NAME_add_entry_by_txt(x, "OU", MBSTRING_ASC, DATA "3", -1, -1, 0); - fprintf(stderr, "A4.3:ssh_X509_NAME_cmp return %d\n", ssh_X509_NAME_cmp(name, x)); - X509_NAME_free(x); + switch(pkey->type) { + case EVP_PKEY_RSA: + /* BN_num_bits return int (!): XXX */ + k = BN_num_bits(pkey->pkey.rsa->n); + break; + case EVP_PKEY_DSA: + /*OpenSSH like this*/ + k = BN_num_bits(pkey->pkey.dsa->p); + break; + default: + fatal("ssh_x509_key_size: unknow pkey->type %d", pkey->type); + /*unreachable code*/ } - X509_NAME_free(name); - - exit(0); - return 0; + EVP_PKEY_free(pkey); +done: + return((u_int) k); } -#endif diff -ruN openssh-3.7.1p2+x509g2/ssh-x509.h openssh-3.7.1p2+x509g4/ssh-x509.h --- openssh-3.7.1p2+x509g2/ssh-x509.h 2003-06-09 09:44:13.000000000 +0300 +++ openssh-3.7.1p2+x509g4/ssh-x509.h 2004-02-22 18:24:36.000000000 +0200 @@ -1,7 +1,7 @@ #ifndef SSH_X509_H #define SSH_X509_H /* - * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -29,38 +29,43 @@ #include "key.h" #include "buffer.h" + #ifndef SSH_X509STORE_DISABLED - /* - * This method return a key(x509) only with "Subject"("Distinguished Name") ! - */ +/* + * Method return a key(x509) only with "Subject"("Distinguished Name") ! + */ Key* x509key_from_subject(int _keytype, char* _cp); #endif /*ndef SSH_X509STORE_DISABLED*/ -Key* x509key_from_blob(u_char *blob, int blen); -int x509key_to_blob(Key *key, Buffer *b); +Key* x509key_from_blob(const u_char *blob, int blen); +int x509key_to_blob(const Key *key, Buffer *b); #define X509KEY_SUBJECT_MAXLEN 512 -char* x509key_subject(Key *key); +char* x509key_subject(const Key *key); - /* write x509 certificate as blob */ -int x509key_write(Key *key, FILE *f); +/* + * Method write x509 certificate as blob. + */ +int x509key_write(const Key *key, FILE *f); #ifndef SSH_X509STORE_DISABLED - /* write x509 certificate subject */ -int x509key_write_subject(Key *key, FILE *f); +/* + * Method write x509 certificate subject. + */ +int x509key_write_subject(const Key *key, FILE *f); #endif /*ndef SSH_X509STORE_DISABLED*/ Key* x509key_load_cert(Key *key, FILE *fp); -int x509key_save_pem(FILE *fp, Key *key, const EVP_CIPHER *cipher, u_char *passphrase, int len); +int x509key_save_pem(FILE *fp, const Key *key, const EVP_CIPHER *cipher, u_char *passphrase, int len); #ifndef SSH_X509STORE_DISABLED -int ssh_x509_equal(Key *a, Key *b); +int ssh_x509_equal(const Key *a, const Key *b); #endif /*ndef SSH_X509STORE_DISABLED*/ -int ssh_x509_sign(Key *, u_char **, u_int *, u_char *, u_int); -int ssh_x509_verify(Key *key, u_char *signature, u_int signaturelen, u_char *data, u_int datalen); -u_int ssh_x509_key_size(Key *key); +int ssh_x509_sign(const Key *key, u_char **psignature, u_int *psignaturelen, const u_char *data, u_int datalen); +int ssh_x509_verify(const Key *key, const u_char *signature, u_int signaturelen, const u_char *data, u_int datalen); +u_int ssh_x509_key_size(const Key *key); #endif /* SSH_X509_H */ diff -ruN openssh-3.7.1p2+x509g2/tests/CA/1-cre_cadb.sh openssh-3.7.1p2+x509g4/tests/CA/1-cre_cadb.sh --- openssh-3.7.1p2+x509g2/tests/CA/1-cre_cadb.sh 2003-05-26 11:30:04.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/1-cre_cadb.sh 2004-03-03 16:42:59.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -30,20 +30,20 @@ # === +# args: +# $1 - type echo_CA_common_options () { - local type="$1" - cat < "$1" [ ca ] default_ca = CA_OpenSSH_rsa_md5 + # For the CA policy [ policy_match ] countryName = match @@ -68,6 +68,7 @@ commonName = supplied emailAddress = optional + [ req ] default_bits = 1024 distinguished_name = req_distinguished_name @@ -110,10 +111,17 @@ emailAddress_max = 40 emailAddress_default = $SSH_DN_EM + [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 +EOF + + +# X.509 extensions: SSH client certificates +cat << EOF >> "$1" + [ usr_cert ] # These extensions are added when 'ca' signs a request. @@ -129,6 +137,12 @@ # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always +EOF + + +# X.509 extensions: SSH server certificates +cat << EOF >> "$1" + [ srv_cert ] # These extensions are added when 'ca' signs a request. @@ -151,7 +165,6 @@ # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always - EOF @@ -167,10 +180,10 @@ default_md = ${DIGEST} # The private key (!) -private_key = "${SSH_CAKEYDIR}/${RSA_BASENAME}.key" +private_key = "${SSH_CAKEYDIR}/${CAKEY_PREFIX}-rsa.key" #The CA certificate (!) -certificate = "${SSH_CACERTDIR}/${RSA_BASENAME}_${DIGEST}.crt.pem" +certificate = "${SSH_CACERTDIR}/${CAKEY_PREFIX}-rsa_${DIGEST}.crt.pem" EOF ) >> "$1" done @@ -186,10 +199,10 @@ default_md = sha1 # The private key (!) -private_key = "${SSH_CAKEYDIR}/${DSA_BASENAME}.key" +private_key = "${SSH_CAKEYDIR}/${CAKEY_PREFIX}-dsa.key" #The CA certificate (!) -certificate = "${SSH_CACERTDIR}/${DSA_BASENAME}.crt.pem" +certificate = "${SSH_CACERTDIR}/${CAKEY_PREFIX}-dsa.crt.pem" EOF ) >> "$1" } @@ -197,25 +210,31 @@ # === cre_db () { - local var="${SSH_CAROOT}" +( + var="${SSH_CAROOT}" + if test ! -d "$var"; then - mkdir -p "$var" || return $? + mkdir -p "$var" || exit $? else - count=`getNextDirName "${var}"` || return $? + count=`getNextDirName "${var}"` || exit $? if test -d "${var}"; then printf '%s' "saving old directoty as ${attn}${var}.${warn}${count}${norm} ... " - mv "${var}" "${var}.${count}"; show_status $? || return $? + mv "${var}" "${var}.${count}"; show_status $? || exit $? fi fi + mkdir -p "$var" && mkdir "$var/crt" && - mkdir "$var/crl" && - for DIGEST in ${RSA_DIGEST_LIST}; do - cp /dev/null "$var/index-rsa_${DIGEST}.txt" - done && - cp /dev/null "$var/index-dsa.txt" && + mkdir "$var/crl" || + exit $? + + for type in ${SSH_SIGN_TYPES}; do + create_empty_file "$var/index-${type}.txt" || exit $? + done + mkdir "$var/newcerts" && - echo '01' > "$var/serial" + echo '200402160906000001' > "$var/serial" +) } @@ -225,4 +244,4 @@ cre_db && update_file "${TMPDIR}/${CACONFIG}" "${SSH_CACFGFILE}"; retval=$? -show_status $retval "${extd}Creating a new ${warn}TEST${norm} ${attn}Certificate Authority Database${norm} ..." +show_status $retval "${extd}Creating${norm} ${warn}TEST${norm} ${attn}Certificate Authority Database${norm}" diff -ruN openssh-3.7.1p2+x509g2/tests/CA/2-cre_cakeys.sh openssh-3.7.1p2+x509g4/tests/CA/2-cre_cakeys.sh --- openssh-3.7.1p2+x509g2/tests/CA/2-cre_cakeys.sh 2003-06-11 12:09:08.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/2-cre_cakeys.sh 2004-02-16 22:24:38.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -30,7 +30,7 @@ OPENSSH_LOG="$CWD/openssh_ca-2.log" -cat /dev/null > .delmy +create_empty_file .delmy && update_file .delmy "$OPENSSH_LOG" > /dev/null || exit $? @@ -56,23 +56,23 @@ # === gen_rsa () { -local RSA_OPT="-des3" +RSA_OPT="-des3" if [ -f /etc/random-seed ]; then RSA_OPT="${RSA_OPT} -rand /etc/random-seed" fi -rm -f "${TMPDIR}/${RSA_BASENAME}.key" 2>/dev/null +rm -f "${TMPDIR}/${CAKEY_PREFIX}-rsa.key" 2>/dev/null $OPENSSL genrsa ${RSA_OPT} \ -passout pass:${KEY_PASS} \ - -out "${TMPDIR}/${RSA_BASENAME}.key" 1024 \ + -out "${TMPDIR}/${CAKEY_PREFIX}-rsa.key" 1024 \ 2>> "$OPENSSH_LOG" \ -; show_status $? "${extd}generating a new ${attn}rsa ${norm} private key for the ${warn}TEST${norm}${extd} ${attn}CA${norm} ..." \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}rsa${norm} private key" \ || return $? for DIGEST in ${RSA_DIGEST_LIST}; do -rm -f "${TMPDIR}/${RSA_BASENAME}_${DIGEST}.crt" 2>/dev/null +rm -f "${TMPDIR}/${CAKEY_PREFIX}-rsa_${DIGEST}.crt" 2>/dev/null echo_SSH_CA_DN "rsa_${DIGEST}" | $OPENSSL req \ @@ -80,11 +80,11 @@ -config "${SSH_CACFGFILE}" \ -days $SSH_CACERTDAYS \ -passin pass:${KEY_PASS} \ - -key "${TMPDIR}/${RSA_BASENAME}.key" \ + -key "${TMPDIR}/${CAKEY_PREFIX}-rsa.key" \ -${DIGEST} \ - -out "${TMPDIR}/${RSA_BASENAME}_${DIGEST}.crt" \ + -out "${TMPDIR}/${CAKEY_PREFIX}-rsa_${DIGEST}.crt" \ 2>> "$OPENSSH_LOG" \ -; show_status $? "${extd}generating the new ${warn}TEST${norm}${extd} ${attn}CA${norm}/(${DIGEST} with rsa) ..." \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}rsa-${DIGEST}${norm} certificate" \ || return $? done @@ -95,31 +95,31 @@ # === gen_dsa () { -local DSA_OPT="" +DSA_OPT="" if [ -f /etc/random-seed ]; then DSA_OPT="${DSA_OPT} -rand /etc/random-seed" fi -rm -f "${TMPDIR}/${DSA_BASENAME}.prm" 2>/dev/null +rm -f "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" 2>/dev/null $OPENSSL dsaparam ${DSA_OPT} \ - -out "${TMPDIR}/${DSA_BASENAME}.prm" 1024\ + -out "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" 1024\ 2>> "$OPENSSH_LOG";\ -show_status $? "${extd}generating a new ${attn}DSA parameter file${norm} ..." \ +show_status $? "generating ${extd}DSA parameter file${norm}" \ || return $? -rm -f "${TMPDIR}/${DSA_BASENAME}.key" 2>/dev/null +rm -f "${TMPDIR}/${CAKEY_PREFIX}-dsa.key" 2>/dev/null DSA_OPT="${DSA_OPT} -des3" $OPENSSL gendsa ${DSA_OPT} \ -passout pass:${KEY_PASS} \ - -out "${TMPDIR}/${DSA_BASENAME}.key" \ - "${TMPDIR}/${DSA_BASENAME}.prm" \ + -out "${TMPDIR}/${CAKEY_PREFIX}-dsa.key" \ + "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" \ 2>> "$OPENSSH_LOG" \ -; show_status $? "${extd}generating a new ${attn}dsa${norm} private key for the ${warn}TEST${norm}${extd} ${attn}CA${norm} ..." \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}dsa${norm} private key" \ || return $? #request & ceritificate -rm -f "${TMPDIR}/${DSA_BASENAME}.crt" 2>/dev/null +rm -f "${TMPDIR}/${CAKEY_PREFIX}-dsa.crt" 2>/dev/null echo_SSH_CA_DN "dsa" | $OPENSSL req \ @@ -127,10 +127,10 @@ -config "${SSH_CACFGFILE}" \ -days $SSH_CACERTDAYS \ -passin pass:${KEY_PASS} \ - -key "${TMPDIR}/${DSA_BASENAME}.key" \ - -out "${TMPDIR}/${DSA_BASENAME}.crt" \ + -key "${TMPDIR}/${CAKEY_PREFIX}-dsa.key" \ + -out "${TMPDIR}/${CAKEY_PREFIX}-dsa.crt" \ 2>> "$OPENSSH_LOG" \ -; show_status $? "${extd}generating the new ${warn}TEST${norm}${extd} ${attn}CA${norm}/(sha1 with dsa) ..." \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}dsa-sha1${norm} certificate" \ || return $? return 0 @@ -139,71 +139,64 @@ # === crt2bundle () { - local val="$1" - test -z "${val}" && { echo ${warn}missing DN${norm} 1>&2; return 1; } +( + val="$1" + test -z "${val}" && { echo ${warn}missing DN${norm} >&2; return 1; } echo echo ${val} echo ${val} | sed -e 's/./=/g' - $OPENSSL x509 -inform PEM -in "${2}" -fingerprint -noout || return $? + $OPENSSL x509 -inform PEM -in "${2}" -fingerprint -noout || exit $? echo PEM data: - $OPENSSL x509 -inform PEM -in "${2}" -trustout || return $? + $OPENSSL x509 -inform PEM -in "${2}" -trustout || exit $? echo Certificate Ingredients: - $OPENSSL x509 -inform PEM -in "${2}" -text -noout || return $? + $OPENSSL x509 -inform PEM -in "${2}" -text -noout || exit $? - return 0 + exit 0 +) } # === install () { - local F - +( for D in \ "${SSH_CAROOT}" \ "${SSH_CAKEYDIR}" \ "${SSH_CACERTDIR}" \ - ;do - test ! -d "$D" && mkdir -p "${D}" + ; do + if test ! -d "$D"; then + mkdir -p "${D}" || exit $? + fi done + chmod 700 "${SSH_CAKEYDIR}" || exit $? - update_file "${TMPDIR}/${DSA_BASENAME}.prm" "${SSH_CAROOT}/${DSA_BASENAME}.prm" \ -&& - chmod 700 "${SSH_CAKEYDIR}" \ -&& - update_file "${TMPDIR}/${RSA_BASENAME}.key" "${SSH_CAKEYDIR}/${RSA_BASENAME}.key" && - chmod 400 "${SSH_CAKEYDIR}/${RSA_BASENAME}.key" \ -&& - update_file "${TMPDIR}/${DSA_BASENAME}.key" "${SSH_CAKEYDIR}/${DSA_BASENAME}.key" && - chmod 400 "${SSH_CAKEYDIR}/${DSA_BASENAME}.key" \ -|| return $? - - -for DIGEST in ${RSA_DIGEST_LIST}; do - F="${RSA_BASENAME}_${DIGEST}" - update_file "${TMPDIR}/${F}.crt" "${SSH_CACERTDIR}/${F}.crt.pem" || return $? -done - F="${DSA_BASENAME}" - update_file "${TMPDIR}/${F}.crt" "${SSH_CACERTDIR}/${F}.crt.pem" || return $? + update_file "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" "${SSH_CAROOT}/${CAKEY_PREFIX}-dsa.prm" && + for type in rsa dsa; do + F="${CAKEY_PREFIX}-${type}.key" + update_file "${TMPDIR}/${F}" "${SSH_CAKEYDIR}/${F}" && + chmod 400 "${SSH_CAKEYDIR}/${F}" || exit $? + done + for type in ${SSH_SIGN_TYPES}; do + F="${CAKEY_PREFIX}-${type}.crt" + update_file "${TMPDIR}/${F}" "${SSH_CACERTDIR}/${F}.pem" || exit $? + done -printf '%s' "" > "${TMPDIR}/${CACERTFILE}" -for DIGEST in ${RSA_DIGEST_LIST}; do - F="${SSH_CACERTDIR}/${RSA_BASENAME}_${DIGEST}.crt.pem" - crt2bundle "$SSH_DN_OU" "${F}" >> "${TMPDIR}/${CACERTFILE}" || return $? -done - F="${SSH_CACERTDIR}/${DSA_BASENAME}.crt.pem" - crt2bundle "$SSH_DN_OU" "${F}" >> "${TMPDIR}/${CACERTFILE}" || return $? + create_empty_file "${TMPDIR}/${CACERTFILE}" && + for type in ${SSH_SIGN_TYPES}; do + F="${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" + crt2bundle "$SSH_DN_OU" "${F}" >> "${TMPDIR}/${CACERTFILE}" || exit $? + done -update_file "${TMPDIR}/${CACERTFILE}" "${SSH_CAROOT}/${CACERTFILE}" + update_file "${TMPDIR}/${CACERTFILE}" "${SSH_CAROOT}/${CACERTFILE}" +) } # === cre_hash_link () { - local HASH - local NAME - +( #option -noout problem: #exit code from .../openssl ... -noout ... is sometime nonzero !!! #might only by .../openssl x509 ... -noout ... exit code is zero @@ -214,32 +207,36 @@ # .../openssl crl -in a_crl_file -hash -out /dev/null # #work around might is to use -out /dev/null :-/ - HASH=`$OPENSSL x509 -in "$1" -noout -hash` || return $? - NAME=`getNextFreeName ${HASH}.` || return $? + HASH=`$OPENSSL x509 -in "$1" -noout -hash` || exit $? + NAME=`getNextFreeName ${HASH}.` || exit $? echo "creating link ${attn}${NAME}${norm} to ${attn}$1${norm}" rm -f "${NAME}" && - ln -s "$1" "${NAME}" || return $? + ln -s "$1" "${NAME}" || exit $? #link might never fail ;-( test -h "${NAME}" +) } cre_hashs () { #(!) openssl script "c_rehash" is missing in some installations :-( # c_rehash "${SSH_CACERTDIR}" -( cd "${SSH_CACERTDIR}" || exit $? +( + cd "${SSH_CACERTDIR}" || exit $? + for F in [0-9a-f]*.[0-9]; do # we must use test -L, but on ?-OSes ... :-( - if test -h $F; then - rm "$F" || exit $? + if test -h "$F"; then + rm -f "$F" || exit $? fi done - for DIGEST in ${RSA_DIGEST_LIST}; do - cre_hash_link "${RSA_BASENAME}_${DIGEST}.crt.pem" || exit $? + for type in ${SSH_SIGN_TYPES}; do + cre_hash_link "${CAKEY_PREFIX}-${type}.crt.pem" || exit $? done - cre_hash_link "${DSA_BASENAME}.crt.pem" || exit $? + + exit 0 ) } @@ -251,6 +248,6 @@ install && cre_hashs; retval=$? -show_status $retval "${extd}Creating a new ${warn}TEST${norm} ${attn}Certificate Authority${norm} ..." +show_status $retval "${extd}Creating${norm} ${warn}TEST${norm} ${attn}Certificate Authority${norm}" echo "${warn}password for all private keys is ${attn}${KEY_PASS}${norm}" exit $retval diff -ruN openssh-3.7.1p2+x509g2/tests/CA/3-cre_certs.sh openssh-3.7.1p2+x509g4/tests/CA/3-cre_certs.sh --- openssh-3.7.1p2+x509g2/tests/CA/3-cre_certs.sh 2003-06-11 12:11:38.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/3-cre_certs.sh 2004-02-21 22:09:36.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -106,16 +106,13 @@ test -z "${SSH_CERT_TYPE}" && usage -OPENSSH_LOG="$CWD/openssh_ca-3.log" -cat /dev/null > .delmy +OPENSSH_LOG="$CWD/openssh_ca-3.${SSH_BASE_KEY}.${SSH_X509V3_EXTENSIONS}.log" +create_empty_file .delmy && update_file .delmy "$OPENSSH_LOG" > /dev/null || exit $? # === cre_csr () { - local type="$1" - local subtype="$2" - echo "=== create a new CSR ===" >> "$OPENSSH_LOG" ( if test "$SSH_X509V3_EXTENSIONS" != "usr_cert"; then @@ -142,18 +139,12 @@ -passin pass:"" \ -out "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.csr" \ 2>> "$OPENSSH_LOG" \ - ; show_status $? "creating new ${extd}CSR${norm} for ${attn}${SSH_BASE_DN_CN}(${type}${subtype})${norm} ..." || return $? - - sync - return 0 + ; show_status $? "- ${extd}CSR${norm}" } # === cre_crt () { - local type="$1" - local subtype="$2" - echo "=== create a new CRT ===" >> "$OPENSSH_LOG" $OPENSSL ca \ -config "${SSH_CACFGFILE}" \ @@ -164,7 +155,7 @@ -out "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.crt" \ -extensions ${SSH_X509V3_EXTENSIONS} \ 2>> "$OPENSSH_LOG" \ - ; show_status $? "creating new ${extd}CRT${norm} for ${attn}${SSH_BASE_DN_CN}(${type}${subtype})${norm} ..." || + ; show_status $? "- ${extd}CRT${norm}" || { retval=$? printf '%s' "${warn}" grep 'ERROR:' "$OPENSSH_LOG" @@ -176,7 +167,10 @@ $OPENSSL verify \ -CAfile "${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" \ "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.crt" && - rm -f "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.csr" && + rm -f "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.csr" || + return $? + + printf '%s' '- ' && update_file \ "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.crt" \ "${SSH_BASE_KEY}-${type}${subtype}.crt" @@ -184,12 +178,8 @@ # === - cre_OpenSSH_Crt () { - local type="$1" - local subtype="$2" - - printf '%s' "creating ${extd}OpenSSH certificate${norm} with signature ${attn}${type}${norm}${subtype} ..." + printf '%s' "- ${extd}OpenSSH certificate${norm}" ( cat "${SSH_BASE_KEY}" $OPENSSL x509 -in "${SSH_BASE_KEY}-${type}${subtype}.crt" -subject -issuer -alias ) > "${SSH_BASE_KEY}-${type}${subtype}" && @@ -197,21 +187,17 @@ ; show_status $? } -cre_OpenSSH_PubKey () { - local type="$1" - local subtype="$2" - printf '%s' "creating ${extd}OpenSSH public key for certificate${norm} with signature ${attn}${type}${norm}${subtype} ..." +cre_OpenSSH_PubKey () { + printf '%s' "- ${extd}OpenSSH public key${norm}" "$TEST_SSH_SSHKEYGEN" -y -f "${SSH_BASE_KEY}-${type}${subtype}" \ > "${SSH_BASE_KEY}-${type}${subtype}.pub" \ ; show_status $? } -cre_P12_Crt () { - local type="$1" - local subtype="$2" - printf '%s' "creating ${extd}p12 certificate${norm} with signature ${attn}${type}${norm}${subtype} ..." +cre_P12_Crt () { + printf '%s' "- ${extd}PKCS #12${norm} file" $OPENSSL pkcs12 \ -passin pass:"" \ -passout pass:"" \ @@ -223,16 +209,13 @@ revoke_crt () { - local type="$1" - local subtype="$2" - echo "=== revoke a CRT ===" >> "$OPENSSH_LOG" - printf '%s' "revoke ${extd}certificate${norm} with signature ${attn}${type}${norm}${subtype} ..." + printf '%s' "- ${extd}revoke${norm} certificate" $OPENSSL ca \ -config "${SSH_CACFGFILE}" \ -name "CA_OpenSSH_${type}" \ -passin pass:$KEY_PASS \ - -revoke "${SSH_BASE_KEY}-${type}${subtype}" \ + -revoke "${SSH_BASE_KEY}-${type}${subtype}.crt" \ 2>> "$OPENSSH_LOG" \ ; show_status $? } @@ -240,46 +223,36 @@ # === cre_all2 () { - local type="$1" - echo - cre_csr "${type}" && - cre_crt "${type}" && - cre_OpenSSH_Crt "${type}" && - cre_OpenSSH_PubKey "${type}" && - cre_P12_Crt "${type}" -} + printf '%s\n' "creating ${extd}${SSH_X509V3_EXTENSIONS}${norm} for ${extd}${SSH_BASE_DN_CN}${norm}(${attn}${type}${norm}${warn}${subtype}${norm}) ..." + cre_csr && + cre_crt || return $? -# === -cre_all3 () { - local type="$1" - - echo - cre_csr "${type}" "-revoked" && - cre_crt "${type}" "-revoked" && - cre_OpenSSH_Crt "${type}" "-revoked" && - cre_OpenSSH_PubKey "${type}" "-revoked" && - cre_P12_Crt "${type}" "-revoked" && - revoke_crt "${type}" "-revoked" + cre_OpenSSH_Crt && + cre_OpenSSH_PubKey && + cre_P12_Crt } # === cre_all () { - for DIGEST in ${RSA_DIGEST_LIST}; do - cre_all2 "rsa_${DIGEST}" || return $? +( + subtype="" + for type in ${SSH_SIGN_TYPES}; do + cre_all2 || exit $? done - cre_all2 dsa || return $? -if test "$SSH_X509V3_EXTENSIONS" = "usr_cert"; then - for DIGEST in ${RSA_DIGEST_LIST}; do - cre_all3 "rsa_${DIGEST}" || return $? + test "$SSH_X509V3_EXTENSIONS" = "srv_cert" && exit 0 + + subtype="-revoked" + for type in ${SSH_SIGN_TYPES}; do + cre_all2 && + revoke_crt || exit $? done - cre_all3 dsa || return $? -fi - return 0 + exit 0 +) } # === @@ -287,4 +260,4 @@ cre_all; retval=$? echo -show_status $retval "${extd}Creating ${warn}TEST certificates${norm} ${extd}with common name:${norm}${attn}${SSH_BASE_DN_CN}${norm} ..." +show_status $retval "${extd}Creating${norm} ${attn}${SSH_BASE_DN_CN}${norm} group of ${warn}test${norm} certificates" diff -ruN openssh-3.7.1p2+x509g2/tests/CA/4-cre_crls.sh openssh-3.7.1p2+x509g4/tests/CA/4-cre_crls.sh --- openssh-3.7.1p2+x509g2/tests/CA/4-cre_crls.sh 2003-05-26 10:10:45.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/4-cre_crls.sh 2004-02-16 21:02:12.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -30,24 +30,24 @@ OPENSSH_LOG="$CWD/openssh_ca-4.log" -cat /dev/null > .delmy +create_empty_file .delmy && update_file .delmy "$OPENSSH_LOG" > /dev/null || exit $? # === cre_crlfile() { - local type="$1" - local retval=0 +( + type="$1" -( cd "${SSH_CACRLDIR}" || exit $? + cd "${SSH_CACRLDIR}" || exit $? FILE="${CAKEY_PREFIX}-${type}.crl.pem" - printf '%s' "creating ${extd}CA CRL file${norm} for ${attn}${type}${norm} certificates..." + printf '%s' "- ${attn}${type}${norm} certificates" ${OPENSSL} ca \ -config "${SSH_CACFGFILE}" \ -name "CA_OpenSSH_${type}" \ - -passin pass:$KEY_PASS \ + -passin pass:${KEY_PASS} \ -gencrl \ -out "${FILE}" \ 2>> "$OPENSSH_LOG" \ @@ -69,10 +69,10 @@ echo "=== create a new CRL ===" >> "$OPENSSH_LOG" rm -f "${SSH_CACRLDIR}"/* 2>/dev/null - for DIGEST in ${RSA_DIGEST_LIST}; do - cre_crlfile "rsa_${DIGEST}" || return $? + printf '%s\n' "creating ${extd}CA CRL file${norm} for ..." + for type in ${SSH_SIGN_TYPES}; do + cre_crlfile "${type}" || return $? done - cre_crlfile "dsa" || return $? return 0 } @@ -80,25 +80,21 @@ # === cre_CAcrlfile () { - local crlfile="${SSH_CAROOT}/${CACRLFILE}" +( + crlfile="${SSH_CAROOT}/${CACRLFILE}" - cp /dev/null "${crlfile}" && - for DIGEST in ${RSA_DIGEST_LIST}; do + create_empty_file "${crlfile}" && + for type in ${SSH_SIGN_TYPES}; do ( ${OPENSSL} crl \ - -in "${SSH_CACRLDIR}/${CAKEY_PREFIX}-rsa_${DIGEST}.crl.pem" \ + -in "${SSH_CACRLDIR}/${CAKEY_PREFIX}-${type}.crl.pem" \ -text \ 2>> "$OPENSSH_LOG" echo; echo - ) >> "${crlfile}" || return $? + ) >> "${crlfile}" || exit $? done - ( ${OPENSSL} crl \ - -in "${SSH_CACRLDIR}/${CAKEY_PREFIX}-dsa.crl.pem" \ - -text \ - 2>> "$OPENSSH_LOG" - echo; echo - ) >> "${crlfile}" || return $? - return 0 + exit 0 +) } @@ -106,13 +102,12 @@ cre_all () { cre_crlindir || return $? - printf '%s' "creating ${extd}CA CRL file${norm}..." + printf '%s' "creating ${extd}CA CRL ${attn}common${norm} ${extd}file${norm} ..." cre_CAcrlfile; show_status $? - } # === cre_all; retval=$? -show_status $retval "${extd}Creating ${warn}TEST${norm} ${attn}Certificate Authority${norm} CRL files ..." +show_status $retval "${extd}Creating${norm} ${warn}TEST${norm} ${attn}Certificate Authority${norm} CRL files" diff -ruN openssh-3.7.1p2+x509g2/tests/CA/config openssh-3.7.1p2+x509g4/tests/CA/config --- openssh-3.7.1p2+x509g2/tests/CA/config 2003-06-09 19:12:17.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/config 2004-02-16 22:23:19.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -74,7 +74,7 @@ if test -z "${OPENSSL}"; then OPENSSL=`which openssl 2>/dev/null` if test -z "${OPENSSL}"; then - echo "error:cannot find openssl is your path !" 1>&2 + echo "error:cannot find openssl is your path !" >&2 exit 1 fi fi @@ -96,12 +96,19 @@ done fi if test -z "${RSA_DIGEST_LIST}"; then - echo "RSA_DIGEST_LIST is empty" 1>&2 + echo "RSA_DIGEST_LIST is empty" >&2 exit 1 fi echo "RSA digest list: ${RSA_DIGEST_LIST}" +SSH_SIGN_TYPES="" +for DIGEST in ${RSA_DIGEST_LIST}; do + SSH_SIGN_TYPES="${SSH_SIGN_TYPES} rsa_${DIGEST}" +done + SSH_SIGN_TYPES="${SSH_SIGN_TYPES} dsa" + + # === server section: if test -z "${SSHD_PORT}"; then @@ -124,8 +131,6 @@ KEY_PASS="change_it" CAKEY_PREFIX="catest" -RSA_BASENAME="${CAKEY_PREFIX}-rsa" -DSA_BASENAME="${CAKEY_PREFIX}-dsa" SSH_CAROOT="`pwd`/ca-test" SSH_CAKEYDIR="${SSH_CAROOT}/keys" diff -ruN openssh-3.7.1p2+x509g2/tests/CA/functions openssh-3.7.1p2+x509g4/tests/CA/functions --- openssh-3.7.1p2+x509g2/tests/CA/functions 2003-03-19 19:12:51.000000000 +0200 +++ openssh-3.7.1p2+x509g4/tests/CA/functions 2004-02-17 21:23:33.