change this to a better initalization since malloc isn't spelled calloc here..

when in non-blocking mode, return _EAGAIN..
There is no way the consumer knows that another write is outstanding.. This is safe as it will "never" block, as soon as there is space, select will return, and the correct write should be called to finish itself up, unblocking the other... I can picture a deadlock though where the write flag gets cleared when finished up, and the other channel write was previously _EAGAIN'd... This implies that a similar solution to read needs to be done, which is if any write happens, spin the loop again, trying all the outstanding writes to make sure they get a chance..
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,8 @@
 *.o
 .depend
 *.8.gz
 *.[78].gz
 *.full
 *.debug
 ggatec/ggatec
 ggated/ggated
 ggatel/ggatel
 ggatessh/ggatessh
 tests/Kyuafile
 tests/ggate_test
 tests/ggatessh_test
--- a/+ 18
+++ b/+ 18
@@ -1,16 +1,28 @@
 # $FreeBSD$

 SUBDIR=	${_ggatec} \
 	${_ggated} \
 	ggatel \
 SUBDIR=	${_ggatessh} \
 	tests

 _ggatec=	ggatec
 _ggated=	ggated
 _ggatessh=	ggatessh

 .PHONY: devtest

 devtest:
 	find [gst]* -type f -name '*.c' -o -name 'Makefile*' -o -name '*.sh' -o -name '*.8' | entr sh -c 'make -j 4 && make install -j 4 && (kyua test -k /usr/tests/Kyuafile sys/geom/class/gate || (cd /usr/tests && kyua report --verbose))'
 	find [gst]* -type f -name '*.c' -o -name 'Makefile*' -o -name '*.sh' -o -name '*.8' | entr sh -c '(set -o pipefail; make -j 4 2>&1 | head -n 30) && make install -j 4 && (kyua test -k /usr/tests/Kyuafile sbin/ggatessh || (cd /usr/tests && kyua report --verbose))'

 VERSION!=	git tag --points-at
 dist:
 .if empty(VERSION)
 	@echo 'Failed to find version tag!' && exit 1
 .endif
 	@mkdir ${VERSION}
 	@git archive --prefix ${VERSION}/ ${VERSION} | tar -xf -

 	# run autoreconf
 	@cd ${VERSION}/libssh2 && autoreconf -fi
 	@tar -cJf ${VERSION}.tar.xz ${VERSION}

 updatelibssh2:
 	git subtree merge --squash -P libssh2 https://github.com/libssh2/libssh2.git master

 .include <bsd.subdir.mk>
--- a/Makefile.inc
+++ b/Makefile.inc
@@ -1,4 +1,11 @@
 # This is to replicate the other parts of the FreeBSD build infrastructure.

 .if defined(PREFIX)
 BINDIR?=        ${PREFIX}/sbin
 SHAREDIR?=      ${PREFIX}/share
 TESTSBASE?=     ${PREFIX}/tests
 .else
 BINDIR?=	/sbin
 .endif

 WARNS?= 6
--- a/README.md
+++ b/README.md
@@ -1,4 +1,68 @@
 ggate working tree
 ==================
 ggatessh
 ========

 This is a working tree for ggate work.
 This is a variant of ggatec which uses sftp instead of talking to ggated.
 This allows the server to be any machine that is running ssh+sftp w/o
 requiring you to compile ggated for that platform.  It also allows for
 strong authentication and encryption that is not provided by ggatec/d
 combo, or even iSCSI, which despite having authentication, it requires
 IPsec for security, otherwise it is possible for an attacker to take
 over the TCP session.

 This version of ggatessh also supports a new sftp-server command,
 punchhole, that is used to implement BIO_DELETE (aka TRIM) commands
 to help reduce disk space usage on the server.  This command is only
 implemented in the sftp-server at jmg's [sftp-firewall branch](https://www.funkthat.com/gitea/jmg/openssh-portable/src/branch/sftp-firewall)
 of openssh-portable.  That branch also implements a new command line
 option to restrict which files able to be opened by sftp-server,
 allowing for strong protection on the server site which files the
 key can access.

 For example, using the sftp-firewall branch, you can use the following
 in an `authorized_keys` file to ensure that the private key can only
 access one specific file:
 ```
 restrict,command="/home/dir/git.repos/openssh-portable/sftp-server -a fstest/data.img -p open,close,read,write,fstat,fsync,punchhole" ssh-rsa AAAAB...5el ggatessh-test-key
 ```

 If you are not using the custom compiled branch, just remove the `-a`
 option and it's argument, and punchhole from the permitted requests.
 Bewarned that even though sftp w/ the key cannot list files w/ the
 this configuration (in fact, standard sftp client will error out),
 other sftp clients can open any file for reading or writing, including
 creating new files, so unless you fully trust where the ssh key is
 stored, it is highly recommended to run sftp-server from the
 sftp-firewall branch.

 libssh2
 -------

 ggatessh uses the libssh2 library with a few modifications.  The build
 system will be updated to compile and use libssh2.  There is at least one
 minor modification needed to turn off read-ahead for sftp support.

 By default, libssh2 assumes that you'll read a whole file sequentially
 in blocking mode, and if it does not do this, there will be pipeline
 stalls.  In our case, this would result in lots of wasted bandwith as
 we will be seeking around the file to read and write, and so this
 feature needs to be disabled.

 Testing
 -------

 If you install the program, `entr`, you can use the top level target,
 `devtest` to automatically compile, install, and run the tests whenever
 a dependant file is modified.  The libssh2 library will not be built,
 and needs to be built manually.

 ### Debugging

 If you need to debug libssh2, you first need to enable debugging in the
 library and recompile.  To do that, from the `libssh2` directory, run:
 ```
 ./configure --enable-debug --disable-shared
 make clean && make -j 4
 ```

 ggatessh will enable a default set of tracing when verbose (`-v`) is
 enabled.
--- a/ggatec/Makefile
+++ b/ggatec/Makefile
@@ -1,15 +0,0 @@
 # $FreeBSD$

 .PATH: ${.CURDIR:H}/shared

 PROG=	ggatec
 MAN=	ggatec.8
 SRCS=	ggatec.c ggate.c

 CFLAGS+= -DMAX_SEND_SIZE=32768
 CFLAGS+= -DLIBGEOM
 CFLAGS+= -I${.CURDIR:H}/shared

 LDADD=	-lgeom -lutil -lpthread

 .include <bsd.prog.mk>
--- a/ggatec/ggatec.c
+++ b/ggatec/ggatec.c
@@ -1,710 +0,0 @@
 /*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $FreeBSD$
 */

 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <string.h>
 #include <ctype.h>
 #include <libgen.h>
 #include <pthread.h>
 #include <signal.h>
 #include <err.h>
 #include <errno.h>
 #include <assert.h>

 #include <sys/param.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/sysctl.h>
 #include <sys/syslog.h>
 #include <sys/time.h>
 #include <sys/bio.h>
 #include <sys/un.h>
 #include <netinet/in.h>
 #include <netinet/tcp.h>
 #include <arpa/inet.h>

 #include <geom/gate/g_gate.h>
 #include "ggate.h"

 static const char *sockprefix = "sock:";

 static enum { UNSET, CREATE, DESTROY, LIST, RESCUE } action = UNSET;

 static const char *path = NULL;
 static const char *host = NULL;
 static int unit = G_GATE_UNIT_AUTO;
 static unsigned flags = 0;
 static int force = 0;
 static unsigned queue_size = G_GATE_QUEUE_SIZE;
 static unsigned port = G_GATE_PORT;
 static off_t mediasize;
 static unsigned sectorsize = 0;
 static unsigned timeout = G_GATE_TIMEOUT;
 static int sendfd, recvfd;
 static uint32_t token;
 static pthread_t sendtd, recvtd;
 static int reconnect;

 static void
 usage(void)
 {

 	fprintf(stderr, "usage: %s create [-nv] [-o <ro|wo|rw>] [-p port] "
 	    "[-q queue_size] [-R rcvbuf] [-S sndbuf] [-s sectorsize] "
 	    "[-t timeout] [-u unit] <host> <path>\n", getprogname());
 	fprintf(stderr, "       %s rescue [-nv] [-o <ro|wo|rw>] [-p port] "
 	    "[-R rcvbuf] [-S sndbuf] <-u unit> <host> <path>\n", getprogname());
 	fprintf(stderr, "       %s destroy [-f] <-u unit>\n", getprogname());
 	fprintf(stderr, "       %s list [-v] [-u unit]\n", getprogname());
 	exit(EXIT_FAILURE);
 }

 static void *
 send_thread(void *arg __unused)
 {
 	struct g_gate_ctl_io ggio;
 	struct g_gate_hdr hdr;
 	static char *buf;
 	ssize_t data;
 	int buflen = 1024*1024;
 	int error;

 	if (buf == NULL)
 		buf = malloc(buflen);

 	g_gate_log(LOG_NOTICE, "%s: started!", __func__);

 	ggio.gctl_version = G_GATE_VERSION;
 	ggio.gctl_unit = unit;
 	ggio.gctl_data = buf;

 	for (;;) {
 		ggio.gctl_length = buflen;
 		ggio.gctl_error = 0;
 		g_gate_ioctl(G_GATE_CMD_START, &ggio);
 		error = ggio.gctl_error;
 		switch (error) {
 		case 0:
 			break;
 		case ECANCELED:
 			if (reconnect)
 				break;
 			/* Exit gracefully. */
 			g_gate_close_device();
 			exit(EXIT_SUCCESS);
 #if 0
 		case ENOMEM:
 			/* Buffer too small. */
 			ggio.gctl_data = realloc(ggio.gctl_data,
 			    ggio.gctl_length);
 			if (ggio.gctl_data != NULL) {
 				bsize = ggio.gctl_length;
 				goto once_again;
 			}
 			/* FALLTHROUGH */
 #endif
 		case ENXIO:
 		default:
 			g_gate_xlog("ioctl(/dev/%s): %s.", G_GATE_CTL_NAME,
 			    strerror(error));
 		}

 		if (reconnect)
 			break;

 		g_gate_log(LOG_DEBUG, "ggio, ver: %u, unit: %d, seq: %llu, cmd: %u, offset: %llu, len: %llu", ggio.gctl_version, ggio.gctl_unit, ggio.gctl_seq, ggio.gctl_cmd, ggio.gctl_offset, ggio.gctl_length);
 		switch (ggio.gctl_cmd) {
 		case BIO_READ:
 			hdr.gh_cmd = GGATE_CMD_READ;
 			break;
 		case BIO_WRITE:
 			hdr.gh_cmd = GGATE_CMD_WRITE;
 			break;
 		case BIO_DELETE:
 			hdr.gh_cmd = GGATE_CMD_DELETE;
 			break;
 		case BIO_FLUSH:
 			hdr.gh_cmd = GGATE_CMD_FLUSH;
 			break;
 		default:
 			/* XXX - how to handle this? */
 			g_gate_log(LOG_ERR, "Got unhandled cmd: %d", ggio.gctl_cmd);
 			reconnect = 1;
 			pthread_kill(recvtd, SIGUSR1);
 			break;
 		}
 		hdr.gh_seq = ggio.gctl_seq;
 		hdr.gh_offset = ggio.gctl_offset;
 		hdr.gh_length = ggio.gctl_length;
 		hdr.gh_error = 0;
 		g_gate_log(LOG_DEBUG, "hdr packet, cmd: %hhu, off: %llu, len: %u, seq: %u", hdr.gh_cmd, hdr.gh_offset, hdr.gh_length, hdr.gh_seq);
 		g_gate_swap2n_hdr(&hdr);

 		data = g_gate_send(sendfd, &hdr, sizeof(hdr), MSG_NOSIGNAL);
 		g_gate_log(LOG_DEBUG, "Sent hdr packet.");
 		g_gate_swap2h_hdr(&hdr);
 		if (reconnect)
 			break;
 		if (data != sizeof(hdr)) {
 			g_gate_log(LOG_ERR, "Lost connection 1.");
 			reconnect = 1;
 			pthread_kill(recvtd, SIGUSR1);
 			break;
 		}

 		if (hdr.gh_cmd == GGATE_CMD_WRITE) {
 			data = g_gate_send(sendfd, ggio.gctl_data,
 			    ggio.gctl_length, MSG_NOSIGNAL);
 			if (reconnect)
 				break;
 			if (data != ggio.gctl_length) {
 				g_gate_log(LOG_ERR, "Lost connection 2 (%zd != %zd).", data, (ssize_t)ggio.gctl_length);
 				reconnect = 1;
 				pthread_kill(recvtd, SIGUSR1);
 				break;
 			}
 			g_gate_log(LOG_DEBUG, "Sent %zd bytes (offset=%llu, "
 			    "size=%u).", data, hdr.gh_offset, hdr.gh_length);
 		}
 	}
 	g_gate_log(LOG_DEBUG, "%s: Died.", __func__);
 	return (NULL);
 }

 static void *
 recv_thread(void *arg __unused)
 {
 	struct g_gate_ctl_io ggio;
 	struct g_gate_hdr hdr;
 	static char *buf;
 	int buflen;
 	ssize_t data;

 	buflen = 1024*1024;
 	if (buf == NULL)
 		buf = malloc(buflen);

 	g_gate_log(LOG_NOTICE, "%s: started!", __func__);

 	ggio.gctl_version = G_GATE_VERSION;
 	ggio.gctl_unit = unit;
 	ggio.gctl_data = buf;

 	for (;;) {
 		data = g_gate_recv(recvfd, &hdr, sizeof(hdr), MSG_WAITALL);
 		if (reconnect)
 			break;
 		g_gate_swap2h_hdr(&hdr);
 		if (data != sizeof(hdr)) {
 			if (data == -1 && errno == EAGAIN)
 				continue;
 			g_gate_log(LOG_ERR, "Lost connection 3.");
 			reconnect = 1;
 			pthread_kill(sendtd, SIGUSR1);
 			break;
 		}
 		g_gate_log(LOG_DEBUG, "Received hdr packet.");

 		ggio.gctl_seq = hdr.gh_seq;
 		ggio.gctl_cmd = hdr.gh_cmd;
 		ggio.gctl_offset = hdr.gh_offset;
 		ggio.gctl_length = hdr.gh_length;
 		ggio.gctl_error = hdr.gh_error;

 		if (ggio.gctl_error == 0 && ggio.gctl_cmd == GGATE_CMD_READ) {
 			if (ggio.gctl_length > buflen) {
 				g_gate_log(LOG_ERR, "Received too large data, %llu.", ggio.gctl_length);
 				reconnect = 1;
 				pthread_kill(sendtd, SIGUSR1);
 				break;
 			}

 			data = g_gate_recv(recvfd, ggio.gctl_data,
 			    ggio.gctl_length, MSG_WAITALL);
 			if (reconnect)
 				break;
 			g_gate_log(LOG_DEBUG, "Received data packet.");
 			if (data != ggio.gctl_length) {
 				g_gate_log(LOG_ERR, "Lost connection 4.");
 				reconnect = 1;
 				pthread_kill(sendtd, SIGUSR1);
 				break;
 			}
 			g_gate_log(LOG_DEBUG, "Received %d bytes (offset=%ju, "
 			    "size=%zu).", data, (uintmax_t)hdr.gh_offset,
 			    (size_t)hdr.gh_length);
 		}

 		g_gate_ioctl(G_GATE_CMD_DONE, &ggio);
 	}
 	g_gate_log(LOG_DEBUG, "%s: Died.", __func__);
 	pthread_exit(NULL);
 }

 static int
 handshake(int dir)
 {
 	struct g_gate_version ver;
 	struct g_gate_cinit cinit;
 	struct g_gate_sinit sinit;
 	struct sockaddr *serv;
 	struct sockaddr_in inaddr;
 	struct sockaddr_un unixaddr;
 	socklen_t addrlen;
 	int sfd;
 	const char *sockname;

 	sockname = NULL;

