Fix relayd reload race crash
Instead of terminating with fatalx() when a private key hash cannot be
found, log a warning and send an error back to the relay worker.
This prevents a race condition during "reload" where a request might
reach the CA process while keys are being repopulated.
Reported by Nick Owens; thanks!
OK tb@
ssh-agent supports a "query" extension that allows a client to request
a list of extensions it support. This makes this capability available
to ssh-add via the -Q flag.
ok markus@
With IANA codepoints for draft-ietf-sshm-ssh-agent now allocated,
it's safe to start using the standard names for requesting agent
forwarding over the @openssh.com extension names we've used to date.
Support for the standard names is advertised via EXT_INFO. When the
client sees such support it will use the new names preferentially,
but the existing names remain supported unconditionally.
ok markus@
Inspecting Flag(FTALKING) to activate curses in the spot chosen by the
previous commit seems to fail in some circumstances because of order
of operations in ksh startup. So move the test and curses initialization
immediately before the tputs() calls.
discussion with tb
correctness wrt draft-ietf-sshm-ssh-agent:
extension requests should indicate failure using
SSH_AGENT_EXTENSION_FAILURE rather than the generic SSH_AGENT_FAILURE
error code. This allows the client to discern between "the request
failed" and "the agent doesn't support this extension".
ok markus@
relayd: replace unneeded engine.h with needed x509.h
Adjust a comment. Being non-existent, the OpenSSL engine layer cannot be
responsible for whatever unholy hacks this code requires.
small tweaks to niri;
- start COMMENT with lowercase and don't use A
- use DIST_TUPLE to fetch multi distfiles from github
- regen PLIST after adding rdep desktop-file-utils
