- jakob@cvs.openbsd.org 2003/10/14 19:42:10

[dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
     include SSHFP lookup code (not enabled by default). ok markus@

ChangeLog

@@ -30,6 +30,9 @@
    - markus@cvs.openbsd.org 2003/10/13 08:22:25
      [scp.1 sftp.1]
      don't refer to options related to forwarding; ok jmc@
+   - jakob@cvs.openbsd.org 2003/10/14 19:42:10
+     [dns.c dns.h readconf.c ssh-keygen.c sshconnect.c]
+     include SSHFP lookup code (not enabled by default). ok markus@
 
 20031009
  - (dtucker) [sshd_config.5] UsePAM defaults to "no".  ok djm@
@@ -1347,4 +1350,4 @@
  - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
    Report from murple@murple.net, diagnosis from dtucker@zip.com.au
 
-$Id: ChangeLog,v 1.3076 2003/10/15 05:59:26 dtucker Exp $
+$Id: ChangeLog,v 1.3077 2003/10/15 06:00:47 dtucker Exp $

dns.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $	*/
+/*	$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $	*/
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
 
 #include "includes.h"
 
-#ifdef DNS
 #include <openssl/bn.h>
 #ifdef LWRES
 #include <lwres/netdb.h>
@@ -44,7 +43,7 @@
 #include "uuencode.h"
 
 extern char *__progname;
-RCSID("$OpenBSD: dns.c,v 1.6 2003/06/11 10:18:47 jakob Exp $");
+RCSID("$OpenBSD: dns.c,v 1.7 2003/10/14 19:42:10 jakob Exp $");
 
 #ifndef LWRES
 static const char *errset_text[] = {
@@ -286,5 +285,3 @@ export_dns_rr(const char *hostname, Key *key, FILE *f, int generic)
 
 	return success;
 }
-
-#endif /* DNS */

dns.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dns.h,v 1.3 2003/05/14 22:56:51 jakob Exp $	*/
+/*	$OpenBSD: dns.h,v 1.4 2003/10/14 19:42:10 jakob Exp $	*/
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -28,7 +28,6 @@
 
 #include "includes.h"
 
-#ifdef DNS
 #ifndef DNS_H
 #define DNS_H
 
@@ -54,4 +53,3 @@ int	verify_host_key_dns(const char *, struct sockaddr *, Key *);
 int	export_dns_rr(const char *, Key *, FILE *, int);
 
 #endif /* DNS_H */
-#endif /* DNS */

readconf.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.123 2003/10/11 08:24:07 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.124 2003/10/14 19:42:10 jakob Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -183,11 +183,7 @@ static struct {
 #endif
 	{ "clearallforwardings", oClearAllForwardings },
 	{ "enablesshkeysign", oEnableSSHKeysign },
-#ifdef DNS
 	{ "verifyhostkeydns", oVerifyHostKeyDNS },
-#else
-	{ "verifyhostkeydns", oUnsupported },
-#endif
 	{ "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
 	{ "rekeylimit", oRekeyLimit },
 	{ "connecttimeout", oConnectTimeout },

ssh-keygen.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.110 2003/10/14 19:42:10 jakob Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -32,9 +32,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.109 2003/09/18 13:02:21 miod Exp $");
 #ifdef SMARTCARD
 #include "scard.h"
 #endif
-#ifdef DNS
 #include "dns.h"
-#endif
 
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
 int bits = 1024;
@@ -625,7 +623,6 @@ do_change_passphrase(struct passwd *pw)
 	exit(0);
 }
 
-#ifdef DNS
 /*
  * Print the SSHFP RR.
  */
@@ -655,7 +652,6 @@ do_print_resource_record(struct passwd *pw, char *hostname)
 	printf("failed to read v2 public key from %s.\n", identity_file);
 	exit(1);
 }
-#endif /* DNS */
 
 /*
  * Change the comment of a private key file.
@@ -774,9 +770,7 @@ usage(void)
 	fprintf(stderr, "  -C comment  Provide new comment.\n");
 	fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
 	fprintf(stderr, "  -P phrase   Provide old passphrase.\n");
-#ifdef DNS
 	fprintf(stderr, "  -r hostname Print DNS resource record.\n");
-#endif /* DNS */
 #ifdef SMARTCARD
 	fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
 	fprintf(stderr, "  -U reader   Upload private key to smartcard.\n");
@@ -959,11 +953,7 @@ main(int ac, char **av)
 	if (print_public)
 		do_print_public(pw);
 	if (resource_record_hostname != NULL) {
-#ifdef DNS
 		do_print_resource_record(pw, resource_record_hostname);
-#else /* DNS */
-		fatal("no DNS support.");
-#endif /* DNS */
 	}
 	if (reader_id != NULL) {
 #ifdef SMARTCARD

sshconnect.c

@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.149 2003/10/14 19:42:10 jakob Exp $");
 
 #include <openssl/bn.h>
 
@@ -33,16 +33,12 @@ RCSID("$OpenBSD: sshconnect.c,v 1.148 2003/09/18 07:52:54 markus Exp $");
 #include "misc.h"
 #include "readpass.h"
 
-#ifdef DNS
 #include "dns.h"
-#endif
 
 char *client_version_string = NULL;
 char *server_version_string = NULL;
 
-#ifdef DNS
 int verified_host_key_dns = 0;
-#endif
 
 /* import */
 extern Options options;
@@ -730,7 +726,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 			/* The default */
 			fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
 			msg2[0] = '\0';
-#ifdef DNS
 			if (options.verify_host_key_dns) {
 				if (verified_host_key_dns)
 					snprintf(msg2, sizeof(msg2),
@@ -741,7 +736,6 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 					    "No matching host key fingerprint"
 					    " found in DNS.\n");
 			}
-#endif
 			snprintf(msg, sizeof(msg),
 			    "The authenticity of host '%.200s (%s)' can't be "
 			    "established%s\n"
@@ -908,7 +902,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 {
 	struct stat st;
 
-#ifdef DNS
 	if (options.verify_host_key_dns) {
 		switch(verify_host_key_dns(host, hostaddr, host_key)) {
 		case DNS_VERIFY_OK:
@@ -927,7 +920,6 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
 			break;
 		}
 	}
-#endif /* DNS */
 
 	/* return ok if the key can be found in an old keyfile */
 	if (stat(options.system_hostfile2, &st) == 0 ||