 	/*
 	 * Do the network stuff.
 	 */
 	if (strncmp(host, sockprefix, strlen(sockprefix)) == 0) {
 		sockname = host + strlen(sockprefix);
 		if (strlen(sockname) + 1 > sizeof(unixaddr.sun_path)) {
 			g_gate_log(LOG_DEBUG, "Socket path is too long.");
 			return (-1);
 		}

 		unixaddr = (struct sockaddr_un) {
 			.sun_len = sizeof(unixaddr),
 			.sun_family = AF_UNIX,
 		};
 		strncpy(unixaddr.sun_path, sockname, sizeof(unixaddr.sun_path));
 		sfd = socket(AF_UNIX, SOCK_STREAM, 0);
 		if (sfd == -1) {
 			g_gate_log(LOG_DEBUG, "Cannot open socket: %s.",
 			    strerror(errno));
 			return (-1);
 		}
 		serv = (struct sockaddr *)&unixaddr;
 		addrlen = sizeof unixaddr;
 	} else {
 		bzero(&inaddr, sizeof(inaddr));
 		inaddr.sin_family = AF_INET;
 		inaddr.sin_addr.s_addr = g_gate_str2ip(host);
 		if (inaddr.sin_addr.s_addr == INADDR_NONE) {
 			g_gate_log(LOG_DEBUG, "Invalid IP/host name: %s.", host);
 			return (-1);
 		}
 		inaddr.sin_port = htons(port);
 		sfd = socket(AF_INET, SOCK_STREAM, 0);
 		if (sfd == -1) {
 			g_gate_log(LOG_DEBUG, "Cannot open socket: %s.",
 			    strerror(errno));
 			return (-1);
 		}

 		serv = (struct sockaddr *)&inaddr;
 		addrlen = sizeof inaddr;
 		g_gate_socket_settings(sfd);
 	}

 	if (connect(sfd, serv, addrlen) == -1) {
 		g_gate_log(LOG_DEBUG, "Cannot connect to server: %s.",
 		    strerror(errno));
 		close(sfd);
 		return (-1);
 	}

 	if (sockname != NULL)
 		g_gate_log(LOG_INFO, "Connected to socket: %s.", sockname);
 	else
 		g_gate_log(LOG_INFO, "Connected to the server: %s:%d.", host, port);

 	/*
 	 * Create and send version packet.
 	 */
 	g_gate_log(LOG_DEBUG, "Sending version packet.");
 	assert(strlen(GGATE_MAGIC) == sizeof(ver.gv_magic));
 	bcopy(GGATE_MAGIC, ver.gv_magic, sizeof(ver.gv_magic));
 	ver.gv_version = GGATE_VERSION;
 	ver.gv_error = 0;
 	g_gate_swap2n_version(&ver);
 	if (g_gate_send(sfd, &ver, sizeof(ver), MSG_NOSIGNAL) == -1) {
 		g_gate_log(LOG_DEBUG, "Error while sending version packet: %s.",
 		    strerror(errno));
 		close(sfd);
 		return (-1);
 	}
 	bzero(&ver, sizeof(ver));
 	if (g_gate_recv(sfd, &ver, sizeof(ver), MSG_WAITALL) == -1) {
 		g_gate_log(LOG_DEBUG, "Error while receiving data: %s.",
 		    strerror(errno));
 		close(sfd);
 		return (-1);
 	}
 	if (ver.gv_error != 0) {
 		g_gate_log(LOG_DEBUG, "Version verification problem: %s.",
 		    strerror(errno));
 		close(sfd);
 		return (-1);
 	}

 	/*
 	 * Create and send initial packet.
 	 */
 	g_gate_log(LOG_DEBUG, "Sending initial packet.");
 	if (strlcpy(cinit.gc_path, path, sizeof(cinit.gc_path)) >=
 	    sizeof(cinit.gc_path)) {
 		g_gate_log(LOG_DEBUG, "Path name too long.");
 		close(sfd);
 		return (-1);
 	}
 	cinit.gc_flags = flags | dir;
 	cinit.gc_token = token;
 	cinit.gc_nconn = 2;
 	g_gate_swap2n_cinit(&cinit);
 	if (g_gate_send(sfd, &cinit, sizeof(cinit), MSG_NOSIGNAL) == -1) {
 	        g_gate_log(LOG_DEBUG, "Error while sending initial packet: %s.",
 		    strerror(errno));
 		close(sfd);
 		return (-1);
 	}
 	g_gate_swap2h_cinit(&cinit);

 	/*
 	 * Receiving initial packet from server.
 	 */
 	g_gate_log(LOG_DEBUG, "Receiving initial packet.");
 	if (g_gate_recv(sfd, &sinit, sizeof(sinit), MSG_WAITALL) == -1) {
 		g_gate_log(LOG_DEBUG, "Error while receiving data: %s.",
 		    strerror(errno));
 		close(sfd);
 		return (-1);
 	}
 	g_gate_swap2h_sinit(&sinit);
 	if (sinit.gs_error != 0) {
 	        g_gate_log(LOG_DEBUG, "Error from server: %s.",
 		    strerror(sinit.gs_error));
 		close(sfd);
 		return (-1);
 	}
 	g_gate_log(LOG_DEBUG, "Received initial packet.");

 	mediasize = sinit.gs_mediasize;
 	if (sectorsize == 0)
 		sectorsize = sinit.gs_sectorsize;

 	return (sfd);
 }

 static void
 mydaemon(void)
 {

 	if (g_gate_verbose > 0)
 		return;
 	if (daemon(0, 0) == 0)
 		return;
 	if (action == CREATE)
 		g_gate_destroy(unit, 1);
 	err(EXIT_FAILURE, "Cannot daemonize");
 }

 static int
 g_gatec_connect(void)
 {

 	token = arc4random();
 	/*
 	 * Our receive descriptor is connected to the send descriptor on the
 	 * server side.
 	 */
 	recvfd = handshake(GGATE_FLAG_SEND);
 	if (recvfd == -1)
 		return (0);
 	/*
 	 * Our send descriptor is connected to the receive descriptor on the
 	 * server side.
 	 */
 	sendfd = handshake(GGATE_FLAG_RECV);
 	if (sendfd == -1)
 		return (0);
 	return (1);
 }

 static void
 g_gatec_start(void)
 {
 	int error;

 	reconnect = 0;
 	error = pthread_create(&recvtd, NULL, recv_thread, NULL);
 	if (error != 0) {
 		g_gate_destroy(unit, 1);
 		g_gate_xlog("pthread_create(recv_thread): %s.",
 		    strerror(error));
 	}
 	sendtd = pthread_self();
 	send_thread(NULL);
 	/* Disconnected. */
 	close(sendfd);
 	close(recvfd);
 }

 static void
 signop(int sig __unused)
 {

 	/* Do nothing. */
 }

 static void
 g_gatec_loop(void)
 {
 	struct g_gate_ctl_cancel ggioc;

 	signal(SIGUSR1, signop);
 	for (;;) {
 		g_gatec_start();
 		g_gate_log(LOG_NOTICE, "Disconnected [%s %s]. Connecting...",
 		    host, path);
 		while (!g_gatec_connect()) {
 			sleep(2);
 			g_gate_log(LOG_NOTICE, "Connecting [%s %s]...", host,
 			    path);
 		}
 		ggioc.gctl_version = G_GATE_VERSION;
 		ggioc.gctl_unit = unit;
 		ggioc.gctl_seq = 0;
 		g_gate_ioctl(G_GATE_CMD_CANCEL, &ggioc);
 	}
 }

 static void
 g_gatec_create(void)
 {
 	struct g_gate_ctl_create ggioc;

 	if (!g_gatec_connect())
 		g_gate_xlog("Cannot connect: %s.", strerror(errno));

 	/*
 	 * Ok, got both sockets, time to create provider.
 	 */
 	memset(&ggioc, 0, sizeof(ggioc));
 	ggioc.gctl_version = G_GATE_VERSION;
 	ggioc.gctl_mediasize = mediasize;
 	ggioc.gctl_sectorsize = sectorsize;
 	ggioc.gctl_flags = flags;
 	ggioc.gctl_maxcount = queue_size;
 	ggioc.gctl_timeout = timeout;
 	ggioc.gctl_unit = unit;
 	snprintf(ggioc.gctl_info, sizeof(ggioc.gctl_info), "%s:%u %s", host,
 	    port, path);
 	g_gate_ioctl(G_GATE_CMD_CREATE, &ggioc);
 	if (unit == -1) {
 		printf("%s%u\n", G_GATE_PROVIDER_NAME, ggioc.gctl_unit);
 		fflush(stdout);
 	}
 	unit = ggioc.gctl_unit;

 	mydaemon();
 	g_gatec_loop();
 }

 static void
 g_gatec_rescue(void)
 {
 	struct g_gate_ctl_cancel ggioc;

 	if (!g_gatec_connect())
 		g_gate_xlog("Cannot connect: %s.", strerror(errno));

 	ggioc.gctl_version = G_GATE_VERSION;
 	ggioc.gctl_unit = unit;
 	ggioc.gctl_seq = 0;
 	g_gate_ioctl(G_GATE_CMD_CANCEL, &ggioc);

 	mydaemon();
 	g_gatec_loop();
 }

 int
 main(int argc, char *argv[])
 {

 	if (argc < 2)
 		usage();
 	if (strcasecmp(argv[1], "create") == 0)
 		action = CREATE;
 	else if (strcasecmp(argv[1], "destroy") == 0)
 		action = DESTROY;
 	else if (strcasecmp(argv[1], "list") == 0)
 		action = LIST;
 	else if (strcasecmp(argv[1], "rescue") == 0)
 		action = RESCUE;
 	else
 		usage();
 	argc -= 1;
 	argv += 1;
 	for (;;) {
 		int ch;

 		ch = getopt(argc, argv, "fno:p:q:R:S:s:t:u:v");
 		if (ch == -1)
 			break;
 		switch (ch) {
 		case 'f':
 			if (action != DESTROY)
 				usage();
 			force = 1;
 			break;
 		case 'n':
 			if (action != CREATE && action != RESCUE)
 				usage();
 			nagle = 0;
 			break;
 		case 'o':
 			if (action != CREATE && action != RESCUE)
 				usage();
 			if (strcasecmp("ro", optarg) == 0)
 				flags = G_GATE_FLAG_READONLY;
 			else if (strcasecmp("wo", optarg) == 0)
 				flags = G_GATE_FLAG_WRITEONLY;
 			else if (strcasecmp("rw", optarg) == 0)
 				flags = 0;
 			else {
 				errx(EXIT_FAILURE,
 				    "Invalid argument for '-o' option.");
 			}
 			break;
 		case 'p':
 			if (action != CREATE && action != RESCUE)
 				usage();
 			errno = 0;
 			port = strtoul(optarg, NULL, 10);
 			if (port == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid port.");
 			break;
 		case 'q':
 			if (action != CREATE)
 				usage();
 			errno = 0;
 			queue_size = strtoul(optarg, NULL, 10);
 			if (queue_size == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid queue_size.");
 			break;
 		case 'R':
 			if (action != CREATE && action != RESCUE)
 				usage();
 			errno = 0;
 			rcvbuf = strtoul(optarg, NULL, 10);
 			if (rcvbuf == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid rcvbuf.");
 			break;
 		case 'S':
 			if (action != CREATE && action != RESCUE)
 				usage();
 			errno = 0;
 			sndbuf = strtoul(optarg, NULL, 10);
 			if (sndbuf == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid sndbuf.");
 			break;
 		case 's':
 			if (action != CREATE)
 				usage();
 			errno = 0;
 			sectorsize = strtoul(optarg, NULL, 10);
 			if (sectorsize == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid sectorsize.");
 			break;
 		case 't':
 			if (action != CREATE)
 				usage();
 			errno = 0;
 			timeout = strtoul(optarg, NULL, 10);
 			if (timeout == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid timeout.");
 			break;
 		case 'u':
 			errno = 0;
 			unit = strtol(optarg, NULL, 10);
 			if (unit == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid unit number.");
 			break;
 		case 'v':
 			if (action == DESTROY)
 				usage();
 			g_gate_verbose++;
 			break;
 		default:
 			usage();
 		}
 	}
 	argc -= optind;
 	argv += optind;

 	switch (action) {
 	case CREATE:
 		if (argc != 2)
 			usage();
 		g_gate_load_module();
 		g_gate_open_device();
 		host = argv[0];
 		path = argv[1];
 		g_gatec_create();
 		break;
 	case DESTROY:
 		if (unit == -1) {
 			fprintf(stderr, "Required unit number.\n");
 			usage();
 		}
 		g_gate_verbose = 1;
 		g_gate_open_device();
 		g_gate_destroy(unit, force);
 		break;
 	case LIST:
 		g_gate_list(unit, g_gate_verbose);
 		break;
 	case RESCUE:
 		if (argc != 2)
 			usage();
 		if (unit == -1) {
 			fprintf(stderr, "Required unit number.\n");
 			usage();
 		}
 		g_gate_open_device();
 		host = argv[0];
 		path = argv[1];
 		g_gatec_rescue();
 		break;
 	case UNSET:
 	default:
 		usage();
 	}
 	g_gate_close_device();
 	exit(EXIT_SUCCESS);
 }
--- a/ggated/Makefile
+++ b/ggated/Makefile
@@ -1,13 +0,0 @@
 # $FreeBSD$

 .PATH: ${.CURDIR:H}/shared

 PROG=	ggated
 MAN=	ggated.8
 SRCS=	ggated.c ggate.c

 LDADD=	-lpthread -lutil

 CFLAGS+= -I${.CURDIR:H}/shared

 .include <bsd.prog.mk>
--- a/ggated/Makefile.depend
+++ b/ggated/Makefile.depend
@@ -1,21 +0,0 @@
 # $FreeBSD$
 # Autogenerated - do NOT edit!

