git: 3dcf2c2cafbc - main - OpenSSH: remove ability to enable DSA support (in configure)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 15 Apr 2025 18:16:58 UTC
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=3dcf2c2cafbcf5d725103e6051e70c81a121eb18 commit 3dcf2c2cafbcf5d725103e6051e70c81a121eb18 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2025-04-09 15:17:10 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2025-04-15 18:12:55 +0000 OpenSSH: remove ability to enable DSA support (in configure) DSA is deprecated and upstream OpenSSH is in the process of removing it. From OpenSSH-portable 10.0, cherry-pick the configure change so that we can independently decide what to merge to stable branches. This change has no direct user-facing impact, as the upstream configure script is not used in the FreeBSD build process. It is worth noting as part of OpenSSH's full removal of DSA support. Reviewed by: jlduran, philip Relnotes: Yes Obtained from: OpenSSH-portable 6c9872faa1c2 Sponsored by: The FreeBSD Foundation --- crypto/openssh/configure.ac | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/crypto/openssh/configure.ac b/crypto/openssh/configure.ac index df05a54b8f63..dbe5b238fb75 100644 --- a/crypto/openssh/configure.ac +++ b/crypto/openssh/configure.ac @@ -2140,16 +2140,6 @@ AC_ARG_WITH([security-key-builtin], [ enable_sk_internal=$withval ] ) -enable_dsa= -AC_ARG_ENABLE([dsa-keys], - [ --enable-dsa-keys enable DSA key support [no]], - [ - if test "x$enableval" != "xno" ; then - enable_dsa=1 - fi - ] -) - AC_SEARCH_LIBS([dlopen], [dl]) AC_CHECK_FUNCS([dlopen]) AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) @@ -3258,26 +3248,6 @@ if test "x$openssl" = "xyes" ; then AC_MSG_RESULT([no]) ] ) - - openssl_dsa=no - if test ! -z "$enable_dsa" ; then - AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [ - AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [], - [ openssl_dsa=yes ], - [ #include <openssl/opensslconf.h> ] - ) - ], - [ #include <openssl/opensslconf.h> ] - ) - AC_MSG_CHECKING([whether to enable DSA key support]) - if test "x$openssl_dsa" = "xno"; then - AC_MSG_ERROR([DSA requested but not supported by OpenSSL]) - else - AC_MSG_RESULT([yes]) - AC_DEFINE([WITH_DSA], [1], - [DSA keys explicitly enabled]) - fi - fi fi # PKCS11/U2F depend on OpenSSL and dlopen().