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -122,19 +122,19 @@ # === getNextFreeName() { - local var="$1" - local limit="$2" + var="$1" + limit="$2" if test -z "${limit}"; then limit=10 fi - local count=0 + count=0 while true; do test ! -f "${var}${count}" && break count=`expr ${count} + 1` if test ${count} -ge ${limit}; then - echo "getNextFreeName: ${warn}limit reached${norm} for file ${attn}${var}${norm}" 1>&2 + echo "getNextFreeName: ${warn}limit reached${norm} for file ${attn}${var}${norm}" >&2 echo "" return 33 @@ -148,14 +148,14 @@ # === getNextDirName() { - local var="$1" - local count=0 + var="$1" + count=0 while true; do test ! -d "${var}.${count}" && break count=`expr ${count} + 1` done if test ${count} -ge 10; then - echo "${warn}please remove ${attn}${var}${warn} backup directories !${norm}" 1>&2 + echo "${warn}please remove ${attn}${var}${warn} backup directories !${norm}" >&2 return 33 fi echo $count @@ -164,14 +164,18 @@ # === +create_empty_file () { + cat /dev/null > "$1" +} + + +# === update_file () { - local var_new="$1" - local var_old="$2" - local backup - local not_writable + var_new="$1" + var_old="$2" if test ! -f "${var_old}"; then - printf '%s' "creating file ${attn}${var_old}${norm} ... " + printf '%s' "creating file ${attn}${var_old}${norm}" mv "${var_new}" "${var_old}"; show_status $? return $? fi @@ -184,10 +188,10 @@ fi backup=`getNextFreeName "${var_old}."` || return $? - printf '%s' "saving old file as ${attn}${backup}${norm} ... " + printf '%s' "saving old file as ${attn}${backup}${norm}" cp -p "${var_old}" "${backup}"; show_status $? || return $? - printf '%s' "updating file ${attn}${var_old}${norm} ... " + printf '%s' "updating file ${attn}${var_old}${norm}" if test ! -w "${var_old}"; then chmod u+w "${var_old}" not_writable="yes" @@ -203,17 +207,17 @@ # === getSSHkeyType () { - local identity_file="$1" + identity_file="$1" if test ! -r "$identity_file"; then - error_file_not_readable "${identity_file}" 1>&2; return $? + error_file_not_readable "${identity_file}" >&2; return $? fi - local sshkeytype="unspec" - local retval=0 + sshkeytype="unspec" + retval=0 sshkeytype=`"${TEST_SSH_SSHKEYGEN}" -f "${identity_file}" -y 2>/dev/null`; retval=$? if test $retval -ne 0 ; then - echo "${warn}command${norm} ${TEST_SSH_SSHKEYGEN} ${warn}fail${norm}" 1>&2 + echo "${warn}command${norm} ${TEST_SSH_SSHKEYGEN} ${warn}fail${norm}" >&2 return $retval fi echo "${sshkeytype}" | cut -d ' ' -f 1 @@ -223,23 +227,23 @@ # === getSubject () { - local identity_file="$1" + identity_file="$1" #rest of arguments passed to openssl if test ! -r "$identity_file"; then - error_file_not_readable "${identity_file}" 1>&2 + error_file_not_readable "${identity_file}" >&2 return 1 fi shift - local retval=0 + retval=0 -#bash bug or ?: when all is on only one line retval is always zero :-/ !!! +#bash bug or ?: when commands are on only one line retval is always zero :-/ !!! +#unix sh don't like local :-) # local subject=`"${OPENSSL}" x509 -noout -subject -in "${identity_file}" $*`; retval=$? - local subject subject=`"${OPENSSL}" x509 -noout -subject -in "${identity_file}" $* 2>/dev/null`; retval=$? if test $retval -ne 0 ; then - echo "${warn}cannot get certificate subject${norm}" 1>&2 + echo "${warn}cannot get certificate subject${norm}" >&2 return $retval fi echo "$subject" | cut -d ' ' -f 2- @@ -248,9 +252,7 @@ #=== creX509AuthorizedKeysFile () { - local identity_file="$1" - local sshkeytype - local subject + identity_file="$1" sshkeytype=`getSSHkeyType "${identity_file}"` || return $? subject=`getSubject "${identity_file}"` || return $? diff -ruN openssh-3.7.1p2+x509g2/tests/CA/Makefile.in openssh-3.7.1p2+x509g4/tests/CA/Makefile.in --- openssh-3.7.1p2+x509g2/tests/CA/Makefile.in 2003-05-26 11:35:07.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/Makefile.in 2004-02-21 22:11:12.000000000 +0200 @@ -1,12 +1,15 @@ srcdir=@srcdir@ + all: clean: - rm -f testhostkey_* testid_* + rm -f testhostkey_* + rm -f testid_* rm -fr ca-test/ rm -f openssh_ca-?.log* + rm -f openssh_ca-3.*.log* rm -f sshd_x509.log distclean: clean @@ -14,31 +17,33 @@ # === -check-certs: ca_files host_keys rsa_keys dsa_keys crl_files +check-certs: ca_files hostkeys identities crl_files @echo $(SHELL) $(srcdir)/openssh_tests.sh # === ca_files: ca-test/catest.config ca-test/catest-bundle.crt +#user is responsible to recreate X.509 tests files !!! +#ca-test/catest.config: $(srcdir)/config ca-test/catest.config: @echo $(SHELL) $(srcdir)/1-cre_cadb.sh -ca-test/catest-bundle.crt: +ca-test/catest-bundle.crt: ca-test/catest.config @echo $(SHELL) $(srcdir)/2-cre_cakeys.sh # === -host_keys: testhostkey_rsa testhostkey_rsa-rsa_md5 testhostkey_dsa testhostkey_dsa-rsa_md5 +hostkeys: testhostkey_rsa testhostkey_rsa-rsa_md5 testhostkey_dsa testhostkey_dsa-rsa_md5 testhostkey_rsa: @echo @echo "generating RSA 'hostkey'" $(TEST_SSH_SSHKEYGEN) -t rsa -b 1024 -f $@ -N "" -testhostkey_rsa-rsa_md5: testhostkey_rsa +testhostkey_rsa-rsa_md5: testhostkey_rsa ca-test/catest-bundle.crt @echo @echo "generating RSA server certificates, keys, etc." $(SHELL) $(srcdir)/3-cre_certs.sh -f testhostkey_rsa -t server -n "localhost RSA" @@ -48,43 +53,39 @@ @echo "generating DSA 'hostkey'" $(TEST_SSH_SSHKEYGEN) -t dsa -b 1024 -f $@ -N "" -testhostkey_dsa-rsa_md5: testhostkey_dsa +testhostkey_dsa-rsa_md5: testhostkey_dsa ca-test/catest-bundle.crt @echo @echo "generating DSA server certificates, keys, etc." $(SHELL) $(srcdir)/3-cre_certs.sh -f testhostkey_dsa -t server -n "localhost DSA" # === -rsa_keys: testid_rsa testid_rsa-rsa_md5 +identities: testid_rsa testid_rsa-rsa_md5 testid_dsa testid_dsa-rsa_md5 testid_rsa: @echo @echo "generating RSA 'Identity'" $(TEST_SSH_SSHKEYGEN) -t rsa -b 1024 -f $@ -N "" -testid_rsa-rsa_md5: testid_rsa +testid_rsa-rsa_md5: testid_rsa ca-test/catest-bundle.crt @echo @echo "generating RSA client certificates, keys, etc." $(SHELL) $(srcdir)/3-cre_certs.sh -f testid_rsa -t client -n "OpenSSH RSA test certificate" - -# === -dsa_keys: testid_dsa testid_dsa-rsa_md5 - testid_dsa: @echo @echo "generating DSA 'Identity'" $(TEST_SSH_SSHKEYGEN) -t dsa -b 1024 -f $@ -N "" -testid_dsa-rsa_md5: testid_dsa +testid_dsa-rsa_md5: testid_dsa ca-test/catest-bundle.crt @echo @echo "generating DSA client certificates, keys, etc." $(SHELL) $(srcdir)/3-cre_certs.sh -f testid_dsa -t client -n "OpenSSH DSA test certificate" - + # === crl_files: ca-test/catest-bundle.crl -ca-test/catest-bundle.crl: +ca-test/catest-bundle.crl: testid_rsa-rsa_md5 testid_dsa-rsa_md5 @echo $(SHELL) $(srcdir)/4-cre_crls.sh diff -ruN openssh-3.7.1p2+x509g2/tests/CA/openssh_tests.sh openssh-3.7.1p2+x509g4/tests/CA/openssh_tests.sh --- openssh-3.7.1p2+x509g2/tests/CA/openssh_tests.sh 2003-06-10 15:39:04.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/openssh_tests.sh 2004-03-08 23:50:23.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -97,7 +97,7 @@ echo "=======================================================================" >> "${SSHD_LOG}" if test -f "${SSHD_PID}"; then - echo "${warn}sshd pid file exist!${norm}" 1>&2 + echo "${warn}sshd pid file exist!