 DIRDEPS = \
 	gnu/lib/csu \
 	include \
 	include/arpa \
 	include/xlocale \
 	lib/${CSU_DIR} \
 	lib/libc \
 	lib/libcompiler_rt \
 	lib/libgeom \
 	lib/libthr \
 	lib/libutil \


 .include <dirdeps.mk>

 .if ${DEP_RELDIR} == ${_DEP_RELDIR}
 # local dependencies - needed for -jN in clean tree
 .endif
--- a/ggated/ggated.8
+++ b/ggated/ggated.8
@@ -1,134 +0,0 @@
 .\" Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\" $FreeBSD$
 .\"
 .Dd September 8, 2016
 .Dt GGATED 8
 .Os
 .Sh NAME
 .Nm ggated
 .Nd "GEOM Gate network daemon"
 .Sh SYNOPSIS
 .Nm
 .Op Fl h
 .Op Fl n
 .Op Fl v
 .Op Fl a Ar address
 .Op Fl p Ar port
 .Op Fl q Ar queue_size
 .Op Fl F Ar pidfile
 .Op Fl R Ar rcvbuf
 .Op Fl S Ar sndbuf
 .Op Ar "exports file"
 .Sh DESCRIPTION
 The
 .Nm
 utility is a network server for the GEOM Gate class.
 It runs on a server machine to service GEOM Gate requests from workers
 placed on a client machine.
 Keep in mind, that connections between
 .Xr ggatec 8
 and
 .Nm
 are not encrypted.
 .Pp
 Available options:
 .Bl -tag -width ".Ar exports\ file"
 .It Fl a Ar address
 Specifies an IP address to bind to.
 .It Fl h
 Print available options.
 .It Fl n
 Do not use
 .Dv TCP_NODELAY
 option on TCP sockets.
 .It Fl p Ar port
 Port on which
 .Nm
 listens for connections.
 Default is 3080.
 .It Fl q Ar queue_size
 The number of IOs to queue to the disks at once.
 The default is 20.
 If you have a large number of disks and/or you are not seeing the expected
 number of IOPS, increase this parameter.
 .It Fl F Ar pidfile
 PID file that
 .Nm
 uses.
 .It Fl R Ar rcvbuf
 Size of receive buffer to use.
 When not specified, the system default is used.
 .It Fl S Ar sndbuf
 Size of send buffer to use.
 When not specified, the system default is used.
 .It Fl v
 Do not fork, run in foreground and print debug information on standard
 output.
 .It Ar "exports file"
 An alternate location for the exports file.
 .El
 .Pp
 The format of an exports file is as follows:
 .Bd -literal -offset indent
 1.2.3.4		RO	/dev/cd0
 1.2.3.0/24	RW	/tmp/test.img
 hostname	WO	/tmp/image
 .Ed
 .Sh FILES
 .Bl -tag -width ".Pa /var/run/ggated.pid" -compact
 .It Pa /var/run/ggated.pid
 The default location of the
 .Nm
 PID file.
 .El
 .Sh EXIT STATUS
 Exit status is 0 on success, or 1 if the command fails.
 To get details about the failure,
 .Nm
 should be called with the
 .Fl v
 option.
 .Sh EXAMPLES
 Export CD-ROM device and a file:
 .Bd -literal -offset indent
 # echo "1.2.3.0/24 RO /dev/cd0" > /etc/gg.exports
 # echo "client RW /image" >> /etc/gg.exports
 # ggated
 .Ed
 .Sh SEE ALSO
 .Xr geom 4 ,
 .Xr ggatec 8 ,
 .Xr ggatel 8
 .Sh HISTORY
 The
 .Nm
 utility appeared in
 .Fx 5.3 .
 .Sh AUTHORS
 The
 .Nm
 utility as well as this manual page was written by
 .An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org .
--- a/ggated/ggated.c
+++ b/ggated/ggated.c
--- a/ggatel/Makefile
+++ b/ggatel/Makefile
@@ -1,14 +0,0 @@
 # $FreeBSD$

 .PATH: ${.CURDIR:H}/shared

 PROG=	ggatel
 MAN=	ggatel.8
 SRCS=	ggatel.c ggate.c

 CFLAGS+= -DLIBGEOM
 CFLAGS+= -I${.CURDIR:H}/shared

 LDADD=	-lgeom -lutil

 .include <bsd.prog.mk>
--- a/ggatel/Makefile.depend
+++ b/ggatel/Makefile.depend
@@ -1,22 +0,0 @@
 # $FreeBSD$
 # Autogenerated - do NOT edit!

 DIRDEPS = \
 	gnu/lib/csu \
 	include \
 	include/arpa \
 	include/xlocale \
 	lib/${CSU_DIR} \
 	lib/libc \
 	lib/libcompiler_rt \
 	lib/libexpat \
 	lib/libgeom \
 	lib/libsbuf \
 	lib/libutil \


 .include <dirdeps.mk>

 .if ${DEP_RELDIR} == ${_DEP_RELDIR}
 # local dependencies - needed for -jN in clean tree
 .endif
--- a/ggatel/ggatel.8
+++ b/ggatel/ggatel.8
@@ -1,164 +0,0 @@
 .\" Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\" $FreeBSD$
 .\"
 .Dd September 8, 2016
 .Dt GGATEL 8
 .Os
 .Sh NAME
 .Nm ggatel
 .Nd "GEOM Gate local control utility"
 .Sh SYNOPSIS
 .Nm
 .Cm create
 .Op Fl v
 .Op Fl o Cm ro | wo | rw
 .Op Fl s Ar sectorsize
 .Op Fl t Ar timeout
 .Op Fl u Ar unit
 .Ar path
 .Nm
 .Cm destroy
 .Op Fl f
 .Fl u Ar unit
 .Nm
 .Cm list
 .Op Fl v
 .Op Fl u Ar unit
 .Nm
 .Cm rescue
 .Op Fl v
 .Op Fl o Cm ro | wo | rw
 .Fl u Ar unit
 .Ar path
 .Sh DESCRIPTION
 The
 .Nm
 utility is a local GEOM Gate class consumer.
 It can be used as a replacement for
 .Xr md 4
 devices or as a
 .Dq GEOMificator
 for non GEOM-aware devices, but it was mainly created as an example
 on how to use and how to communicate with the GEOM Gate kernel subsystem.
 .Pp
 Available commands:
 .Bl -tag -width ".Cm destroy"
 .It Cm create
 Create a
 .Nm ggate
 provider related to the given regular file or device.
 .It Cm destroy
 Destroy the given
 .Nm ggate
 provider.
 .It Cm list
 List
 .Nm ggate
 providers.
 .It Cm rescue
 Take over a previously created provider and handle pending and future
 requests.
 This is useful if the initial
 .Nm
 process died.
 To prevent data loss, the given path must lead to the
 regular file or device that was used to create the provider.
 .El
 .Pp
 Available options:
 .Bl -tag -width ".Fl s Cm ro | wo | rw"
 .It Fl f
 Forcibly destroy
 .Nm ggate
 provider (cancels all pending requests).
 .It Fl o Cm ro | wo | rw
 Specify permissions to use when opening the file or device: read-only
 .Pq Cm ro ,
 write-only
 .Pq Cm wo ,
 or read-write
 .Pq Cm rw .
 Default is
 .Cm rw .
 .It Fl s Ar sectorsize
 Sector size for
 .Nm ggate
 provider.
 If not specified, it is taken from the device, or set to 512 bytes for files.
 .It Fl t Ar timeout
 Number of seconds to wait before an I/O request will be canceled.
 0 means no timeout.
 Default is 30.
 .It Fl u Ar unit
 Unit number to use.
 .It Fl v
 Do not fork, run in foreground and print debug information on standard
 output.
 .It Ar path
 Path to a regular file or device.
 .El
 .Sh EXIT STATUS
 Exit status is 0 on success, or 1 if the command fails.
 To get details about the failure,
 .Nm
 should be called with the
 .Fl v
 option.
 .Sh EXAMPLES
 .Dq GEOMify
 the
 .Dq Li fd0
 device and use
 .Xr gbde 8
 to encrypt data on a floppy disk.
 .Bd -literal -offset indent
 ggatel create -u 5 /dev/fd0
 gbde init /dev/ggate5
 gbde attach ggate5
 newfs /dev/ggate5.bde
 mount /dev/ggate5.bde /secret
 cp /private/foo /secret/
 umount /secret
 gbde detach ggate5
 ggatel destroy -u 5
 .Ed
 .Sh SEE ALSO
 .Xr geom 4 ,
 .Xr gbde 8 ,
 .Xr ggatec 8 ,
 .Xr ggated 8 ,
 .Xr mount 8 ,
 .Xr newfs 8
 .Sh HISTORY
 The
 .Nm
 utility appeared in
 .Fx 5.3 .
 .Sh AUTHORS
 The
 .Nm
 utility as well as this manual page was written by
 .An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org .
--- a/ggatel/ggatel.c
+++ b/ggatel/ggatel.c
@@ -1,330 +0,0 @@
 /*-
 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 *
 * Copyright (c) 2004 Pawel Jakub Dawidek <pjd@FreeBSD.org>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * $FreeBSD$
 */

 #include <stdio.h>
 #include <stdlib.h>
 #include <stdint.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <string.h>
 #include <err.h>
 #include <errno.h>
 #include <assert.h>
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/bio.h>
 #include <sys/disk.h>
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/syslog.h>

 #include <geom/gate/g_gate.h>
 #include "ggate.h"


 static enum { UNSET, CREATE, DESTROY, LIST, RESCUE } action = UNSET;

 static const char *path = NULL;
 static int unit = G_GATE_UNIT_AUTO;
 static unsigned flags = 0;
 static int force = 0;
 static unsigned sectorsize = 0;
 static unsigned timeout = G_GATE_TIMEOUT;

 static void
 usage(void)
 {

 	fprintf(stderr, "usage: %s create [-v] [-o <ro|wo|rw>] "
 	    "[-s sectorsize] [-t timeout] [-u unit] <path>\n", getprogname());
 	fprintf(stderr, "       %s rescue [-v] [-o <ro|wo|rw>] <-u unit> "
 	    "<path>\n", getprogname());
 	fprintf(stderr, "       %s destroy [-f] <-u unit>\n", getprogname());
 	fprintf(stderr, "       %s list [-v] [-u unit]\n", getprogname());
 	exit(EXIT_FAILURE);
 }

 static int
 g_gate_openflags(unsigned ggflags)
 {

 	if ((ggflags & G_GATE_FLAG_READONLY) != 0)
 		return (O_RDONLY);
 	else if ((ggflags & G_GATE_FLAG_WRITEONLY) != 0)
 		return (O_WRONLY);
 	return (O_RDWR);
 }

 static void
 g_gatel_serve(int fd)
 {
 	struct g_gate_ctl_io ggio;
 	size_t bsize;

 	if (g_gate_verbose == 0) {
 		if (daemon(0, 0) == -1) {
 			g_gate_destroy(unit, 1);
 			err(EXIT_FAILURE, "Cannot daemonize");
 		}
 	}
 	g_gate_log(LOG_DEBUG, "Worker created: %u.", getpid());
 	ggio.gctl_version = G_GATE_VERSION;
 	ggio.gctl_unit = unit;
 	bsize = sectorsize;
 	ggio.gctl_data = malloc(bsize);
 	for (;;) {
 		int error;
 once_again:
 		ggio.gctl_length = bsize;
 		ggio.gctl_error = 0;
 		g_gate_ioctl(G_GATE_CMD_START, &ggio);
 		error = ggio.gctl_error;
 		switch (error) {
 		case 0:
 			break;
 		case ECANCELED:
 			/* Exit gracefully. */
 			free(ggio.gctl_data);
 			g_gate_close_device();
 			close(fd);
 			exit(EXIT_SUCCESS);
 		case ENOMEM:
 			/* Buffer too small. */
 			assert(ggio.gctl_cmd == BIO_DELETE ||
 			    ggio.gctl_cmd == BIO_WRITE);
 			ggio.gctl_data = realloc(ggio.gctl_data,
 			    ggio.gctl_length);
 			if (ggio.gctl_data != NULL) {
 				bsize = ggio.gctl_length;
 				goto once_again;
 			}
 			/* FALLTHROUGH */
 		case ENXIO:
 		default:
 			g_gate_xlog("ioctl(/dev/%s): %s.", G_GATE_CTL_NAME,
 			    strerror(error));
 		}

 		error = 0;
 		switch (ggio.gctl_cmd) {
 		case BIO_READ:
 			if ((size_t)ggio.gctl_length > bsize) {
 				ggio.gctl_data = realloc(ggio.gctl_data,
 				    ggio.gctl_length);
 				if (ggio.gctl_data != NULL)
 					bsize = ggio.gctl_length;
 				else
 					error = ENOMEM;
 			}
 			if (error == 0) {
 				if (pread(fd, ggio.gctl_data, ggio.gctl_length,
 				    ggio.gctl_offset) == -1) {
 					error = errno;
 				}
 			}
 			break;
 		case BIO_DELETE:
 		case BIO_WRITE:
 			if (pwrite(fd, ggio.gctl_data, ggio.gctl_length,
 			    ggio.gctl_offset) == -1) {
 				error = errno;
 			}
 			break;
 		default:
 			error = EOPNOTSUPP;
 		}

 		ggio.gctl_error = error;
 		g_gate_ioctl(G_GATE_CMD_DONE, &ggio);
 	}
 }

 static void
 g_gatel_create(void)
 {
 	struct g_gate_ctl_create ggioc;
 	int fd;

 	fd = open(path, g_gate_openflags(flags) | O_DIRECT | O_FSYNC);
 	if (fd == -1)
 		err(EXIT_FAILURE, "Cannot open %s", path);
 	memset(&ggioc, 0, sizeof(ggioc));
 	ggioc.gctl_version = G_GATE_VERSION;
 	ggioc.gctl_unit = unit;
 	ggioc.gctl_mediasize = g_gate_mediasize(fd);
 	if (sectorsize == 0)
 		sectorsize = g_gate_sectorsize(fd);
 	ggioc.gctl_sectorsize = sectorsize;
 	ggioc.gctl_timeout = timeout;
 	ggioc.gctl_flags = flags;
 	ggioc.gctl_maxcount = 0;
 	strlcpy(ggioc.gctl_info, path, sizeof(ggioc.gctl_info));
 	g_gate_ioctl(G_GATE_CMD_CREATE, &ggioc);
 	if (unit == -1)
 		printf("%s%u\n", G_GATE_PROVIDER_NAME, ggioc.gctl_unit);
 	unit = ggioc.gctl_unit;
 	g_gatel_serve(fd);
 }

 static void
 g_gatel_rescue(void)
 {
 	struct g_gate_ctl_cancel ggioc;
 	int fd;

 	fd = open(path, g_gate_openflags(flags));
 	if (fd == -1)
 		err(EXIT_FAILURE, "Cannot open %s", path);

 	ggioc.gctl_version = G_GATE_VERSION;
 	ggioc.gctl_unit = unit;
 	ggioc.gctl_seq = 0;
 	g_gate_ioctl(G_GATE_CMD_CANCEL, &ggioc);

 	g_gatel_serve(fd);
 }

 int
 main(int argc, char *argv[])
 {

 	if (argc < 2)
 		usage();
 	if (strcasecmp(argv[1], "create") == 0)
 		action = CREATE;
 	else if (strcasecmp(argv[1], "rescue") == 0)
 		action = RESCUE;
 	else if (strcasecmp(argv[1], "destroy") == 0)
 		action = DESTROY;
 	else if (strcasecmp(argv[1], "list") == 0)
 		action = LIST;
 	else
 		usage();
 	argc -= 1;
 	argv += 1;
 	for (;;) {
 		int ch;

 		ch = getopt(argc, argv, "fo:s:t:u:v");
 		if (ch == -1)
 			break;
 		switch (ch) {
 		case 'f':
 			if (action != DESTROY)
 				usage();
 			force = 1;
 			break;
 		case 'o':
 			if (action != CREATE && action != RESCUE)
 				usage();
 			if (strcasecmp("ro", optarg) == 0)
 				flags = G_GATE_FLAG_READONLY;
 			else if (strcasecmp("wo", optarg) == 0)
 				flags = G_GATE_FLAG_WRITEONLY;
 			else if (strcasecmp("rw", optarg) == 0)
 				flags = 0;
 			else {
 				errx(EXIT_FAILURE,
 				    "Invalid argument for '-o' option.");
 			}
 			break;
 		case 's':
 			if (action != CREATE)
 				usage();
 			errno = 0;
 			sectorsize = strtoul(optarg, NULL, 10);
 			if (sectorsize == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid sectorsize.");
 			break;
 		case 't':
 			if (action != CREATE)
 				usage();
 			errno = 0;
 			timeout = strtoul(optarg, NULL, 10);
 			if (timeout == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid timeout.");
 			break;
 		case 'u':
 			errno = 0;
 			unit = strtol(optarg, NULL, 10);
 			if (unit == 0 && errno != 0)
 				errx(EXIT_FAILURE, "Invalid unit number.");
 			break;
 		case 'v':
 			if (action == DESTROY)
 				usage();
 			g_gate_verbose++;
 			break;
 		default:
 			usage();
 		}
 	}
 	argc -= optind;
 	argv += optind;

 	switch (action) {
 	case CREATE:
 		if (argc != 1)
 			usage();
 		g_gate_load_module();
 		g_gate_open_device();
 		path = argv[0];
 		g_gatel_create();
 		break;
 	case RESCUE:
 		if (argc != 1)
 			usage();
 		if (unit == -1) {
 			fprintf(stderr, "Required unit number.\n");
 			usage();
 		}
 		g_gate_open_device();
 		path = argv[0];
 		g_gatel_rescue();
 		break;
 	case DESTROY:
 		if (unit == -1) {
 			fprintf(stderr, "Required unit number.\n");
 			usage();
 		}
 		g_gate_verbose = 1;
 		g_gate_open_device();
 		g_gate_destroy(unit, force);
 		break;
 	case LIST:
 		g_gate_list(unit, g_gate_verbose);
 		break;
 	case UNSET:
 	default:
 		usage();
 	}
 	g_gate_close_device();
 	exit(EXIT_SUCCESS);
 }
--- a/ggatessh/Makefile
+++ b/ggatessh/Makefile
@@ -0,0 +1,34 @@
 # $FreeBSD$

 .PATH: ${.CURDIR:H}/shared

 SUBDIR=	rc.d

 LIBSSH2_DIR=../libssh2
 LIBSSH2=${LIBSSH2_DIR}/src/.libs/libssh2.a
 PROG=	ggatessh
 MAN=	ggatessh.8
 SRCS=	ggatessh.c ggate.c

 CFLAGS+= -DMAX_SEND_SIZE=32768
 CFLAGS+= -DLIBGEOM
 CFLAGS+= -I${.CURDIR:H}/shared
 CFLAGS+= -I${LIBSSH2_DIR}/include
 #CFLAGS+= -O0 -g
 #CFLAGS+= -fprofile-instr-generate

 #LDFLAGS+= -L/home/freebsd/libssh2/src/.libs
 LDADD=	-lgeom -lutil -lpthread ${LIBSSH2} -lcrypto -lssl -lz

 ${PROG}: ${LIBSSH2}

 ${LIBSSH2}: ${LIBSSH2_DIR}/Makefile
 	(cd ${LIBSSH2_DIR} && make -j 4)

 ${LIBSSH2_DIR}/Makefile: ${LIBSSH2_DIR}/configure
 	(cd ${LIBSSH2_DIR} && ./configure --disable-shared)

 ${LIBSSH2_DIR}/configure: ${LIBSSH2_DIR}/configure.ac
 	(cd ${LIBSSH2_DIR} && autoreconf -fi)

 .include <bsd.prog.mk>
--- a/ggatessh/Makefile.depend
+++ b/ggatessh/Makefile.depend
--- a/ggatessh/ggatessh.8
+++ b/ggatessh/ggatessh.8
@@ -24,35 +24,37 @@
 .\"
 .\" $FreeBSD$
 .\"
 .Dd September 8, 2016
 .Dt GGATEC 8
 .Dd October 21, 2020
 .Dt GGATESSH 8
 .Os
 .Sh NAME
 .Nm ggatec
 .Nd "GEOM Gate network client and control utility"
 .Nm ggatessh
 .Nd "GEOM Gate SSH/SFTP client and control utility"
 .Sh SYNOPSIS
 .Nm
 .Cm create
 .Op Fl n
 .Op Fl v
 .Op Fl o Cm ro | wo | rw
 .Op Fl F Ar pidfile
 .Op Fl i Ar identifyfile
 .Op Fl l Ar username
 .Op Fl p Ar port
 .Op Fl q Ar queue_size
 .Op Fl R Ar rcvbuf
 .Op Fl S Ar sndbuf
 .Op Fl s Ar sectorsize
 .Op Fl r Ar nrequests
 .Op Fl t Ar timeout
 .Op Fl u Ar unit
 .Ar host
 .Ar path
 .Nm
 .Cm rescue
 .Op Fl n
 .Op Fl v
 .Op Fl o Cm ro | wo | rw
 .Op Fl F Ar pidfile
 .Op Fl i Ar identifyfile
 .Op Fl l Ar username
 .Op Fl p Ar port
 .Op Fl R Ar rcvbuf
 .Op Fl S Ar sndbuf
 .Op Fl r Ar nrequests
 .Fl u Ar unit
 .Ar host
 .Ar path
@@ -70,26 +72,28 @@ The
 utility is a network client for the GEOM Gate class.
 It is responsible for the creation of
 .Nm ggate
 devices and forwarding I/O requests between the
 .Nm GEOM Gate
 kernel subsystem and the
 .Xr ggated 8
 network daemon.
 devices and forwarding I/O requests between the GEOM Gate
 kernel subsystem and an
 .Xr sftp-server 8
 over SSH.
 .Pp
 Available commands:
 .Bl -tag -width ".Cm destroy"
 .It Cm create
 Connect to a
 .Xr ggated 8
 daemon on the specified host and create a
 Connect to an
 .Xr sftp-server 8
 via SSH on the specified host and create a
 .Nm ggate
 provider for the specified remote file or device.
 .It Cm rescue
 Create a new connection after the
 .Nm
 process has died or been killed.
 process has died or has been killed.
 The new connection to the
 .Xr ggated 8
 daemon handles pending and future requests.
 .Xr sftp-server 8
 handles pending and future requests.
 If the remote file has changed in size, the ggate device
 will be resized to match the new remote size.
 .It Cm destroy
 Destroy the given
 .Nm ggate
@@ -102,14 +106,28 @@ providers.
 .Pp
 Available options:
 .Bl -tag -width ".Fl s Cm ro | wo | rw"
 .It Fl F Ar pidfile
 Write out the daemon's pid to
 .Ar pidfile .
 The default is
 .Pa /var/run/ggatessh.ggate<unit>.pid .
 .It Fl f
 Forcibly destroy
 .Nm ggate
 provider (cancels all pending requests).
 .It Fl n
 Do not use
 .Dv TCP_NODELAY
 option on TCP sockets.
 .It Fl i Ar identityfile
 The path to the identity file to use for ssh public key authentication.
 If the
 .Ar identityfile
 is not specified, the default of
 .Pa $HOME/.ssh/id_rsa
 will be used.
 .It Fl l Ar username
 The user name to authentice to the server with.
 If
 .Ar username
 is not specified, the default will be
 .Ev $USER .
 .It Fl o Cm ro | wo | rw
 Specify permissions to use when opening the file or device: read-only
 .Pq Cm ro ,
@@ -121,17 +139,17 @@ Default is
 .Cm rw .
 .It Fl p Ar port
 Port to connect to on the remote host.
 Default is 3080.
 Default is 22.
 .It Fl q Ar queue_size
 Number of pending I/O requests that can be queued before they will
 start to be canceled.
 Default is 1024.
 .It Fl R Ar rcvbuf
 Size of receive buffer to use.
 When not specified, the system default is used.
 .It Fl S Ar sndbuf
 Size of send buffer to use.
 When not specified, the system default is used.
 .It Fl r Ar nrequests
 Specifies how many requests may be outstanding at a single time.
 This determines that maximum number of connections to the
 .Xr sftp-server 8
 that will be established at a time.
 If unspecified, the default is 32.
 .It Fl s Ar sectorsize
 Sector size for
 .Nm ggate
@@ -146,9 +164,9 @@ Unit number to use.
 Do not fork, run in foreground and print debug information on standard
 output.
 .It Ar host
 Remote host to connect to.
 Remote SSH server to connect to.
 .It Ar path
 Path to a regular file or device.
 Path to a regular file or device on the remote host.
 .El
 .Sh EXIT STATUS
 Exit status is 0 on success, or 1 if the command fails.
@@ -170,6 +188,7 @@ client# mount_cd9660 /dev/ggate0 /cdrom
 .Ed
 .Sh SEE ALSO
 .Xr geom 4 ,
 .Xr ggatessh 7 ,
 .Xr ggated 8 ,
 .Xr ggatel 8 ,
 .Xr mount_cd9660 8
--- a/ggatessh/ggatessh.c
+++ b/ggatessh/ggatessh.c
--- a/ggatessh/rc.d/Makefile
+++ b/ggatessh/rc.d/Makefile
@@ -0,0 +1,15 @@
 # $FreeBSD$

 SYSCONFDIR?=	${PREFIX}/etc
 RCDIR=		${SYSCONFDIR}/rc.d
 SCRIPTSDIR=	${RCDIR}

 MAN=		ggatessh.7

 SCRIPTS=	ggatessh

 .if defined(PREFIX)
 SHAREDIR=	${PREFIX}/share
 .endif

 .include <bsd.prog.mk>
--- a/ggatessh/rc.d/ggatessh
+++ b/ggatessh/rc.d/ggatessh
@@ -0,0 +1,246 @@
 #!/bin/sh -
 #
 # $FreeBSD$
 #

 # PROVIDE: ggatessh
 # REQUIRE: NETWORKING
 # BEFORE: mountlate
 # KEYWORD: nojail

 . /etc/rc.subr

 name="ggatessh"
 desc="ggate devices over ssh/sftp"
 rcvar="ggatessh_enable"
 destroy_cmd="ggatessh_iter destroy"
 rescue_cmd="ggatessh_iter rescue"
 start_cmd="ggatessh_iter start"
 stop_cmd="ggatessh_iter stop"
 status_cmd="ggatessh_iter status"
 tests_cmd="ggatessh_tests"
 extra_commands="destroy rescue status tests"
 required_modules="geom_gate:g_gate"

 scriptname="$(find /usr/local/etc/rc.d /etc/rc.d -name ggatessh | head -n 1)"
 command="${scriptname%/etc/rc.d/ggatessh}/sbin/ggatessh"

 # ggatessh_devs="0 2 3"
 # ggatessh_0_path="remuser@host.example.com:somepath"
 # ggatessh_0_pidfile="xxx"
 # ggatessh_0_sector="512"
 # ggatessh_0_port="22"
 # ggatessh_0_sshkey="/root/.ssh/id.rsa.ggate0"

 getvar()
 {
 	eval echo \${ggatessh_${devnum}_$1}
 }

 getpidfile()
 {
 	local pidfile

 	pidfile=$(getvar pidfile)
 	pidfile=${pidfile:=/var/run/ggatessh.ggate${devnum}.pid}
 	echo "$pidfile"
 }

 # Parses ggatessh_${devnum}_path into the variables:
 # user - username of user (defaults to root)
 # host - hostname of server
 # imgpath - path to image on server

 getpid()
 {
 	pgrep -L -F $(getpidfile) 2>/dev/null
 }

 parse_path()
 {
 	path=$(getvar path)
 	imgpath="${path#*:}"
 	userhost="${path%:*}"
 	host="${userhost#*@}"
 	user="${userhost%$host}"
 	user="${user%@}"
 	user="${user:=root}"
 }

 ggatessh_destroy()
 {
 	echo destroying ggate$devnum
 	${command} destroy -u "$devnum"
 }

 ggatessh_run()
 {
 	if [ x"$(getvar pidfile)" != x"" ]; then
 		args="-F $(getvar pidfile)"
 	fi
 	if [ x"$(getvar sshkey)" != x"" ]; then
 		args="$args -i $(getvar sshkey)"
 	fi
 	if [ x"$(getvar sector)" != x"" ]; then
 		args="$args -s $(getvar sector)"
 	fi
 	if [ x"$(getvar port)" != x"" ]; then
 		args="$args -p $(getvar port)"
 	fi

 	${command} "$1" $args -l "$user" -u "$devnum" "$host" "$imgpath"
 }

 ggatessh_rescue()
 {
 	echo "rescuing ggatessh ggate$devnum"
 	ggatessh_run rescue
 }

 ggatessh_start()
 {
 	echo "starting ggatessh ggate$devnum"
 	ggatessh_run create
 }

 ggatessh_stop()
 {
 	pid=$(getpid)
 	if [ x"$pid" != x"" ]; then
 		echo "killing ggatessh ggate$devnum pid $pid"
 		while :; do
 			pkill -L -F $(getpidfile)
 			if [ x"$(getpid)" = x"" ]; then
 				break
 			fi
 			echo .
 			sleep .5
 		done
 	else
 		echo "error ggatessh $devnum not running"
 		exit 1
 	fi
 }

 ggatessh_status()
 {
 	pid=$(getpid)
 	if [ x"$pid" != x"" ]; then
 		echo "ggatessh for ggate$devnum is running (pid=$pid)"
 	else
 		echo "ggatessh for ggate$devnum is not running"
 	fi
 }

 # Tests to make sure various functions work as expected
 ggatessh_tests()
 {

 	echo starting tests: $(date)

 	devnum=5
 	ggatessh_5_path="auser@ahost:apath"
 	parse_path
 	if [ "$user" != "auser" -o "$host" != "ahost" -o "$imgpath" != "apath" ]; then
 		echo failed to parse: $ggatessh_5_path
 		exit 1
 	fi
 	ggatessh_5_path="@ahost:apath"
 	parse_path
 	if [ "$user" != "root" -o "$host" != "ahost" -o "$imgpath" != "apath" ]; then
 		echo failed to parse: $ggatessh_5_path
 		exit 1
 	fi
 	ggatessh_5_path="ahost:apath"
 	parse_path
 	if [ "$user" != "root" -o "$host" != "ahost" -o "$imgpath" != "apath" ]; then
 		echo failed to parse: $ggatessh_5_path
 		exit 1
 	fi

 	if [ x"$(getpidfile)" != x"/var/run/ggatessh.ggate5.pid" ]; then
 		echo "getpidfile returned invalid: $(getpidfile)"
 		exit 1
 	fi

 	ggatessh_5_pidfile="somepidfile"
 	if [ x"$(getvar pidfile)" != x"somepidfile" ]; then
 		echo getvar failed to fetch pidfile
 		exit 1
 	fi
 	if [ x"$(getpidfile)" != x"somepidfile" ]; then
 		echo "getpidfile returned invalid: $(getpidfile)"
 		exit 1
 	fi


 	command=ggatessh
 	ggatessh()
 	{
 		if [ x"$*" != x"$expected" ]; then
 			echo failed, got: "$*"
 			exit 1
 		fi
 	}

 	ggatessh_5_sshkey=""

 	expected="create -F somepidfile -l root -u 5 ahost apath"
 	res=$(ggatessh_start)
 	if [ x"$res" != x"starting ggatessh ggate5" ]; then
 		echo failed to output correct info on start, got: "$res"
 		exit 1
 	fi

 	expected="rescue -F somepidfile -l root -u 5 ahost apath"
 	res=$(ggatessh_rescue)
 	if [ x"$res" != x"rescuing ggatessh ggate5" ]; then
 		echo failed to output correct info on rescue, got: "$res"
 		exit 1
 	fi

 	ggatessh_5_sector="123"
 	expected="rescue -F somepidfile -s 123 -l root -u 5 ahost apath"
 	ggatessh_rescue >/dev/null

 	ggatessh_5_sector=""
 	ggatessh_5_sshkey="some.keyfile"
 	expected="create -F somepidfile -i some.keyfile -l root -u 5 ahost apath"
 	ggatessh_start >/dev/null

 	ggatessh_5_port="randomport"
 	expected="create -F somepidfile -i some.keyfile -p randomport -l root -u 5 ahost apath"
 	ggatessh_start >/dev/null

 	ggatessh_5_port="randomport"
 	expected="destroy -u 5"
 	ggatessh_destroy >/dev/null

 	echo done
 }

 ggatessh_iter()
 {

 	for devnum in $ggatedevnums; do
 		parse_path
 		if [ x"$1" = x"start" ]; then
 			ggatessh_start
 		elif [ x"$1" = x"stop" ]; then
 			ggatessh_stop
 		elif [ x"$1" = x"rescue" ]; then
 			ggatessh_rescue
 		elif [ x"$1" = x"status" ]; then
 			ggatessh_status
 		fi
 	done
 }

 load_rc_config $name

 cmd="$1"
 shift
 tmp="$*"
 ggatedevnums="${tmp:=$ggatessh_devs}"

 run_rc_command "$cmd"
--- a/ggatessh/rc.d/ggatessh.7
+++ b/ggatessh/rc.d/ggatessh.7
@@ -0,0 +1,153 @@
 .\"
 .\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 .\"
 .\" Copyright 2020 John-Mark Gurney
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\" $FreeBSD$
 .\"
 .\" Note: The date here should be updated whenever a non-trivial
 .\" change is made to the manual page.
 .Dd October 25, 2020
 .Dt GGATESSH 7
 .Os
 .Sh NAME
 .Nm ggatessh
 .Nd start up script for ggatessh
 .Sh SYNOPSIS
 .Bd -literal -compact
 service ggatessh [one]start [ <devnum> ... ]
 service ggatessh [one]rescue [ <devnum> ... ]
 service ggatessh [one]stop [ <devnum> ... ]
 service ggatessh [one]destroy [ <devnum> ... ]
 service ggatessh [one]status [ <devnum> ... ]
 .Ed
 .Pp
 Configuration via
 .Xr rc.conf 5 :
 .Dl ggatessh_enable="YES"
 .Dl ggatessh_devs="<listofnums>"
 .Dl ggatessh_<num>_path="usera@hosta:patha/to/file"
 .Dl ggatessh_<num>_pidfile="/path/to/pidfile"
 .Dl ggatessh_<num>_sector="<size of sector>"
 .Dl ggatessh_<num>_port="<port of server>"
 .Dl ggatessh_<num>_sshkey="/path/to/ssh/key"
 .Sh DESCRIPTION
 The
 .Nm
 rc.d script is allows for boot time and run time configuration of
 .Xr ggatessh 8 .
 .Pp
 If no
 .Ar devnum
 arguments are specified, then the script iterates through all the
 numbers that are specified in the
 .Dv ggatessh_devs
 variable.
 If one or more
 .Ar devnum
 arguments are specified, the provided commands is run for each of them.
 .Pp
 The following actions are:
 .Bl -tag -width destroy
 .It start
 This creates the ggate device and runs the daemon with the specified
 parameters.
 .It rescue
 This requires that the ggate device has already been created w/ the
 .Cm start
 command or via another mechanism.
 This command will run
 .Xr ggatessh 8
 with the rescue command, allowing IOs to resume after a previous
 daemon has died.
 .It stop
 This command will kill the daemon that was started via the
 .Cm start
 command.
 This will not destroy the ggate device, which means that any IO to
 the device will hang and not be completed until the daemon is restarted
 or the device is forcefully destroyed using the
 .Xr ggatessh 8
 command.
 .It destroy
 This will destroy the ggate device.
 If the device is busy, or currently open, it will fail.
 .It status
 Print out the status of the
 .Xr ggatessh 8
 daemon, and if it is running, its pid.
 .El
 .Pp
 For each
 .Ar devnum
 specified, either via
 .Dv ggatessh_devs
 or as an argument, the following
 .Xr rc.conf 5
 options are used:
 .Bl -tag -width "ggatessh_<num>_pidfile"
 .It ggatessh_<num>_path
 This specifies the user, host and file to use.
 Its format is:
 .Dv [user@]host:file .
 If the user part is not specified, it defaults to
 .Dv root.
 .It ggatessh_<num>_pidfile
 Specify the file to use to store the daemon's pid.
 If this is not specified, it defaults to
 .Pa /var/run/ggatessh.ggate<num>.pid .
 .It ggatessh_<num>_sector
 Specifies the sector size of the device.
 If not specified, the default,
 .Dv 4096
 is used.
 .It ggatessh_<num>_port
 Specifies the port to connect to on the host.
 The default is 22 if not specified.
 .It ggatessh_<num>_sshkey
 Specifies the ssh key to use for authentication.
 If unspecified, the default
 .Pa $HOME/.ssh/id_rsa
 is used.
 As
 .Dv $HOME
 may be different when the startup script is run in different contexts,
 it is highly recommended to specify this.
 .El
 .Sh FILES
 .Bl -tag -width ".Pa /dev/null" -compact
 .It Pa /etc/rc.d/ggatessh
 The script described in this man page.
 .El
 .Sh SEE ALSO
 .Xr rc.conf 5 ,
 .Xr ggatessh 8
 .Sh HISTORY
 The
 .Nm
 script first appeared in
 .Fx 13.0 .
 .Sh AUTHORS
 This manual page was written by
 .An John-Mark Gurney Aq Mt jmg@FreeBSD.org .
--- a/libssh2/.editorconfig
+++ b/libssh2/.editorconfig
@@ -0,0 +1,9 @@
 root = true

 [*.{c, h}]
 end_of_line = lf
 insert_final_newline = true
 indent_style = space
 indent_size = 4
 trim_trailing_whitespace = true
 max_line_length = 80
--- a/libssh2/.gitattribute
+++ b/libssh2/.gitattribute
@@ -0,0 +1,2 @@
 win32/msvcproj.head -crlf
 win32/msvcproj.foot -crlf
--- a/libssh2/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/libssh2/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,26 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 title: ''
 labels: ''
 assignees: ''

 ---

 **Describe the bug**
 A clear and concise description of what the bug is.

 **To Reproduce**
 Steps to reproduce the behavior.

 A recipe or example code that reproduces the problem? A stack trace from a crash

 **Expected behavior**
 A clear and concise description of what you expected to happen.

 **Version (please complete the following information):**
 - OS: [e.g. iOS]
 - libssh2 version [e.g. 1.8.0]

 **Additional context**
 Add any other context about the problem here.
--- a/libssh2/.github/stale.yml
+++ b/libssh2/.github/stale.yml
@@ -0,0 +1,17 @@
 # Number of days of inactivity before an issue becomes stale
 daysUntilStale: 120
 # Number of days of inactivity before a stale issue is closed
 daysUntilClose: 30
 # Issues with these labels will never be considered stale
 exemptLabels:
  - pinned
  - security
 # Label to use when marking an issue as stale
 staleLabel: stale
 # Comment to post when marking an issue as stale. Set to `false` to disable
 markComment: >
  This issue has been automatically marked as stale because it has not had
  recent activity. It will be closed if no further activity occurs. Thank you
  for your contributions.
 # Comment to post when closing a stale issue. Set to `false` to disable
 closeComment: false
--- a/libssh2/.gitignore
+++ b/libssh2/.gitignore
@@ -0,0 +1,37 @@
 .deps
 .libs
 *.lib
 *.pdb
 *.dll
 *.exe
 *.obj
 .*.swp
 Debug
 Release
 *.exp
 Makefile
 Makefile.in
 aclocal.m4
 autom4te.cache
 compile
 test-driver
 config.guess
 config.log
 config.status
 config.sub
 configure
 depcomp
 libtool
 ltmain.sh
 missing
 ssh2_sample
 libssh2-*.tar.gz
 install-sh
 *.o
 *.lo
 *.la
 mkinstalldirs
 tags
 libssh2.pc
 TAGS
 *~
--- a/libssh2/.travis.yml
+++ b/libssh2/.travis.yml
@@ -0,0 +1,130 @@
 # Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

 sudo: required

 services:
  - docker

 language: c

 compiler:
  - gcc
  - clang

 addons:
  chrome: stable

 env:
  matrix:
   - B=style
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=configure
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake
   - B=fuzzer

 before_install:
  - if [ $ADDRESS_SIZE = '32' ]; then sudo dpkg --add-architecture i386; fi
  - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get update -qq; fi
  - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y gcc-multilib; fi
  - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y libssl-dev:i386 libgcrypt20-dev:i386 build-essential gcc-multilib; fi
  - if [ $ADDRESS_SIZE = '32' ]; then sudo dpkg --purge --force-depends gcc-multilib && sudo dpkg --purge --force-depends libssl-dev; fi
  - if [ $ADDRESS_SIZE = '64' ]; then sudo apt-get install -y libssl-dev; fi
  - if [ $ADDRESS_SIZE = '64' ]; then sudo apt-get install -y libgcrypt11-dev; fi
  - if [ $ADDRESS_SIZE = '32' ]; then export TOOLCHAIN_OPTION="-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-Linux-32.cmake"; fi
  - if [ $CRYPTO_BACKEND = 'mbedTLS' ]; then
      MBEDTLSVER=mbedtls-2.7.0;
      curl -L https://github.com/ARMmbed/mbedtls/archive/$MBEDTLSVER.tar.gz | tar -xzf -;
      cd mbedtls-$MBEDTLSVER;
      cmake $TOOLCHAIN_OPTION -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DCMAKE_INSTALL_PREFIX:PATH=../usr .;
      make -j3 install;
      cd ..;
      export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/usr/lib;
      export TOOLCHAIN_OPTION="$TOOLCHAIN_OPTION -DCMAKE_PREFIX_PATH=$PWD/usr";
    fi

 install:

 script:
  - |
      if [ "$B" = "style" ]; then
        ./buildconf
        ./configure
        make checksrc
      fi
  - |
      if [ "$B" = "configure" ]; then
        autoreconf -fi
        ./configure --enable-debug --enable-werror
        make
        make check
      fi
  - |
      if [ "$B" = "cmake" ]; then
        mkdir bin
        cd bin
        cmake $TOOLCHAIN_OPTION -DCRYPTO_BACKEND=$CRYPTO_BACKEND -DBUILD_SHARED_LIBS=$BUILD_SHARED_LIBS -DENABLE_ZLIB_COMPRESSION=$ENABLE_ZLIB_COMPRESSION .. && cmake --build . && CTEST_OUTPUT_ON_FAILURE=1 cmake --build . --target test && cmake --build . --target package
      fi
  - |
      if [ "$B" = "fuzzer" ]; then
        ./tests/ossfuzz/travisoss.sh
      fi

 # whitelist branches to avoid testing feature branches twice (as branch and as pull request)
 branches:
    only:
        - master
--- a/libssh2/CMakeLists.txt
+++ b/libssh2/CMakeLists.txt
@@ -0,0 +1,109 @@
 # Copyright (c) 2014, 2015  Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

 cmake_minimum_required(VERSION 2.8.11)

 set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)

 project(libssh2 C)
 set(PROJECT_URL "https://www.libssh2.org/")
 set(PROJECT_DESCRIPTION "The SSH library")

 if (CMAKE_VERSION VERSION_LESS "3.1")
  if (CMAKE_C_COMPILER_ID STREQUAL "GNU")
    set (CMAKE_C_FLAGS "--std=gnu90 ${CMAKE_C_FLAGS}")
  endif()
 else()
  set (CMAKE_C_STANDARD 90)
 endif()

 option(BUILD_SHARED_LIBS "Build Shared Libraries" OFF)

 # Parse version

 file(READ ${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h _HEADER_CONTENTS)
 string(
  REGEX REPLACE ".*#define LIBSSH2_VERSION[ \t]+\"([^\"]+)\".*" "\\1"
  LIBSSH2_VERSION "${_HEADER_CONTENTS}")
 string(
  REGEX REPLACE ".*#define LIBSSH2_VERSION_MAJOR[ \t]+([0-9]+).*" "\\1"
  LIBSSH2_VERSION_MAJOR "${_HEADER_CONTENTS}")
 string(
  REGEX REPLACE ".*#define LIBSSH2_VERSION_MINOR[ \t]+([0-9]+).*" "\\1"
  LIBSSH2_VERSION_MINOR "${_HEADER_CONTENTS}")
 string(
  REGEX REPLACE ".*#define LIBSSH2_VERSION_PATCH[ \t]+([0-9]+).*" "\\1"
  LIBSSH2_VERSION_PATCH "${_HEADER_CONTENTS}")

 if(NOT LIBSSH2_VERSION OR
   NOT LIBSSH2_VERSION_MAJOR MATCHES "^[0-9]+$" OR
   NOT LIBSSH2_VERSION_MINOR MATCHES "^[0-9]+$" OR
   NOT LIBSSH2_VERSION_PATCH MATCHES "^[0-9]+$")
  message(
    FATAL_ERROR
    "Unable to parse version from"
    "${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h")
 endif()

 include(GNUInstallDirs)
 install(
  FILES docs/AUTHORS COPYING docs/HACKING README RELEASE-NOTES NEWS
  DESTINATION ${CMAKE_INSTALL_DOCDIR})

 include(max_warnings)
 include(FeatureSummary)

 add_subdirectory(src)

 option(BUILD_EXAMPLES "Build libssh2 examples" ON)
 if(BUILD_EXAMPLES)
  add_subdirectory(example)
 endif()

 option(BUILD_TESTING "Build libssh2 test suite" ON)
 if(BUILD_TESTING)
  enable_testing()
  add_subdirectory(tests)
 endif()

 add_subdirectory(docs)

 feature_summary(WHAT ALL)

 set(CPACK_PACKAGE_VERSION_MAJOR ${LIBSSH2_VERSION_MAJOR})
 set(CPACK_PACKAGE_VERSION_MINOR ${LIBSSH2_VERSION_MINOR})
 set(CPACK_PACKAGE_VERSION_PATCH ${LIBSSH2_VERSION_PATCH})
 set(CPACK_PACKAGE_VERSION ${LIBSSH2_VERSION})
 include(CPack)
--- a/libssh2/COPYING
+++ b/libssh2/COPYING
@@ -0,0 +1,42 @@
 /* Copyright (c) 2004-2007 Sara Golemon <sarag@libssh2.org>
 * Copyright (c) 2005,2006 Mikhail Gusarov <dottedmag@dottedmag.net>
 * Copyright (c) 2006-2007 The Written Word, Inc.
 * Copyright (c) 2007 Eli Fant <elifantu@mail.ru>
 * Copyright (c) 2009-2019 Daniel Stenberg
 * Copyright (C) 2008, 2009 Simon Josefsson
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms,
 * with or without modification, are permitted provided
 * that the following conditions are met:
 *
 *   Redistributions of source code must retain the above
 *   copyright notice, this list of conditions and the
 *   following disclaimer.
 *
 *   Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the following
 *   disclaimer in the documentation and/or other materials
 *   provided with the distribution.
 *
 *   Neither the name of the copyright holder nor the names
 *   of any other contributors may be used to endorse or
 *   promote products derived from this software without
 *   specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 * OF SUCH DAMAGE.
 */

--- a/libssh2/Makefile.OpenSSL.inc
+++ b/libssh2/Makefile.OpenSSL.inc
@@ -0,0 +1,3 @@
 CRYPTO_CSOURCES = openssl.c
 CRYPTO_HHEADERS = openssl.h
 CRYPTO_LTLIBS = $(LTLIBSSL)
--- a/libssh2/Makefile.WinCNG.inc
+++ b/libssh2/Makefile.WinCNG.inc
@@ -0,0 +1,3 @@
 CRYPTO_CSOURCES = wincng.c
 CRYPTO_HHEADERS = wincng.h
 CRYPTO_LTLIBS = $(LTLIBBCRYPT) $(LTLIBCRYPT32)
--- a/libssh2/Makefile.am
+++ b/libssh2/Makefile.am
@@ -0,0 +1,154 @@
 AUTOMAKE_OPTIONS = foreign nostdinc

 SUBDIRS = src tests docs
 if BUILD_EXAMPLES
 SUBDIRS += example
 endif

 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libssh2.pc

 include_HEADERS =			\
 	include/libssh2.h		\
 	include/libssh2_publickey.h	\
 	include/libssh2_sftp.h

