Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 37876e913a069036501086a247ed2ea430cea206^! / . / readconf.c
commit37876e913a069036501086a247ed2ea430cea206[log] [tgz]
authorDamien Miller <djm@mindrot.org>Thu May 15 10:19:46 2003 +1000
committerDamien Miller <djm@mindrot.org>Thu May 15 10:19:46 2003 +1000
tree8294744f47011c82b63ec0b46f4449ff4f26ec7c
parentabbae980e7532da68e7f6aa1da716fb69e7521ad [diff] [blame]
   - jakob@cvs.openbsd.org 2003/05/14 18:16:20
     [key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c]
     [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c]
     add experimental support for verifying hos keys using DNS as described
     in draft-ietf-secsh-dns-xx.txt. more information in README.dns.
     ok markus@ and henning@

diff --git a/readconf.c b/readconf.c
index acdf128..c9c463b 100644
--- a/readconf.c
+++ b/readconf.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.106 2003/04/09 12:00:37 djm Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.107 2003/05/14 18:16:20 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -114,7 +114,7 @@
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
 	oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
-	oEnableSSHKeysign, oRekeyLimit,
+	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS,
 	oDeprecated
 } OpCodes;
 
@@ -187,6 +187,7 @@
 	{ "smartcarddevice", oSmartcardDevice },
 	{ "clearallforwardings", oClearAllForwardings },
 	{ "enablesshkeysign", oEnableSSHKeysign },
+	{ "verifyhostkeydns", oVerifyHostKeyDNS },
 	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
 	{ "rekeylimit", oRekeyLimit },
 	{ NULL, oBadOption }
@@ -392,6 +393,10 @@
 		intptr = &options->check_host_ip;
 		goto parse_flag;
 
+	case oVerifyHostKeyDNS:
+		intptr = &options->verify_host_key_dns;
+		goto parse_flag;
+
 	case oStrictHostKeyChecking:
 		intptr = &options->strict_host_key_checking;
 		arg = strdelim(&s);
@@ -829,6 +834,7 @@
 	options->enable_ssh_keysign = - 1;
 	options->no_host_authentication_for_localhost = - 1;
 	options->rekey_limit = - 1;
+	options->verify_host_key_dns = -1;
 }
 
 /*
@@ -947,6 +953,8 @@
 		options->enable_ssh_keysign = 0;
 	if (options->rekey_limit == -1)
 		options->rekey_limit = 0;
+	if (options->verify_host_key_dns == -1)
+		options->verify_host_key_dns = 0;
 	/* options->proxy_command should not be set by default */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */