Compatibility with existing OpenSSL versions is maintained.
Upstream commits:
482d23bcac upstream: hold our collective noses and use the openssl-1.1.x
48f54b9d12 adapt -portable to OpenSSL 1.1x API
86e0a9f3d2 upstream: use only openssl-1.1.x API here too
a3fd8074e2 upstream: missed a bit of openssl-1.0.x API in this unittest
cce8cbe0ed Fix openssl-1.1 fallout for --without-openssl.
Trivial conflicts in sshkey.c and test_sshkey.c were resolved.
Connect libressl-api-compat.c to the build, and regenerate config.h
Reviewed by: des
Approved by: re (rgrimes)
MFC after: 2 seeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17444
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
$FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.
Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
branch but never merged to head. They were inadvertantly left out when
6.1p1 was merged to head. It didn't make any difference at the time,
because they were unused, but one of them is required for DNS-based host
key verification.
Approved by: re (blanket)
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