 NETWAREFILES =  nw/keepscreen.c \
 	nw/nwlib.c \
 	nw/GNUmakefile \
 	nw/test/GNUmakefile

 DSP = win32/libssh2.dsp
 VCPROJ = win32/libssh2.vcproj

 DISTCLEANFILES = $(DSP)

 VMSFILES = vms/libssh2_make_example.dcl vms/libssh2_make_help.dcl	\
 vms/libssh2_make_kit.dcl vms/libssh2_make_lib.dcl vms/man2help.c	\
 vms/readme.vms vms/libssh2_config.h

 WIN32FILES = win32/GNUmakefile win32/test/GNUmakefile		\
 win32/libssh2_config.h win32/config.mk win32/rules.mk		\
 win32/Makefile.Watcom win32/libssh2.dsw win32/tests.dsp $(DSP)	\
 win32/msvcproj.head win32/msvcproj.foot win32/libssh2.rc

 OS400FILES = os400/README400 os400/initscript.sh os400/make.sh		\
 os400/make-src.sh os400/make-rpg.sh os400/make-include.sh		\
 os400/os400sys.c os400/ccsid.c						\
 os400/libssh2_config.h os400/macros.h os400/libssh2_ccsid.h		\
 os400/include/alloca.h os400/include/sys/socket.h os400/include/stdio.h	\
 os400/libssh2rpg/libssh2.rpgle.in					\
 os400/libssh2rpg/libssh2_ccsid.rpgle.in					\
 os400/libssh2rpg/libssh2_publickey.rpgle				\
 os400/libssh2rpg/libssh2_sftp.rpgle					\
 Makefile.os400qc3.inc

 EXTRA_DIST = $(WIN32FILES) $(NETWAREFILES) get_ver.awk \
 maketgz NMakefile RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \
 CMakeLists.txt cmake $(OS400FILES)

 ACLOCAL_AMFLAGS = -I m4

 .PHONY: ChangeLog
 ChangeLog:
 	echo "see NEWS" > ./ChangeLog
 DISTCLEANFILES += ChangeLog

 dist-hook:
 	rm -rf $(top_builddir)/tests/log
 	find $(distdir) -name "*.dist" -exec rm {} \;
 	(distit=`find $(srcdir) -name "*.dist"`; \
 	for file in $$distit; do \
 	  strip=`echo $$file | sed -e s/^$(srcdir)// -e s/\.dist//`; \
 	  cp $$file $(distdir)$$strip; \
 	done)

 # Code Coverage

 init-coverage:
 	make clean
 	lcov --directory . --zerocounters

 COVERAGE_CCOPTS ?= "-g --coverage"
 COVERAGE_OUT ?= docs/coverage

 build-coverage:
 	make CFLAGS=$(COVERAGE_CCOPTS) check
 	mkdir -p $(COVERAGE_OUT)
 	lcov --directory . --output-file $(COVERAGE_OUT)/$(PACKAGE).info \
 		--capture

 gen-coverage:
 	genhtml --output-directory $(COVERAGE_OUT) \
 		$(COVERAGE_OUT)/$(PACKAGE).info \
 		--highlight --frames --legend \
 		--title "$(PACKAGE_NAME)"

 coverage: init-coverage build-coverage gen-coverage

 # DSP/VCPROJ generation adapted from libcurl
 # only OpenSSL and WinCNG are supported with this build system
 CRYPTO_CSOURCES = openssl.c wincng.c mbedtls.c
 CRYPTO_HHEADERS = openssl.h wincng.h mbedtls.h
 # Makefile.inc provides the CSOURCES and HHEADERS defines
 include Makefile.inc

 WIN32SOURCES = $(CSOURCES)
 WIN32HEADERS = $(HHEADERS) libssh2_config.h

 $(DSP): win32/msvcproj.head win32/msvcproj.foot Makefile.am
 	echo "creating $(DSP)"
 	@( (cat $(srcdir)/win32/msvcproj.head; \
 	echo "# Begin Group \"Source Files\""; \
 	echo ""; \
 	echo "# PROP Default_Filter \"cpp;c;cxx\""; \
 	win32_srcs='$(WIN32SOURCES)'; \
 	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
 	for file in $$sorted_srcs; do \
 		echo "# Begin Source File"; \
 		echo ""; \
 		echo "SOURCE=..\\src\\"$$file; \
 		echo "# End Source File"; \
 	done; \
 	echo "# End Group"; \
 	echo "# Begin Group \"Header Files\""; \
 	echo ""; \
 	echo "# PROP Default_Filter \"h;hpp;hxx\""; \
 	win32_hdrs='$(WIN32HEADERS)'; \
 	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
 	for file in $$sorted_hdrs; do \
 		echo "# Begin Source File"; \
 		echo ""; \
 		if [ "$$file" = "libssh2_config.h" ]; \
 		then \
 			echo "SOURCE=.\\"$$file; \
 		else \
 			echo "SOURCE=..\\src\\"$$file; \
 		fi; \
 		echo "# End Source File"; \
 	done; \
 	echo "# End Group"; \
 	cat $(srcdir)/win32/msvcproj.foot) | \
 	awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ )

 $(VCPROJ): win32/vc8proj.head win32/vc8proj.foot Makefile.am
 	echo "creating $(VCPROJ)"
 	@( (cat $(srcdir)/vc8proj.head; \
 	win32_srcs='$(WIN32SOURCES)'; \
 	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
 	for file in $$sorted_srcs; do \
 		echo "<File RelativePath=\""..\src\$$file"\"></File>"; \
 	done; \
 	echo "</Filter><Filter	Name=\"Header Files\">"; \
 	win32_hdrs='$(WIN32HEADERS)'; \
 	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
 	for file in $$sorted_hdrs; do \
 		echo "<File RelativePath=\""..\src\$$file"\"></File>"; \
 	done; \
 	cat $(srcdir)/vc8proj.foot) | \
 	awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ )

 checksrc:
 	perl src/checksrc.pl -i4 -m79 -ASIZEOFNOPAREN -ASNPRINTF -ACOPYRIGHT \
 		-AFOPENMODE -Wsrc/libssh2_config.h src/*.[ch] include/*.h example/*.c \
 		tests/*.[ch]
--- a/libssh2/Makefile.inc
+++ b/libssh2/Makefile.inc
@@ -0,0 +1,7 @@
 CSOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c \
 packet.c publickey.c scp.c session.c sftp.c userauth.c transport.c \
 version.c knownhost.c agent.c $(CRYPTO_CSOURCES) pem.c keepalive.c global.c \
 blowfish.c bcrypt_pbkdf.c

 HHEADERS = libssh2_priv.h $(CRYPTO_HHEADERS) transport.h channel.h comp.h \
 mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h blf.h
--- a/libssh2/Makefile.libgcrypt.inc
+++ b/libssh2/Makefile.libgcrypt.inc
@@ -0,0 +1,3 @@
 CRYPTO_CSOURCES = libgcrypt.c
 CRYPTO_HHEADERS = libgcrypt.h
 CRYPTO_LTLIBS = $(LTLIBGCRYPT)
--- a/libssh2/Makefile.mbedTLS.inc
+++ b/libssh2/Makefile.mbedTLS.inc
@@ -0,0 +1,3 @@
 CRYPTO_CSOURCES = mbedtls.c
 CRYPTO_HHEADERS = mbedtls.h
 CRYPTO_LTLIBS = $(LTLIBMBEDCRYPTO)
--- a/libssh2/Makefile.os400qc3.inc
+++ b/libssh2/Makefile.os400qc3.inc
@@ -0,0 +1,2 @@
 CRYPTO_CSOURCES = os400qc3.c
 CRYPTO_HHEADERS = os400qc3.h
--- a/libssh2/NEWS
+++ b/libssh2/NEWS
@@ -0,0 +1,3 @@
 The old NEWS file.

 NEWS is now generated from git and put into the release tarballs.
--- a/libssh2/NMakefile
+++ b/libssh2/NMakefile
@@ -0,0 +1,33 @@
 !include "win32/config.mk"

 !if "$(WITH_WINCNG)" == "1"
 !include "Makefile.WinCNG.inc"
 !else
 !include "Makefile.OpenSSL.inc"
 !endif
 !include "Makefile.inc"

 OBJECTS=$(CSOURCES:.c=.obj)

 # SUBDIRS=src example
 SUBDIRS=src

 all-sub: win32\objects.mk
 	-for %D in ($(SUBDIRS)) do $(MAKE) /nologo /f %D/NMakefile BUILD=$(BUILD) SUBDIR=%D all-sub

 clean: 
 	-rmdir 2>NUL /s/q $(TARGET)
 	-del 2>NUL win32\objects.mk

 real-clean vclean: clean
 	-del 2>NUL libssh2.dll
 	-del 2>NUL libssh2.exp
 	-del 2>NUL libssh2.ilk
 	-del 2>NUL libssh2.lib
 	-del 2>NUL *.pdb

 win32\objects.mk: Makefile.inc
 	@echo OBJECTS = \>$@
 	@for %O in ($(OBJECTS)) do @echo $$(INTDIR)\%O \>>$@
 	@echo $$(EOL)>>$@

--- a/libssh2/README
+++ b/libssh2/README
@@ -0,0 +1,19 @@
 libssh2 - SSH2 library
 ======================

 libssh2 is a library implementing the SSH2 protocol, available under
 the revised BSD license.

 Web site: https://www.libssh2.org/

 Mailing list: https://cool.haxx.se/mailman/listinfo/libssh2-devel

 License: see COPYING

 Source code: https://github.com/libssh2/libssh2

 Web site source code: https://github.com/libssh2/www

 Installation instructions are in:
 - docs/INSTALL_CMAKE for CMake
 - docs/INSTALL_AUTOTOOLS for Autotools
--- a/libssh2/README.md
+++ b/libssh2/README.md
@@ -0,0 +1,16 @@
 # libssh2 - SSH2 library

 libssh2 is a library implementing the SSH2 protocol, available under
 the revised BSD license.

 [Web site](https://www.libssh2.org/)

 [Mailing list](https://cool.haxx.se/mailman/listinfo/libssh2-devel)

 [BSD Licensed](https://libssh2.org/license.html)

 [Web site source code](https://github.com/libssh2/www)

 Installation instructions:
 - [for CMake](docs/INSTALL_CMAKE.md)
 - [for autotools](docs/INSTALL_AUTOTOOLS)
--- a/libssh2/RELEASE-NOTES
+++ b/libssh2/RELEASE-NOTES
@@ -0,0 +1,44 @@
 libssh2 1.9.0

 This release includes the following enhancements and bugfixes:
 
 o adds ECDSA keys and host key support when using OpenSSL
 o adds ED25519 key and host key support when using OpenSSL 1.1.1
 o adds OpenSSH style key file reading
 o adds AES CTR mode support when using WinCNG
 o adds PEM passphrase protected file support for Libgcrypt and WinCNG
 o adds SHA256 hostkey fingerprint
 o adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
 o adds explicit zeroing of sensitive data in memory
 o adds additional bounds checks to network buffer reads
 o adds the ability to use the server default permissions when creating sftp directories
 o adds support for building with OpenSSL no engine flag
 o adds support for building with LibreSSL
 o increased sftp packet size to 256k
 o fixed oversized packet handling in sftp
 o fixed building with OpenSSL 1.1
 o fixed a possible crash if sftp stat gets an unexpected response
 o fixed incorrect parsing of the KEX preference string value
 o fixed conditional RSA and AES-CTR support
 o fixed a small memory leak during the key exchange process
 o fixed a possible memory leak of the ssh banner string
 o fixed various small memory leaks in the backends
 o fixed possible out of bounds read when parsing public keys from the server
 o fixed possible out of bounds read when parsing invalid PEM files
 o no longer null terminates the scp remote exec command
 o now handle errors when diffie hellman key pair generation fails
 o fixed compiling on Windows with the flag STDCALL=ON
 o improved building instructions
 o improved unit tests
 
 This release would not have looked like this without help, code, reports and
 advice from friends like these:

  Peter Surge, Will Cosgrove, Daniel Stenberg, Alex Arslan, Alex Crichton, 
  Thomas Bleeker, Keno Fischer, Marc Hörsken, Marcel Raad, Viktor Szakats,
  Kamil Dudka, Panos, Etienne Samson, Tseng Jun, Brendan Shanks, doublex,
  Erik B, Jakob Egger, Thomas Lochmatter, alex-weaver, Adrian Moran, Zenju,
  gartens, Matthew D. Fuller, Ryan Kelley, Zhen-Huan HWANG, Orivej Desh, 
  Alexander Curtiss
  
  (29 contributors)
--- a/libssh2/acinclude.m4
+++ b/libssh2/acinclude.m4
@@ -0,0 +1,512 @@

 dnl **********************************************************************
 dnl CURL_DETECT_ICC ([ACTION-IF-YES])
 dnl
 dnl check if this is the Intel ICC compiler, and if so run the ACTION-IF-YES
 dnl sets the $ICC variable to "yes" or "no"
 dnl **********************************************************************
 AC_DEFUN([CURL_DETECT_ICC],
 [
    ICC="no"
    AC_MSG_CHECKING([for icc in use])
    if test "$GCC" = "yes"; then
       dnl check if this is icc acting as gcc in disguise
       AC_EGREP_CPP([^__INTEL_COMPILER], [__INTEL_COMPILER],
         dnl action if the text is found, this it has not been replaced by the
         dnl cpp
         ICC="no",
         dnl the text was not found, it was replaced by the cpp
         ICC="yes"
         AC_MSG_RESULT([yes])
         [$1]
       )
    fi
    if test "$ICC" = "no"; then
        # this is not ICC
        AC_MSG_RESULT([no])
    fi
 ])

 dnl We create a function for detecting which compiler we use and then set as
 dnl pendantic compiler options as possible for that particular compiler. The
 dnl options are only used for debug-builds.

 AC_DEFUN([CURL_CC_DEBUG_OPTS],
 [
    if test "z$ICC" = "z"; then
      CURL_DETECT_ICC
    fi

    if test "$GCC" = "yes"; then

       dnl figure out gcc version!
       AC_MSG_CHECKING([gcc version])
       gccver=`$CC -dumpversion`
       num1=`echo $gccver | cut -d . -f1`
       num2=`echo $gccver | cut -d . -f2`
       gccnum=`(expr $num1 "*" 100 + $num2) 2>/dev/null`
       AC_MSG_RESULT($gccver)

       if test "$ICC" = "yes"; then
         dnl this is icc, not gcc.

         dnl ICC warnings we ignore:
         dnl * 269 warns on our "%Od" printf formatters for curl_off_t output:
         dnl   "invalid format string conversion"
         dnl * 279 warns on static conditions in while expressions
         dnl * 981 warns on "operands are evaluated in unspecified order"
         dnl * 1418 "external definition with no prior declaration"
         dnl * 1419 warns on "external declaration in primary source file"
         dnl   which we know and do on purpose.