${norm}" >&2 fi #NOTES: @@ -111,7 +111,7 @@ sleep 3 if test ! -f "${SSHD_PID}"; then - printf "${warn}cannot start sshd:${norm} " 1>&2 + printf "${warn}cannot start sshd:${norm} " >&2 error_file_not_readable "${SSHD_PID}" return 33 fi @@ -120,7 +120,7 @@ # === killSSHdaemon() { - local K +( $SUDO kill `cat "${SSHD_PID}" 2>/dev/null` > /dev/null 2>&1 K=0 while test $K -le 9; do @@ -135,9 +135,9 @@ $SUDO kill -9 `cat "${SSHD_PID}" 2>/dev/null` > /dev/null 2>&1 sleep 1 $SUDO rm -f "${SSHD_PID}" > /dev/null 2>&1 - return 0 fi - return 0 + exit 0 +) } @@ -180,7 +180,7 @@ StrictModes no PasswordAuthentication no PubkeyAuthentication yes -RhostsAuthentication no +#deprecated#RhostsAuthentication no RhostsRSAAuthentication no RSAAuthentication no @@ -203,70 +203,51 @@ #X509rsaSigType=md5 #AllowedCertPurpose sslserver +EOF +if test "x${SSH_X509STORE_DISABLED}" != "xyes"; then + cat >> "${SSH_CFG}" < "${SSH_ERRLOG}" > "${SSH_REPLY}" -} +#args: +# $1 - type +# $2 - identity_file or empty +# $3 - info +# $4 - request to fail flag +runTest () { +( + printf '%s' " * ${extd}${1}${norm} ${3}" + msg="OpenSSH Certificate TeSt-${1}" -runTest () { - # - #linux ksh bugs (?): - # variables type, identity_file, info and must_fail - # must have uniq names in functions runTest and/or run_ssh !!! - #About type: - # let after first call its values is "AAA", after second call its - # value is "AAA BBB", next call "AAA BBB CCC". Because type is used - # only in echo comands only output look bad (test is auth_file). - #About identity_file: - # after first call to run_ssh with nonempty argument identity_file - # has value "-i XXXXX", is second call value is "-i -i XXXXX" and - # this break ssh and all tests. - #About info: - # crl tests output is not complete. - #About must_fail: - # bug break crl tests. - # - #Note that these problems cannot be reproduces in simple test scrips - # - local runTest_type="$1" - local runTest_identity_file="$2" - local runTest_info="$3" - local runTest_must_fail="$4" - local msg="OpenSSH Certificate TeSt-${runTest_type}" - local retval=0 + sshopts="" + #sshopts="${sshopts} -v -v -v + test -n "$2" && sshopts="${sshopts} -i $2" + #assignment to variable "identity_file" crash ksh :-( + #identity_file="value_without_significance" - case $runTest_must_fail in + case $4 in Y|y|Yes|yes|YES|1) - runTest_must_fail=1;; + must_fail=1;; *) - runTest_must_fail=0;; + must_fail=0;; esac - printf '%s' " * ${extd}${runTest_type}${norm} ${runTest_info}" - run_ssh "${runTest_identity_file}" "${msg}"; retval=$? + creTestSSHcfgFile || exit $? + + "$TEST_SSH_SSH" -F "${SSH_CFG}" ${sshopts} \ + ${SSH_EXTRA_OPTIONS} \ + ${SSHD_LISTENADDRESS} "echo \"${msg}\"" \ + 2> "${SSH_ERRLOG}" > "${SSH_REPLY}"; retval=$? - if test "x$runTest_must_fail" = "x1"; then + if test "x$must_fail" = "x1"; then if test $retval -ne 0; then retval=0 else @@ -279,7 +260,7 @@ printf '%s' "${warn}" cat "${SSH_ERRLOG}"; printf '%s' "${norm}" else - if test "x$runTest_must_fail" = "x1"; then + if test "x$must_fail" = "x1"; then if ! fgrep 'Permission denied (publickey)' "${SSH_ERRLOG}" > /dev/null; then retval=33 printf '%s' "${warn}" @@ -296,7 +277,8 @@ fi fi - return $retval + exit $retval +) } diff -ruN openssh-3.7.1p2+x509g2/tests/CA/shell.rc openssh-3.7.1p2+x509g4/tests/CA/shell.rc --- openssh-3.7.1p2+x509g2/tests/CA/shell.rc 2003-03-19 18:27:54.000000000 +0200 +++ openssh-3.7.1p2+x509g4/tests/CA/shell.rc 2004-02-14 22:16:21.000000000 +0200 @@ -1,4 +1,4 @@ -# Copyright (c) 2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2003-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -35,7 +35,7 @@ # echo F=$F # done - setopt SH_WORD_SPLIT + setopt SH_WORD_SPLIT # SH_WORD_SPLIT (-y) # Causes field splitting to be performed on unquoted parameter # expansions. Note that this option has nothing to do with word diff -ruN openssh-3.7.1p2+x509g2/tests/CA/test-agent.sh.inc openssh-3.7.1p2+x509g4/tests/CA/test-agent.sh.inc --- openssh-3.7.1p2+x509g2/tests/CA/test-agent.sh.inc 2003-05-29 12:38:07.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/test-agent.sh.inc 2004-03-09 08:52:32.000000000 +0200 @@ -1,5 +1,5 @@ # -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -28,9 +28,11 @@ # === +#env. vars: +# SSH_CLIENTKEY +# type testAgent () { - local type="$1" - local identity_file="${SSH_CLIENTKEY}-${type}" + identity_file="${SSH_CLIENTKEY}-${type}" if test ! -r "${identity_file}"; then error_file_not_readable "${identity_file}"; return $? fi @@ -42,7 +44,7 @@ sshkeytype=`getSSHkeyType "${identity_file}"` || exit $? subject=`getSubject "${identity_file}"` || exit $? - echo "${sshkeytype} Subject: ${subject}" + echo "${sshkeytype} Subject: ${subject}" fi ) > "${AUTHORIZEDKEYSFILE}" || return $? @@ -114,14 +116,14 @@ "${TEST_SSH_SSHADD}" -L > /dev/null; checkEmptyListResponse $? killAgent 0 -) || return $? - +) } + # === do_test () { - local retval=0 + retval=0 if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then echo "* ${extd}with x509 identity from ${attn}agent${norm}:" else @@ -129,23 +131,26 @@ fi creTestSSHDcfgFile + if test "x${SSH_X509STORE_DISABLED}" != "xyes"; then cat >> "$SSHD_CFG" < "${AUTHORIZEDKEYSFILE}" runTest "${type}" "${identity_file}"\ "${warn}invalid${norm} blob" "Yes" || return $? - - return 0 } # === do_test () { - local retval=0 + retval=0 if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then echo "* ${extd}with autorization by x509 ${attn}blob${norm}:" else @@ -60,23 +59,26 @@ fi creTestSSHDcfgFile + if test "x${SSH_X509STORE_DISABLED}" != "xyes"; then cat >> "$SSHD_CFG" <> "$SSHD_CFG" <> "$SSHD_CFG" <> "$SSHD_CFG" < /dev/null - local FILE="${SSH_CACRLDIR}/${CAKEY_PREFIX}-${crltype}.crl.pem" - local HASH + FILE="${SSH_CACRLDIR}/${CAKEY_PREFIX}-${crltype}.crl.pem" HASH=`${OPENSSL} crl -out /dev/null -in "${FILE}" -hash`; retval=$? - if test $retval -eq 0; then + if test ${retval} -eq 0; then hashfile="${CRL_TEST_DIR}/${HASH}.r0" ln -s "${FILE}" "${hashfile}" #link might never fail :-( test -h "${hashfile}"; retval=$? fi #printf "${norm}" - show_status $retval || return $? + show_status ${retval} || return $? - if test $retval -eq 0; then ( - for DIGEST in ${RSA_DIGEST_LIST}; do - test_crlbytype0 "${crltype}" "rsa_${DIGEST}" || exit $? + for type in ${SSH_SIGN_TYPES}; do + for SSH_CLIENTKEY in ${TEST_SSH_CLIENTKEYS}; do + identity_file="${SSH_CLIENTKEY}-${type}-revoked" + + creX509AuthorizedKeysFile "${identity_file}" || exit $? + + if test "${type}" = "${crltype}"; then + runTest "${SSH_CLIENTKEY}-${warn}${type}-revoked${norm}" \ + "${identity_file}" "" "Yes" + else + runTest "${identity_file}" \ + "${identity_file}" "" "" + fi || exit $? + done done - test_crlbytype0 "${crltype}" "dsa" || exit $? + exit 0 ); retval=$? - fi - if test $retval -eq 0; then + if test ${retval} -eq 0; then rm -f "${hashfile}"; retval=$? else rm -f "${hashfile}" fi - return $retval + return ${retval} } #=== test_onlyonecrl () { - local retval=0 - local CRL_TEST_DIR="${SSH_CAROOT}/crl-test" + retval=0 + CRL_TEST_DIR="${SSH_CAROOT}/crl-test" printSeparator - echo "Begin test ${extd}with only ${attn}one CRL file${norm} in ${attn}CARevocationPath${norm}..." + echo "Check ${extd}revoked${norm} with only ${attn}one CRL${norm} file in ${attn}CARevocationPath${norm} ..." mkdir -p "${CRL_TEST_DIR}" || return $? @@ -228,31 +186,33 @@ runSSHdaemon && ( - for DIGEST in ${RSA_DIGEST_LIST}; do - test_crlbytype "rsa_${DIGEST}" || exit $? + for crltype in ${SSH_SIGN_TYPES}; do + test_crlbytype || exit $? done - test_crlbytype "dsa" || exit $? ); retval=$? killSSHdaemon rm -f "${CRL_TEST_DIR}"/* 2> /dev/null - if test $retval -eq 0; then + if test ${retval} -eq 0; then rmdir "${CRL_TEST_DIR}"; retval=$? else rmdir "${CRL_TEST_DIR}" fi - return $retval + return ${retval} } #=== + do_test () { + if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + echo "* ${extd}X.509 store${norm} is ${attn}disabled${norm}" + return 1 + fi echo "* ${extd}against ${attn}CA CRL${norm} file and/or hash-dir:" test_nocrl && test_crlfile && test_crldir && test_onlyonecrl - - return $? } diff -ruN openssh-3.7.1p2+x509g2/tests/CA/test-dn_auth_file.sh.inc openssh-3.7.1p2+x509g4/tests/CA/test-dn_auth_file.sh.inc --- openssh-3.7.1p2+x509g2/tests/CA/test-dn_auth_file.sh.inc 2003-05-26 10:10:45.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/test-dn_auth_file.sh.inc 2004-03-09 08:51:13.000000000 +0200 @@ -1,5 +1,5 @@ # -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -27,20 +27,19 @@ # === +#env. vars: +# SSH_CLIENTKEY +# type testDNautorizations1 () { - local type="$1" - local identity_file="${SSH_CLIENTKEY}-${type}" + identity_file="${SSH_CLIENTKEY}-${type}" if test ! -r "$identity_file"; then error_file_not_readable "${identity_file}"; return $? fi - local sshkeytype - local subject - sshkeytype=`getSSHkeyType "${identity_file}"` || return $? subject=`getSubject "${identity_file}"` || return $? - for subtype in\ + for subtype in \ "Subject:" \ "SuBjecT=" \ "sUbjecT" \ @@ -60,22 +59,27 @@ runTest "${type} ${subtype} in ${attn}RFC2253${norm} format" "${identity_file}" "" || return $? echo "${sshkeytype} ${subtype} ${subject}" | sed -e 's/,/\//'> "${AUTHORIZEDKEYSFILE}" - runTest "${type} ${subtype} and mixed tag-separator symbol" "${identity_file}" "" || return $? + runTest "${type} ${subtype} and mixed item-separator symbol" "${identity_file}" "" || return $? - for subtype in\ + for subtype in \ "Invalid" \ "Subject-" \ ; do echo "${sshkeytype} ${subtype} ${subject}" > "${AUTHORIZEDKEYSFILE}" - runTest "${type} ${warn}${subtype}${norm}" "${identity_file}"\ + runTest "${type} ${warn}${subtype}${norm}" "${identity_file}" \ "autorization type" "Yes" || return $? done subtype="Subject" + printf "${sshkeytype} ${subtype}," > "${AUTHORIZEDKEYSFILE}" + runTest "${type} ${warn}empty${norm} ${subtype}" "${identity_file}" \ + "" "Yes" || return $? + + subtype="Subject" ( printf "${sshkeytype} ${subtype}" echo "${subject}" | cut -c -40 ) > "${AUTHORIZEDKEYSFILE}" - runTest "${type} ${warn}invalid${norm} ${subtype}" "${identity_file}"\ + runTest "${type} ${warn}invalid${norm} ${subtype}" "${identity_file}" \ "" "Yes" || return $? return 0 @@ -85,7 +89,10 @@ # === do_test () { - local retval=0 + if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + echo "* ${extd}X.509 store${norm} is ${attn}disabled${norm}" + return 1 + fi echo "* ${extd}against ${attn}CACertificateFile${norm} and autorization by x509 ${attn}'Distinguished Name'${norm}:" creTestSSHDcfgFile @@ -97,15 +104,16 @@ EOF runSSHdaemon || return $? + ( for SSH_CLIENTKEY in ${TEST_SSH_CLIENTKEYS}; do printSeparator - echo "Begin test with base key_file ${attn}${SSH_CLIENTKEY}${norm}..." + echo "Begin test with base key_file ${attn}${SSH_CLIENTKEY}${norm} ..." - for DIGEST in ${RSA_DIGEST_LIST}; do - test $retval -eq 0 && testDNautorizations1 "rsa_${DIGEST}"; retval=$? + for type in ${SSH_SIGN_TYPES}; do + testDNautorizations1 || exit $? done - test $retval -eq 0 && testDNautorizations1 "dsa" ; retval=$? done + ); retval=$? killSSHdaemon return $retval } diff -ruN openssh-3.7.1p2+x509g2/tests/CA/test-dn_auth_path.sh.inc openssh-3.7.1p2+x509g4/tests/CA/test-dn_auth_path.sh.inc --- openssh-3.7.1p2+x509g2/tests/CA/test-dn_auth_path.sh.inc 2003-05-26 10:10:45.000000000 +0300 +++ openssh-3.7.1p2+x509g4/tests/CA/test-dn_auth_path.sh.inc 2004-03-09 08:50:54.000000000 +0200 @@ -1,5 +1,5 @@ # -# Copyright (c) 2002-2003 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -27,10 +27,12 @@ # === +#env. vars: +# SSH_CLIENTKEY +# catype +# type testDNautorizations2 () { - local catype="$1" - local type="$2" - local identity_file="${SSH_CLIENTKEY}-${type}" + identity_file="${SSH_CLIENTKEY}-${type}" creX509AuthorizedKeysFile "${identity_file}" || return $? @@ -42,38 +44,34 @@ runTest "${type}" \ "${identity_file}" \ "${warn}!${norm}" "Yes" - fi || return $? - - return 0 + fi } # === - +#env. vars: +# catype do_test_catype () { - local catype="$1" - local type="undefined" - echo " - autorization by x509 ${attn}Subject${norm} against CA key ${attn}${catype}${norm}" - #echo is for zsh(!) - for DIGEST in ${RSA_DIGEST_LIST}; do - testDNautorizations2 "${catype}" "rsa_${DIGEST}" || return $? + for type in ${SSH_SIGN_TYPES}; do + testDNautorizations2 "${catype}" "${type}" || return $? done - testDNautorizations2 "${catype}" "dsa" || return $? - - return 0 } # === do_test () { - local retval=0 + if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + echo "* ${extd}X.509 store${norm} is ${attn}disabled${norm}" + return 1 + fi echo "* ${extd}against ${attn}CACertificatePath${norm}:" + CRT_TEST_DIR="${SSH_CAROOT}/crt-test" + creTestSSHDcfgFile - local CRT_TEST_DIR="${SSH_CAROOT}/crt-test" cat >> "$SSHD_CFG" </dev/null - for DIGEST in ${RSA_DIGEST_LIST}; do - if test $retval -eq 0; then - type="rsa_${DIGEST}" - HASH=`$OPENSSL x509 -in "${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" -noout -hash` - ( cd "${CRT_TEST_DIR}" || exit $? - ln -s "${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" "$HASH.0" - #link might never fail :-( - test -h "$HASH.0" - ) && - do_test_catype "${type}"; retval=$? - rm -f "${CRT_TEST_DIR}/$HASH.0" + for catype in ${SSH_SIGN_TYPES}; do + F="${SSH_CACERTDIR}/${CAKEY_PREFIX}-${catype}.crt.pem" + HASH=`$OPENSSL x509 -in "${F}" -noout -hash` + ( cd "${CRT_TEST_DIR}" || exit $? + ln -s "${F}" "$HASH.0" + #link might never fail :-( + test -h "$HASH.0" + ) && + do_test_catype; retval=$? + rm -f "${CRT_TEST_DIR}/$HASH.0" + if test $retval -ne 0; then + break fi done - if test $retval -eq 0; then - type="dsa" - HASH=`$OPENSSL x509 -in "${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" -noout -hash` - ( cd "${CRT_TEST_DIR}" || exit $? - ln -s "${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" "$HASH.0" - #link might never fail :-( - test -h "$HASH.0" - ) && - do_test_catype "${type}"; retval=$? - rm -f "${CRT_TEST_DIR}/$HASH.0" - fi rmdir "${CRT_TEST_DIR}" + if test $retval -ne 0; then + exit $retval + fi done + + exit 0 + ); retval=$? killSSHdaemon return $retval } diff -ruN openssh-3.7.1p2+x509g2/tests/CA/verify.sh openssh-3.7.1p2+x509g4/tests/CA/verify.sh --- openssh-3.7.1p2+x509g2/tests/CA/verify.sh 2003-03-06 13:45:28.000000000 +0200 +++ openssh-3.7.1p2+x509g4/tests/CA/verify.sh 2004-02-15 00:34:42.000000000 +0200 @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (c) 2002 Roumen Petrov, Sofia, Bulgaria +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -34,7 +34,10 @@ "${OPENSSL} verify -CApath ${SSH_CACERTDIR}" \ ; do echo ${attn}${VERIFY} ....${norm} - for F in testid_*.crt testhostkey_*.crt; do + for F in \ + testid_*.crt \ + testhostkey_*.crt \ + ; do ${VERIFY} "$F" || exit 1 done done diff -ruN openssh-3.7.1p2+x509g2/x509store.c openssh-3.7.1p2+x509g4/x509store.c --- openssh-3.7.1p2+x509g2/x509store.c 2003-09-12 09:49:20.000000000 +0300 +++ openssh-3.7.1p2+x509g4/x509store.c 2004-03-03 16:56:30.000000000 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -31,7 +31,7 @@ #endif /*ndef SSH_X509STORE_DISABLED*/ /* allowed client/server certificate purpose */ -typedef struct { +typedef struct { int is_server; int index; } SSHallowedX509purpose; @@ -57,24 +57,30 @@ int k; char *p; + if (_asni == NULL) { + error("ssh_ASN1_INTEGER_2_string: _asni is NULL"); + return(NULL); + } + bio = BIO_new(BIO_s_mem()); if (bio == NULL) { fatal("ssh_ASN1_INTEGER_2_string: out of memory"); - return NULL; /* ;-) */ + return(NULL); /* ;-) */ } i2a_ASN1_INTEGER(bio, _asni); k = BIO_pending(bio); - p = xmalloc(k + 1); + p = xmalloc(k + 1); /*fatal on error*/ k = BIO_read(bio, p, k); p[k] = '\0'; BIO_free_all(bio); - return p; + return(p); } +#endif /*def SSH_CHECK_REVOKED*/ -static int +int ssh_x509store_lookup(X509_STORE *store, int type, X509_NAME *name, X509_OBJECT *xobj) { X509_STORE_CTX ctx; int ret; @@ -83,31 +89,16 @@ ret = X509_STORE_get_by_subject(&ctx, type, name, xobj); X509_STORE_CTX_cleanup(&ctx); - return ret; + return(ret); } -#endif /*def SSH_CHECK_REVOKED*/ -#if 0 -/* - * Who use today win16 platform ? - */ -#ifndef MS_CALLBACK -# ifdef WIN16 -# define MS_CALLBACK _far _loadds -# else -# define MS_CALLBACK -# endif -#endif /*ndef MS_CALLBACK*/ -static int MS_CALLBACK -#else static int -#endif ssh_x509store_cb(int ok, X509_STORE_CTX *ctx) { if (!ok) { char buf[512]; - X509_NAME_oneline( X509_get_subject_name(ctx->current_cert), buf, sizeof(buf)); - error("ssh_x509store_cb: subject='%.512s', error %d at %d depth lookup:%.200s\n", + X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, sizeof(buf)); + error("ssh_x509store_cb: subject='%.512s', error %d at %d depth lookup:%.200s", buf, ctx->error, ctx->error_depth, @@ -174,31 +165,38 @@ static const char* -get_cert_purpose (const char* _purpose_synonym, CertPurposes *_purposes) { +get_cert_purpose(const char* _purpose_synonym, CertPurposes *_purposes) { int i; for (i = 0; _purposes[i].synonyms; i++) { const char *q = _purposes[i].synonyms[0]; if (strcasecmp(_purpose_synonym, q) == 0 ) { - return q; + return(q); } else { const char **p; for (p = (_purposes[i].synonyms) + 1; *p; p++) { if (strcasecmp(_purpose_synonym, *p) == 0 ) { - return q; + return(q); } } } } - return NULL; + return(NULL); } int -ssh_get_x509purpose_s (int _is_server, const char* _purpose_synonym) { +ssh_get_default_x509purpose(int _is_server) { + return(ssh_get_x509purpose_s(_is_server, + (_is_server ? __purpose_sslclient[0] : __purpose_sslserver[0]))); +} + + +int +ssh_get_x509purpose_s(int _is_server, const char* _purpose_synonym) { const char * sslpurpose; - + sslpurpose = get_cert_purpose(_purpose_synonym, (_is_server ? sslclient_purposes : sslserver_purposes)); if (sslpurpose != NULL) { @@ -208,16 +206,9 @@ "X509_PURPOSE_get_by_sname fail for argument '%.30s(%.40s)'", (_is_server ? "server" : "client"), sslpurpose, _purpose_synonym); - return purpose_index; + return(purpose_index); } - return -1; -} - - -int -ssh_get_default_x509purpose(int _is_server) { - return ssh_get_x509purpose_s (_is_server, - (_is_server ? __purpose_sslclient[0] : __purpose_sslserver[0])); + return(-1); } @@ -230,11 +221,11 @@ #ifndef SSH_X509STORE_DISABLED static void -ssh_x509store_initcontext() { +ssh_x509store_initcontext(void) { if (x509store == NULL) { x509store = X509_STORE_new(); if (x509store == NULL) { - fatal ("cannot create x509store context"); + fatal("cannot create x509store context"); } X509_STORE_set_verify_cb_func(x509store, ssh_x509store_cb); } @@ -242,7 +233,7 @@ if (x509revoked == NULL) { x509revoked = X509_STORE_new(); if (x509revoked == NULL) { - fatal ("cannot create x509revoced context"); + fatal("cannot create x509revoced context"); } } #endif @@ -250,40 +241,40 @@ int -ssh_x509store_addlocations (const X509StoreOptions *_locations) { +ssh_x509store_addlocations(const X509StoreOptions *_locations) { int flag = 0, flag2 = 0; if (_locations == NULL) { error("ssh_x509store_addlocations: _locations is NULL"); - return 0; + return(0); } if ((_locations->certificate_path == NULL) && (_locations->certificate_file == NULL)) { error("ssh_x509store_addlocations: certificate path and file are NULLs"); - return 0; + return(0); } #ifdef SSH_CHECK_REVOKED if ((_locations->revocation_path == NULL) && (_locations->revocation_file == NULL)) { error("ssh_x509store_addlocations: revocation path and file are NULLs"); - return 0; + return(0); } #endif ssh_x509store_initcontext(); /* - Note: - After X509_LOOKUP_{add_dir|load_file} calls we must call - ERR_clear_error() otherwise when the first call to - X509_LOOKUP_XXXX fail the second call fail too ! - */ + * Note: + * After X509_LOOKUP_{add_dir|load_file} calls we must call + * ERR_clear_error() otherwise when the first call to + * X509_LOOKUP_XXXX fail the second call fail too ! + */ if (_locations->certificate_path != NULL) { X509_LOOKUP *lookup = X509_STORE_add_lookup(x509store, X509_LOOKUP_hash_dir()); if (lookup == NULL) { fatal("ssh_x509store_addlocations:cannot add hash dir lookup !"); - return 0; /* ;-) */ + return(0); /* ;-) */ } if (X509_LOOKUP_add_dir(lookup, _locations->certificate_path, X509_FILETYPE_PEM)) { - debug2( "hash dir '%.400s' added to x509 store", _locations->certificate_path); + debug2("hash dir '%.400s' added to x509 store", _locations->certificate_path); flag = 1; } ERR_clear_error(); @@ -292,10 +283,10 @@ X509_LOOKUP *lookup = X509_STORE_add_lookup(x509store, X509_LOOKUP_file()); if (lookup == NULL) { fatal("ssh_x509store_addlocations:cannot add file lookup !"); - return 0; /* ;-) */ + return(0); /* ;-) */ } if (X509_LOOKUP_load_file(lookup, _locations->certificate_file, X509_FILETYPE_PEM)) { - debug2( "file '%.400s' added to x509 store", _locations->certificate_file); + debug2("file '%.400s' added to x509 store", _locations->certificate_file); flag = 1; } ERR_clear_error(); @@ -305,10 +296,10 @@ X509_LOOKUP *lookup = X509_STORE_add_lookup(x509revoked, X509_LOOKUP_hash_dir()); if (lookup == NULL) { fatal("ssh_x509store_addlocations:cannot add hash dir revocation lookup !"); - return 0; /* ;-) */ + return(0); /* ;-) */ } if (X509_LOOKUP_add_dir(lookup, _locations->revocation_path, X509_FILETYPE_PEM)) { - debug2( "hash dir '%.400s' added to x509 revocation store", _locations->revocation_path); + debug2("hash dir '%.400s' added to x509 revocation store", _locations->revocation_path); flag2 = 1; } ERR_clear_error(); @@ -317,10 +308,10 @@ X509_LOOKUP *lookup = X509_STORE_add_lookup(x509revoked, X509_LOOKUP_file()); if (lookup == NULL) { fatal("ssh_x509store_addlocations:cannot add file revocation lookup !"); - return 0; /* ;-) */ + return(0); /* ;-) */ } if (X509_LOOKUP_load_file(lookup, _locations->revocation_file, X509_FILETYPE_PEM)) { - debug2( "file '%.400s' added to x509 revocation store", _locations->revocation_file); + debug2("file '%.400s' added to x509 revocation store", _locations->revocation_file); flag2 = 1; } ERR_clear_error(); @@ -328,12 +319,12 @@ #else flag2 = 1; #endif - return flag && flag2; + return(flag && flag2); } static int -ssh_verify_cert (X509_STORE_CTX *_csc, X509 *_cert) { +ssh_verify_cert(X509_STORE_CTX *_csc, X509 *_cert) { X509_STORE_CTX_init(_csc, x509store, _cert, NULL); if (sshpurpose.index >= 0) { @@ -345,7 +336,7 @@ int purpose, flag; if (xptmp == NULL) { fatal("ssh_verify_cert: cannot get purpose from index"); - return -1; /* ;-) */ + return(-1); /* ;-) */ } purpose = X509_PURPOSE_get_id(xptmp); flag = X509_STORE_CTX_purpose_inherit(_csc, def_purpose, purpose, 0); @@ -355,9 +346,9 @@ * X509_STORE_CTX_set_purpose or X509_STORE_CTX_purpose_inherit. * * Both methods return 0 (zero) and don't change purpose in context when: - * -X509_STORE_CTX_set_purpose (...) + * -X509_STORE_CTX_set_purpose(...) * purpose is X509_PURPOSE_ANY - * -X509_STORE_CTX_purpose_inherit (...) + * -X509_STORE_CTX_purpose_inherit(...) * purpose is X509_PURPOSE_ANY and default purpose is zero (!) * * Take note when purpose is "any" check method in current @@ -379,12 +370,12 @@ /* clear rest of errors in OpenSSL "error buffer" */ ERR_clear_error(); - return -1; + return(-1); } } /* - if(issuer_checks) + if (issuer_checks) X509_STORE_CTX_set_flags(_csc, X509_V_FLAG_CB_ISSUER_CHECK); */ @@ -393,10 +384,10 @@ error("ssh_verify_cert: verify error, code=%d, msg='%.200s'" , ecode , X509_verify_cert_error_string(ecode)); - return -1; + return(-1); } - return 1; + return(1); } #endif /*ndef SSH_X509STORE_DISABLED*/ @@ -412,8 +403,8 @@ #ifndef SSH_X509STORE_DISABLED if (x509store == NULL) { - error("ssh_x509cert_check: context is NULL\n"); - return -1; + error("ssh_x509cert_check: context is NULL"); + return(-1); } if (get_log_level() >= SYSLOG_LEVEL_DEBUG3) { @@ -431,7 +422,7 @@ /* clear rest of errors in OpenSSL "error buffer" */ ERR_clear_error(); - return -1; + return(-1); } ret = ssh_verify_cert(csc, _cert); @@ -442,7 +433,7 @@ xptmp = X509_PURPOSE_get0(sshpurpose.index); if (xptmp == NULL) { fatal("ssh_x509cert_check: cannot get purpose from index"); - return -1; /* ;-) */ + return(-1); /* ;-) */ } ret = X509_check_purpose(_cert, X509_PURPOSE_get_id(xptmp), 0); if (ret < 0) { @@ -452,7 +443,7 @@ } #endif /*def SSH_X509STORE_DISABLED*/ debug3("ssh_x509cert_check: return %d", ret); - return (ret); + return(ret); } @@ -465,13 +456,13 @@ int k; if (_crl == NULL) { - return 1; + return(1); } cert = X509_STORE_CTX_get_current_cert(_ctx); if (cert == NULL) { error("ssh_check_crl: missing current certificate in x509store context"); - return 0; + return(0); } if (get_log_level() >= SYSLOG_LEVEL_DEBUG3) { @@ -482,7 +473,7 @@ bio = BIO_new(BIO_s_mem()); if (bio == NULL) { fatal("ssh_check_crl: out of memory"); - return 0; /* ;-) */ + return(0); /* ;-) */ } X509_NAME_oneline( X509_CRL_get_issuer(_crl), buf, sizeof(buf)); @@ -492,9 +483,9 @@ BIO_printf(bio, ", Next Update: "); ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(_crl)); - + k = BIO_pending(bio); - p = xmalloc(k + 1); + p = xmalloc(k + 1); /*fatal on error*/ k = BIO_read(bio, p, k); p[k] = '\0'; @@ -506,16 +497,16 @@ { EVP_PKEY *pkey = X509_get_pubkey(cert); - if(pkey == NULL) { + if (pkey == NULL) { error("ssh_check_crl:unable to devode public key"); X509_STORE_CTX_set_error(_ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY); - return 0; + return(0); } if (X509_CRL_verify(_crl, pkey) <= 0) { error("ssh_check_crl:CRL has invalid signature"); X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); - return 0; + return(0); } EVP_PKEY_free(pkey); } @@ -530,27 +521,27 @@ if (k == 0) { X509_STORE_CTX_set_error(_ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD); error("ssh_check_crl:CRL has invalid lastUpdate field"); - return 0; + return(0); } if (k > 0) { X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CRL_NOT_YET_VALID); error("ssh_check_crl:CRL is not yet valid"); - return 0; + return(0); } k = X509_cmp_time(X509_CRL_get_nextUpdate(_crl), pcheck_time); if (k == 0) { error("ssh_check_crl:CRL has invalid nextUpdate field"); X509_STORE_CTX_set_error(_ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); - return 0; + return(0); } if (k < 0) { error("ssh_check_crl:CRL is expired"); X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CRL_HAS_EXPIRED); - return 0; + return(0); } - return 1; + return(1); } @@ -560,10 +551,10 @@ int k; char *p, buf1[512], buf2[512]; - if (_crl == NULL) return 1; + if (_crl == NULL) return(1); revoked.serialNumber = X509_get_serialNumber(_cert); k = sk_X509_REVOKED_find(_crl->crl->revoked, &revoked); - if (k < 0) return 1; + if (k < 0) return(1); X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CERT_REVOKED); /* yes, revoked. print log and ...*/ @@ -571,11 +562,11 @@ X509_NAME_oneline(X509_get_subject_name(_cert), buf1, sizeof(buf1)); X509_NAME_oneline(X509_CRL_get_issuer (_crl ), buf2, sizeof(buf2)); - logit ("certificate '%.512s' with serial '%.40s' revoked from issuer '%.512s'", + error("certificate '%.512s' with serial '%.40s' revoked from issuer '%.512s'", buf1, p, buf2); - xfree (p); + xfree(p); - return 0; + return(0); } @@ -584,16 +575,16 @@ X509 *cert; X509_OBJECT xobj; - if (!ok) return 0; + if (!ok) return(0); if (x509revoked == NULL) - return ok; /* XXX:hmm */ + return(ok); /* XXX:hmm */ cert = X509_STORE_CTX_get_current_cert(ctx); if (cert == NULL) { error("ssh_x509revoked_cb: missing current certificate in x509store context"); - return 0; + return(0); } - + if (get_log_level() >= SYSLOG_LEVEL_DEBUG3) { char buf[512]; @@ -610,30 +601,30 @@ X509_get_subject_name(cert), &xobj) > 0) { /* - In callback we cannot check CRL signature at this point when we use - X509_get_issuer_name(), because we don't know issuer public key! - Of course we can get the public key from X509_STORE defined by - static variable "x509store". - Of course we can check revocation outside callback, but we should - try to find public key in X509_STORE[s]. - - At this point we can get easy public key of "current certificate"! - - Method: "look forward" - At this call we check CLR (signature and other) issued with "current - certificate" ("CertA"). If all is OK with "CertA" by next call of - callback method "current certificate" is signed from "CertA" and the - CRL issued from "CertA", if any is already verified - cool ;-). - - Note that when a certificate is revoked all signed form that - certificate are revoked automatically too. With method "look forward" - we already know that all issuers of "current certificate" aren't - revoked. -*/ + * In callback we cannot check CRL signature at this point when we use + * X509_get_issuer_name(), because we don't know issuer public key! + * Of course we can get the public key from X509_STORE defined by + * static variable "x509store". + * Of course we can check revocation outside callback, but we should + * try to find public key in X509_STORE[s]. + * + * At this point we can get easy public key of "current certificate"! + * + * Method: "look forward" + * At this call we check CLR (signature and other) issued with "current + * certificate" ("CertA"). If all is OK with "CertA" by next call of + * callback method "current certificate" is signed from "CertA" and the + * CRL issued from "CertA", if any is already verified - cool ;-). + * + * Note that when a certificate is revoked all signed form that + * certificate are revoked automatically too. With method "look forward" + * we already know that all issuers of "current certificate" aren't + * revoked. + */ ok = ssh_check_crl(ctx, xobj.data.crl); } X509_OBJECT_free_contents(&xobj); - if (!ok) return 0; + if (!ok) return(0); memset(&xobj, 0, sizeof(xobj)); if (ssh_x509store_lookup( @@ -646,10 +637,10 @@ /* clear rest of errors in OpenSSL "error buffer" */ ERR_clear_error(); - if (!ok) return 0; + if (!ok) return(0); /**/ - return ok; + return(ok); } #endif diff -ruN openssh-3.7.1p2+x509g2/x509store.h openssh-3.7.1p2+x509g4/x509store.h --- openssh-3.7.1p2+x509g2/x509store.h 2003-06-11 11:25:59.000000000 +0300 +++ openssh-3.7.1p2+x509g4/x509store.h 2004-02-22 00:00:47.000000000 +0200 @@ -1,7 +1,7 @@ #ifndef X509STORE_H #define X509STORE_H /* - * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -27,37 +27,29 @@ #include "includes.h" #include -#if 0 -/* Set 0 (above) to 1 for OpenSSL 0.9.7beta2/3 :-( or comment in openssl "des_old.h" all lines: - #define cript ... - This is commented in beta4 ;-) - */ -#ifdef crypt -# undef crypt -#endif -#endif - -int ssh_x509cert_check(X509 *_cert); -/* return purpose index, not purpose id (!) */ -int ssh_get_x509purpose_s (int _is_server, const char* _purpose_synonym); +int ssh_x509cert_check(X509 *_cert); int ssh_get_default_x509purpose(int _is_server); +/* return purpose index, not purpose id (!) */ +int ssh_get_x509purpose_s(int _is_server, const char* _purpose_synonym); void ssh_set_x509purpose(int _is_server, int _sshpurpose_index); #ifndef SSH_X509STORE_DISABLED +int ssh_x509store_lookup(X509_STORE *store, int type, X509_NAME *name, X509_OBJECT *xobj); + typedef struct { /* ssh PKI(X509) store */ - char *certificate_file; - char *certificate_path; - char *revocation_file; - char *revocation_path; + const char *certificate_file; + const char *certificate_path; + const char *revocation_file; + const char *revocation_path; } X509StoreOptions; -int ssh_x509store_addlocations (const X509StoreOptions *_locations); +int ssh_x509store_addlocations(const X509StoreOptions *_locations); #endif /*ndef SSH_X509STORE_DISABLED*/