This is a patch for OpenSSH-7.7p1 to build with OpenSSL-1.1.0 and OpenSSL-1.1.1 . By default OpenSSH-7.7p1 only supports up to OpenSSL-1.0.x versions. This patch will build and pass all "make tests" regressions using OpenSSL-1.1.0.
This patch breaks support for OpenSSL-1.0.x, so don't use this patch if you need 1.0.x support. This patch doesn't introduce new shim functions to emulate OpenSSL-1.1.x API on 1.0.x .
Some obsolete OS may not pass the last test_utf8
test;
use env TEST_SSH_UTF8=no ./configure ... to skip the test.
Since sshd invoked during the tests will try to
chown("/dev/ttyp1", user, ttygid)
, key-options.sh test
may fail.
Do ssh localhost
, then logout, then run make tests
on such platforms (obsolete BSD variants).
BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
flag in ssh_rsa_generate_additional_parameters() beginning in
openssh-7.7 patch.
#ifdef
s to let it compile both on
OpenSSL 1.0.x and OpenSSL 1.1.0.
#ifdef
s which was minimal in origial OpenSSH code.