         WARN="-wd279,269,981,1418,1419"

         if test "$gccnum" -gt "600"; then
            dnl icc 6.0 and older doesn't have the -Wall flag
            WARN="-Wall $WARN"
         fi
       else dnl $ICC = yes
         dnl this is a set of options we believe *ALL* gcc versions support:
         WARN="-W -Wall -Wwrite-strings -pedantic -Wpointer-arith -Wnested-externs -Winline -Wmissing-prototypes"

         dnl -Wcast-align is a bit too annoying on all gcc versions ;-)

         if test "$gccnum" -ge "207"; then
           dnl gcc 2.7 or later
           WARN="$WARN -Wmissing-declarations"
         fi

         if test "$gccnum" -gt "295"; then
           dnl only if the compiler is newer than 2.95 since we got lots of
           dnl "`_POSIX_C_SOURCE' is not defined" in system headers with
           dnl gcc 2.95.4 on FreeBSD 4.9!
           WARN="$WARN -Wundef -Wno-long-long -Wsign-compare"
         fi

         if test "$gccnum" -ge "296"; then
           dnl gcc 2.96 or later
           WARN="$WARN -Wfloat-equal"
         fi

         if test "$gccnum" -gt "296"; then
           dnl this option does not exist in 2.96
           WARN="$WARN -Wno-format-nonliteral"
         fi

         dnl -Wunreachable-code seems totally unreliable on my gcc 3.3.2 on
         dnl on i686-Linux as it gives us heaps with false positives.
         dnl Also, on gcc 4.0.X it is totally unbearable and complains all
         dnl over making it unusable for generic purposes. Let's not use it.

         if test "$gccnum" -ge "303"; then
           dnl gcc 3.3 and later
           WARN="$WARN -Wendif-labels -Wstrict-prototypes"
         fi

         if test "$gccnum" -ge "304"; then
           # try these on gcc 3.4
           WARN="$WARN -Wdeclaration-after-statement"
         fi

         for flag in $CPPFLAGS; do
           case "$flag" in
            -I*)
              dnl Include path, provide a -isystem option for the same dir
              dnl to prevent warnings in those dirs. The -isystem was not very
              dnl reliable on earlier gcc versions.
              add=`echo $flag | sed 's/^-I/-isystem /g'`
              WARN="$WARN $add"
              ;;
           esac
         done

       fi dnl $ICC = no

       CFLAGS="$CFLAGS $WARN"

      AC_MSG_NOTICE([Added this set of compiler options: $WARN])

    else dnl $GCC = yes

      AC_MSG_NOTICE([Added no extra compiler options])

    fi dnl $GCC = yes

    dnl strip off optimizer flags
    NEWFLAGS=""
    for flag in $CFLAGS; do
      case "$flag" in
      -O*)
        dnl echo "cut off $flag"
        ;;
      *)
        NEWFLAGS="$NEWFLAGS $flag"
        ;;
      esac
    done
    CFLAGS=$NEWFLAGS

 ]) dnl end of AC_DEFUN()

 dnl CURL_CHECK_NONBLOCKING_SOCKET
 dnl -------------------------------------------------
 dnl Check for how to set a socket to non-blocking state. There seems to exist
 dnl four known different ways, with the one used almost everywhere being POSIX
 dnl and XPG3, while the other different ways for different systems (old BSD,
 dnl Windows and Amiga).
 dnl
 dnl There are two known platforms (AIX 3.x and SunOS 4.1.x) where the
 dnl O_NONBLOCK define is found but does not work. This condition is attempted
 dnl to get caught in this script by using an excessive number of #ifdefs...
 dnl
 AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET],
 [
  AC_MSG_CHECKING([non-blocking sockets style])

  AC_TRY_COMPILE([
 /* headers for O_NONBLOCK test */
 #include <sys/types.h>
 #include <unistd.h>
 #include <fcntl.h>
 ],[
 /* try to compile O_NONBLOCK */

 #if defined(sun) || defined(__sun__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
 # if defined(__SVR4) || defined(__srv4__)
 #  define PLATFORM_SOLARIS
 # else
 #  define PLATFORM_SUNOS4
 # endif
 #endif
 #if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif

 #if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__)
 #error "O_NONBLOCK does not work on this platform"
 #endif
  int socket;
  int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK);
 ],[
 dnl the O_NONBLOCK test was fine
 nonblock="O_NONBLOCK"
 AC_DEFINE(HAVE_O_NONBLOCK, 1, [use O_NONBLOCK for non-blocking sockets])
 ],[
 dnl the code was bad, try a different program now, test 2

  AC_TRY_COMPILE([
 /* headers for FIONBIO test */
 #include <unistd.h>
 #include <stropts.h>
 ],[
 /* FIONBIO source test (old-style unix) */
 int socket;
 int flags = ioctl(socket, FIONBIO, &flags);
 ],[
 dnl FIONBIO test was good
 nonblock="FIONBIO"
 AC_DEFINE(HAVE_FIONBIO, 1, [use FIONBIO for non-blocking sockets])
 ],[
 dnl FIONBIO test was also bad
 dnl the code was bad, try a different program now, test 3

  AC_TRY_COMPILE([
 /* headers for ioctlsocket test (Windows) */
 #undef inline
 #ifdef HAVE_WINDOWS_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <windows.h>
 #ifdef HAVE_WINSOCK2_H
 #include <winsock2.h>
 #else
 #ifdef HAVE_WINSOCK_H
 #include <winsock.h>
 #endif
 #endif
 #endif
 ],[
 /* ioctlsocket source code */
 SOCKET sd;
 unsigned long flags = 0;
 sd = socket(0, 0, 0);
 ioctlsocket(sd, FIONBIO, &flags);
 ],[
 dnl ioctlsocket test was good
 nonblock="ioctlsocket"
 AC_DEFINE(HAVE_IOCTLSOCKET, 1, [use ioctlsocket() for non-blocking sockets])
 ],[
 dnl ioctlsocket didnt compile!, go to test 4

  AC_TRY_LINK([
 /* headers for IoctlSocket test (Amiga?) */
 #include <sys/ioctl.h>
 ],[
 /* IoctlSocket source code */
 int socket;
 int flags = IoctlSocket(socket, FIONBIO, (long)1);
 ],[
 dnl ioctlsocket test was good
 nonblock="IoctlSocket"
 AC_DEFINE(HAVE_IOCTLSOCKET_CASE, 1, [use Ioctlsocket() for non-blocking sockets])
 ],[
 dnl Ioctlsocket didnt compile, do test 5!
  AC_TRY_COMPILE([
 /* headers for SO_NONBLOCK test (BeOS) */
 #include <socket.h>
 ],[
 /* SO_NONBLOCK source code */
 long b = 1;
 int socket;
 int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
 ],[
 dnl the SO_NONBLOCK test was good
 nonblock="SO_NONBLOCK"
 AC_DEFINE(HAVE_SO_NONBLOCK, 1, [use SO_NONBLOCK for non-blocking sockets])
 ],[
 dnl test 5 didnt compile!
 nonblock="nada"
 AC_DEFINE(HAVE_DISABLED_NONBLOCKING, 1, [disabled non-blocking sockets])
 ])
 dnl end of fifth test

 ])
 dnl end of forth test

 ])
 dnl end of third test

 ])
 dnl end of second test

 ])
 dnl end of non-blocking try-compile test
  AC_MSG_RESULT($nonblock)

  if test "$nonblock" = "nada"; then
    AC_MSG_WARN([non-block sockets disabled])
  fi
 ])

 dnl CURL_CHECK_NEED_REENTRANT_SYSTEM
 dnl -------------------------------------------------
 dnl Checks if the preprocessor _REENTRANT definition
 dnl must be unconditionally done for this platform.
 dnl Internal macro for CURL_CONFIGURE_REENTRANT.

 AC_DEFUN([CURL_CHECK_NEED_REENTRANT_SYSTEM], [
  case $host in
    *-*-solaris* | *-*-hpux*)
      tmp_need_reentrant="yes"
      ;;
    *)
      tmp_need_reentrant="no"
      ;;
  esac
 ])


 dnl CURL_CONFIGURE_FROM_NOW_ON_WITH_REENTRANT
 dnl -------------------------------------------------
 dnl This macro ensures that configuration tests done
 dnl after this will execute with preprocessor symbol
 dnl _REENTRANT defined. This macro also ensures that
 dnl the generated config file defines NEED_REENTRANT
 dnl and that in turn setup.h will define _REENTRANT.
 dnl Internal macro for CURL_CONFIGURE_REENTRANT.

 AC_DEFUN([CURL_CONFIGURE_FROM_NOW_ON_WITH_REENTRANT], [
 AC_DEFINE(NEED_REENTRANT, 1,
  [Define to 1 if _REENTRANT preprocessor symbol must be defined.])
 cat >>confdefs.h <<_EOF
 #ifndef _REENTRANT
 #  define _REENTRANT
 #endif
 _EOF
 ])


 dnl CURL_CONFIGURE_REENTRANT
 dnl -------------------------------------------------
 dnl This first checks if the preprocessor _REENTRANT
 dnl symbol is already defined. If it isn't currently
 dnl defined a set of checks are performed to verify
 dnl if its definition is required to make visible to
 dnl the compiler a set of *_r functions. Finally, if
 dnl _REENTRANT is already defined or needed it takes
 dnl care of making adjustments necessary to ensure
 dnl that it is defined equally for further configure
 dnl tests and generated config file.

 AC_DEFUN([CURL_CONFIGURE_REENTRANT], [
  AC_PREREQ([2.50])dnl
  #
  AC_MSG_CHECKING([if _REENTRANT is already defined])
  AC_COMPILE_IFELSE([
    AC_LANG_PROGRAM([[
    ]],[[
 #ifdef _REENTRANT
      int dummy=1;
 #else
      force compilation error
 #endif
    ]])
  ],[
    AC_MSG_RESULT([yes])
    tmp_reentrant_initially_defined="yes"
  ],[
    AC_MSG_RESULT([no])
    tmp_reentrant_initially_defined="no"
  ])
  #
  if test "$tmp_reentrant_initially_defined" = "no"; then
    AC_MSG_CHECKING([if _REENTRANT is actually needed])
    CURL_CHECK_NEED_REENTRANT_SYSTEM

    if test "$tmp_need_reentrant" = "yes"; then
      AC_MSG_RESULT([yes])
    else
      AC_MSG_RESULT([no])
    fi
  fi
  #
  AC_MSG_CHECKING([if _REENTRANT is onwards defined])
  if test "$tmp_reentrant_initially_defined" = "yes" ||
    test "$tmp_need_reentrant" = "yes"; then
    CURL_CONFIGURE_FROM_NOW_ON_WITH_REENTRANT
    AC_MSG_RESULT([yes])
  else
    AC_MSG_RESULT([no])
  fi
  #
 ])

 dnl LIBSSH2_LIB_HAVE_LINKFLAGS
 dnl --------------------------
 dnl Wrapper around AC_LIB_HAVE_LINKFLAGS to also check $prefix/lib, if set.
 dnl
 dnl autoconf only checks $prefix/lib64 if gcc -print-search-dirs output
 dnl includes a directory named lib64. So, to find libraries in $prefix/lib
 dnl we append -L$prefix/lib to LDFLAGS before checking.
 dnl
 dnl For conveniece, $4 is expanded if [lib]$1 is found.

 AC_DEFUN([LIBSSH2_LIB_HAVE_LINKFLAGS], [
  libssh2_save_CPPFLAGS="$CPPFLAGS"
  libssh2_save_LDFLAGS="$LDFLAGS"

  if test "${with_lib$1_prefix+set}" = set; then
    CPPFLAGS="$CPPFLAGS${CPPFLAGS:+ }-I${with_lib$1_prefix}/include"
    LDFLAGS="$LDFLAGS${LDFLAGS:+ }-L${with_lib$1_prefix}/lib"
  fi

  AC_LIB_HAVE_LINKFLAGS([$1], [$2], [$3])

  LDFLAGS="$libssh2_save_LDFLAGS"

  if test "$ac_cv_lib$1" = "yes"; then :
    $4
  else
    CPPFLAGS="$libssh2_save_CPPFLAGS"
  fi
 ])

 AC_DEFUN([LIBSSH2_CHECK_CRYPTO], [
 if test "$use_crypto" = "auto" && test "$found_crypto" = "none" || test "$use_crypto" = "$1"; then
 m4_case([$1],
 [openssl], [
  LIBSSH2_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include <openssl/ssl.h>], [
    AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use $1])
    LIBSREQUIRED="$LIBSREQUIRED${LIBSREQUIRED:+ }libssl libcrypto"

    # Not all OpenSSL have AES-CTR functions.
    libssh2_save_LIBS="$LIBS"
    LIBS="$LIBS $LIBSSL"
    AC_CHECK_FUNCS(EVP_aes_128_ctr)
    LIBS="$libssh2_save_LIBS"

    found_crypto="$1"
    found_crypto_str="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})"
  ])
 ],

 [libgcrypt], [
  LIBSSH2_LIB_HAVE_LINKFLAGS([gcrypt], [], [#include <gcrypt.h>], [
    AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use $1])
    found_crypto="$1"
  ])
 ],

 [mbedtls], [
  LIBSSH2_LIB_HAVE_LINKFLAGS([mbedcrypto], [], [#include <mbedtls/version.h>], [
    AC_DEFINE(LIBSSH2_MBEDTLS, 1, [Use $1])
    LIBS="$LIBS -lmbedcrypto"
    found_crypto="$1"
    support_clear_memory=yes
  ])
 ],

 [wincng], [
  # Look for Windows Cryptography API: Next Generation

  AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [#include <windows.h>])
  AC_CHECK_DECLS([SecureZeroMemory], [], [], [#include <windows.h>])

  LIBSSH2_LIB_HAVE_LINKFLAGS([crypt32], [], [
    #include <windows.h>
    #include <wincrypt.h>
  ])
  LIBSSH2_LIB_HAVE_LINKFLAGS([bcrypt], [], [
    #include <windows.h>
    #include <bcrypt.h>
  ], [
    AC_DEFINE(LIBSSH2_WINCNG, 1, [Use $1])
    found_crypto="$1"
    found_crypto_str="Windows Cryptography API: Next Generation"
    support_clear_memory="$ac_cv_have_decl_SecureZeroMemory"
  ])
 ],
 )
  test "$found_crypto" = "none" &&
    crypto_errors="${crypto_errors}No $1 crypto library found!
 "
 fi
 ])


 dnl LIBSSH2_CHECK_OPTION_WERROR
 dnl -------------------------------------------------
 dnl Verify if configure has been invoked with option
 dnl --enable-werror or --disable-werror, and set
 dnl shell variable want_werror as appropriate.

 AC_DEFUN([LIBSSH2_CHECK_OPTION_WERROR], [
  AC_BEFORE([$0],[LIBSSH2_CHECK_COMPILER])dnl
  AC_MSG_CHECKING([whether to enable compiler warnings as errors])
  OPT_COMPILER_WERROR="default"
  AC_ARG_ENABLE(werror,
 AC_HELP_STRING([--enable-werror],[Enable compiler warnings as errors])
 AC_HELP_STRING([--disable-werror],[Disable compiler warnings as errors]),
  OPT_COMPILER_WERROR=$enableval)
  case "$OPT_COMPILER_WERROR" in
    no)
      dnl --disable-werror option used
      want_werror="no"
      ;;
    default)
      dnl configure option not specified
      want_werror="no"
      ;;
    *)
      dnl --enable-werror option used
      want_werror="yes"
      ;;
  esac
  AC_MSG_RESULT([$want_werror])

  if test X"$want_werror" = Xyes; then
    CFLAGS="$CFLAGS -Werror"
  fi
 ])

--- a/libssh2/appveyor.yml
+++ b/libssh2/appveyor.yml
@@ -0,0 +1,109 @@
 # Copyright (c) 2014, Ruslan Baratov
 # Copyright (c) 2014, 2016 Alexander Lamaison
 # All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions are met:
 #
 # * Redistributions of source code must retain the above copyright notice, this
 #   list of conditions and the following disclaimer.
 #
 # * Redistributions in binary form must reproduce the above copyright notice,
 #   this list of conditions and the following disclaimer in the documentation
 #   and/or other materials provided with the distribution.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 # DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 os: Visual Studio 2015

 environment:
  matrix:
    - GENERATOR: "Visual Studio 14 2015"
      BUILD_SHARED_LIBS: ON
      CRYPTO_BACKEND: "OpenSSL"

    - GENERATOR: "Visual Studio 14 2015"
      BUILD_SHARED_LIBS: OFF
      CRYPTO_BACKEND: "OpenSSL"

    - GENERATOR: "Visual Studio 12 2013"
      BUILD_SHARED_LIBS: ON
      CRYPTO_BACKEND: "OpenSSL"

    - GENERATOR: "Visual Studio 12 2013"
      BUILD_SHARED_LIBS: OFF
      CRYPTO_BACKEND: "OpenSSL"

    - GENERATOR: "Visual Studio 14 2015"
      BUILD_SHARED_LIBS: ON
      CRYPTO_BACKEND: "WinCNG"

    - GENERATOR: "Visual Studio 14 2015"
      BUILD_SHARED_LIBS: OFF
      CRYPTO_BACKEND: "WinCNG"

    - GENERATOR: "Visual Studio 12 2013"
      BUILD_SHARED_LIBS: ON
      CRYPTO_BACKEND: "WinCNG"

    - GENERATOR: "Visual Studio 12 2013"
      BUILD_SHARED_LIBS: OFF
      CRYPTO_BACKEND: "WinCNG"

  digitalocean_access_token:
    secure: 8qRitvrj69Xhf0Tmu27xnz5drmL2YhmOJLGpXIkYyTCC0JNtBoXW6fMcF3u4Uj1+pIQ+TjegQOwYimlz0oivKTro3v3EXro+osAMNJG6NKc=

 platform:
  - x86
  - x64

 configuration:
 # - Debug
  - Release

 matrix:
  fast_finish: true
  allow_failures:
    - GENERATOR: "Visual Studio 9 2008"
      platform: x64

 install:
  - choco install -y docker
  - choco install -y docker-machine

 build_script:
  - ps: if($env:PLATFORM -eq "x64") { $env:CMAKE_GEN_SUFFIX=" Win64" }
  - cmake "-G%GENERATOR%%CMAKE_GEN_SUFFIX%" -DBUILD_SHARED_LIBS=%BUILD_SHARED_LIBS% -DCRYPTO_BACKEND=%CRYPTO_BACKEND% -H. -B_builds
  - cmake --build _builds --config "%CONFIGURATION%"

 before_test:
  - set DOCKER_MACHINE_NAME=appveyor-%APPVEYOR_PROJECT_SLUG%-%APPVEYOR_JOB_ID%
  - ps: if($env:digitalocean_access_token) { echo "Using DigitalOcean for testing." } else { echo "DigitalOcean not available. Skipping testing." }
  - ps: if($env:digitalocean_access_token) { docker-machine create --driver digitalocean --digitalocean-access-token $($env:digitalocean_access_token) $($env:DOCKER_MACHINE_NAME) }
  - ps: if($env:digitalocean_access_token) { docker-machine env $($env:DOCKER_MACHINE_NAME) --shell powershell | Invoke-Expression }

 test_script:
  - ps: cd _builds
  - ps: if($env:digitalocean_access_token) { ctest -VV -C $($env:CONFIGURATION) --output-on-failure }

 after_test:
  - ps: if($env:digitalocean_access_token) { docker-machine rm -y $($env:DOCKER_MACHINE_NAME) }

 on_failure:
  - ps: if($env:digitalocean_access_token) { docker-machine rm -y $($env:DOCKER_MACHINE_NAME) }
  - ps: if(Test-Path _builds/CMakeFiles/CMakeOutput.log) { cat _builds/CMakeFiles/CMakeOutput.log }
  - ps: if(Test-Path _builds/CMakeFiles/CMakeError.log) { cat _builds/CMakeFiles/CMakeError.log }

 # whitelist branches to avoid testing feature branches twice (as branch and as pull request)
 branches:
    only:
        - master
--- a/libssh2/buildconf
+++ b/libssh2/buildconf
@@ -0,0 +1,8 @@
 #!/bin/sh

 echo "***" >&2
 echo "*** Do not use buildconf. Instead, just use: autoreconf -fi" >&2
 echo "*** Doing it for you now, but buildconf may disapear in the future." >&2
 echo "***" >&2

 exec ${AUTORECONF:-autoreconf} -fi "${@}"
--- a/libssh2/cmake/CheckFunctionExistsMayNeedLibrary.cmake
+++ b/libssh2/cmake/CheckFunctionExistsMayNeedLibrary.cmake
@@ -0,0 +1,81 @@
 # Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.


 # - check_function_exists_maybe_need_library(<function> <var> [lib1 ... libn])
 #
 # Check if function is available for linking, first without extra libraries, and
 # then, if not found that way, linking in each optional library as well.  This
 # function is similar to autotools AC_SEARCH_LIBS.
 #
 # If the function if found, this will define <var>.
 #
 # If the function was only found by linking in an additional library, this
 # will define NEED_LIB_LIBX, where LIBX is the one of lib1 to libn that
 # makes the function available, in uppercase.
 #
 # The following variables may be set before calling this macro to
 # modify the way the check is run:
 #
 #  CMAKE_REQUIRED_FLAGS = string of compile command line flags
 #  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
 #  CMAKE_REQUIRED_INCLUDES = list of include directories
 #  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
 #

 include(CheckFunctionExists)
 include(CheckLibraryExists)

 function(check_function_exists_may_need_library function variable)

  check_function_exists(${function} ${variable})

  if(NOT ${variable})
    foreach(lib ${ARGN})
      string(TOUPPER ${lib} UP_LIB)
      # Use new variable to prevent cache from previous step shortcircuiting
      # new test
      check_library_exists(${lib} ${function} "" HAVE_${function}_IN_${lib})
      if(HAVE_${function}_IN_${lib})
 	set(${variable} 1 CACHE INTERNAL
 	  "Function ${function} found in library ${lib}")
 	set(NEED_LIB_${UP_LIB} 1 CACHE INTERNAL
 	  "Need to link ${lib}")
 	break()
      endif()
    endforeach()
  endif()

 endfunction()
--- a/libssh2/cmake/CheckNonblockingSocketSupport.cmake
+++ b/libssh2/cmake/CheckNonblockingSocketSupport.cmake
@@ -0,0 +1,119 @@
 include(CheckCSourceCompiles)

 # - check_nonblocking_socket_support()
 #
 # Check for how to set a socket to non-blocking state. There seems to exist
 # four known different ways, with the one used almost everywhere being POSIX
 # and XPG3, while the other different ways for different systems (old BSD,
 # Windows and Amiga).
 #
 # One of the following variables will be set indicating the supported
 # method (if any):
 #   HAVE_O_NONBLOCK
 #   HAVE_FIONBIO
 #   HAVE_IOCTLSOCKET
 #   HAVE_IOCTLSOCKET_CASE
 #   HAVE_SO_NONBLOCK
 #   HAVE_DISABLED_NONBLOCKING
 #
 # The following variables may be set before calling this macro to
 # modify the way the check is run:
 #
 #  CMAKE_REQUIRED_FLAGS = string of compile command line flags
 #  CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar)
 #  CMAKE_REQUIRED_INCLUDES = list of include directories
 #  CMAKE_REQUIRED_LIBRARIES = list of libraries to link
 #
 macro(check_nonblocking_socket_support)
  # There are two known platforms (AIX 3.x and SunOS 4.1.x) where the
  # O_NONBLOCK define is found but does not work.
  check_c_source_compiles("
 #include <sys/types.h>
 #include <unistd.h>
 #include <fcntl.h>

 #if defined(sun) || defined(__sun__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
 # if defined(__SVR4) || defined(__srv4__)
 #  define PLATFORM_SOLARIS
 # else
 #  define PLATFORM_SUNOS4
 # endif
 #endif
 #if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41)
 # define PLATFORM_AIX_V3
 #endif

 #if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__)
 #error \"O_NONBLOCK does not work on this platform\"
 #endif

 int main()
 {
    int socket;
    int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK);
 }"
  HAVE_O_NONBLOCK)

  if(NOT HAVE_O_NONBLOCK)
    check_c_source_compiles("/* FIONBIO test (old-style unix) */
 #include <unistd.h>
 #include <stropts.h>

 int main()
 {
    int socket;
    int flags = ioctl(socket, FIONBIO, &flags);
 }"
    HAVE_FIONBIO)

    if(NOT HAVE_FIONBIO)
      check_c_source_compiles("/* ioctlsocket test (Windows) */
 #undef inline
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif

 #include <windows.h>
 #include <winsock2.h>

 int main()
 {
    SOCKET sd;
    unsigned long flags = 0;
    sd = socket(0, 0, 0);
    ioctlsocket(sd, FIONBIO, &flags);
 }"
      HAVE_IOCTLSOCKET)

      if(NOT HAVE_IOCTLSOCKET)
 	check_c_source_compiles("/* IoctlSocket test (Amiga?) */
 #include <sys/ioctl.h>

 int main()
 {
    int socket;
    int flags = IoctlSocket(socket, FIONBIO, (long)1);
 }"
        HAVE_IOCTLSOCKET_CASE)

        if(NOT HAVE_IOCTLSOCKET_CASE)
 	  check_c_source_compiles("/* SO_NONBLOCK test (BeOS) */
 #include <socket.h>

 int main()
 {
    long b = 1;
    int socket;
    int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
 }"
          HAVE_SO_NONBLOCK)

 	  if(NOT HAVE_SO_NONBLOCK)
 	    # No non-blocking socket method found
 	    set(HAVE_DISABLED_NONBLOCKING 1)
 	  endif()
 	endif()
      endif()
    endif()
  endif()
 endmacro()
--- a/libssh2/cmake/CopyRuntimeDependencies.cmake
+++ b/libssh2/cmake/CopyRuntimeDependencies.cmake
@@ -0,0 +1,72 @@
 # Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

 include(CMakeParseArguments)

 function(ADD_TARGET_TO_COPY_DEPENDENCIES)
  set(options)
  set(oneValueArgs TARGET)
  set(multiValueArgs DEPENDENCIES BEFORE_TARGETS)
  cmake_parse_arguments(COPY
    "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})

  if(NOT COPY_DEPENDENCIES)
    return()
  endif()

  # Using a custom target to drive custom commands stops multiple
  # parallel builds trying to kick off the commands at the same time
  add_custom_target(${COPY_TARGET})

  foreach(target ${COPY_BEFORE_TARGETS})
    add_dependencies(${target} ${COPY_TARGET})
  endforeach()

  foreach(dependency ${COPY_DEPENDENCIES})

    add_custom_command(
      TARGET ${COPY_TARGET}
      DEPENDS ${dependency}
      # Make directory first otherwise file is copied in place of
      # directory instead of into it
      COMMAND ${CMAKE_COMMAND}
      ARGS -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}
      COMMAND ${CMAKE_COMMAND}
      ARGS -E copy ${dependency} ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}
      VERBATIM)

  endforeach()

 endfunction()
--- a/libssh2/cmake/FindLibgcrypt.cmake
+++ b/libssh2/cmake/FindLibgcrypt.cmake
@@ -0,0 +1,53 @@
 # Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

 # - Try to find Libgcrypt
 # This will define all or none of:
 #  LIBGCRYPT_FOUND - if Libgcrypt headers and library was found
 #  LIBGCRYPT_INCLUDE_DIRS - The Libgcrypt include directories
 #  LIBGCRYPT_LIBRARIES - The libraries needed to use Libgcrypt

 find_path(LIBGCRYPT_INCLUDE_DIR gcrypt.h)

 find_library(LIBGCRYPT_LIBRARY NAMES gcrypt libgcrypt)

 set(LIBGCRYPT_LIBRARIES ${LIBGCRYPT_LIBRARY})
 set(LIBGCRYPT_INCLUDE_DIRS ${LIBGCRYPT_INCLUDE_DIR})

 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(Libgcrypt DEFAULT_MSG
                                  LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR)

 mark_as_advanced(LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY)
--- a/libssh2/cmake/FindmbedTLS.cmake
+++ b/libssh2/cmake/FindmbedTLS.cmake
@@ -0,0 +1,64 @@
 # - Try to find mbedTLS
 # Once done this will define
 #
 # Read-Only variables
 #  MBEDTLS_FOUND - system has mbedTLS
 #  MBEDTLS_INCLUDE_DIR - the mbedTLS include directory
 #  MBEDTLS_LIBRARY_DIR - the mbedTLS library directory
 #  MBEDTLS_LIBRARIES - Link these to use mbedTLS
 #  MBEDTLS_LIBRARY - path to mbedTLS library
 #  MBEDX509_LIBRARY - path to mbedTLS X.509 library
 #  MBEDCRYPTO_LIBRARY - path to mbedTLS Crypto library

 FIND_PATH(MBEDTLS_INCLUDE_DIR mbedtls/version.h)

 IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES)
    # Already in cache, be silent
    SET(MBEDTLS_FIND_QUIETLY TRUE)
 ENDIF()

 FIND_LIBRARY(MBEDTLS_LIBRARY NAMES mbedtls libmbedtls libmbedx509)
 FIND_LIBRARY(MBEDX509_LIBRARY NAMES mbedx509 libmbedx509)
 FIND_LIBRARY(MBEDCRYPTO_LIBRARY NAMES mbedcrypto libmbedcrypto)

 IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND MBEDCRYPTO_LIBRARY)
     SET(MBEDTLS_FOUND TRUE)
 ENDIF()

 IF(MBEDTLS_FOUND)
    # split mbedTLS into -L and -l linker options, so we can set them for pkg-config
    GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_DIR ${MBEDTLS_LIBRARY} PATH)
    GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY} NAME_WE)
    GET_FILENAME_COMPONENT(MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY} NAME_WE)
    GET_FILENAME_COMPONENT(MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY} NAME_WE)
    STRING(REGEX REPLACE "^lib" "" MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY_FILE})
    STRING(REGEX REPLACE "^lib" "" MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY_FILE})
    STRING(REGEX REPLACE "^lib" "" MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE})
    SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDCRYPTO_LIBRARY_FILE}")

    IF(NOT MBEDTLS_FIND_QUIETLY)
        MESSAGE(STATUS "Found mbedTLS:")
        FILE(READ ${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h MBEDTLSCONTENT)
        STRING(REGEX MATCH "MBEDTLS_VERSION_STRING +\"[0-9|.]+\"" MBEDTLSMATCH ${MBEDTLSCONTENT})
        IF (MBEDTLSMATCH)
            STRING(REGEX REPLACE "MBEDTLS_VERSION_STRING +\"([0-9|.]+)\"" "\\1" MBEDTLS_VERSION ${MBEDTLSMATCH})
            MESSAGE(STATUS "  version ${MBEDTLS_VERSION}")
        ENDIF(MBEDTLSMATCH)
        MESSAGE(STATUS "  TLS: ${MBEDTLS_LIBRARY}")
        MESSAGE(STATUS "  X509: ${MBEDX509_LIBRARY}")
        MESSAGE(STATUS "  Crypto: ${MBEDCRYPTO_LIBRARY}")
    ENDIF(NOT MBEDTLS_FIND_QUIETLY)
 ELSE(MBEDTLS_FOUND)
    IF(MBEDTLS_FIND_REQUIRED)
        MESSAGE(FATAL_ERROR "Could not find mbedTLS")
    ENDIF(MBEDTLS_FIND_REQUIRED)
 ENDIF(MBEDTLS_FOUND)

 MARK_AS_ADVANCED(
    MBEDTLS_INCLUDE_DIR
    MBEDTLS_LIBRARY_DIR
    MBEDTLS_LIBRARIES
    MBEDTLS_LIBRARY
    MBEDX509_LIBRARY
    MBEDCRYPTO_LIBRARY
 )
--- a/libssh2/cmake/SocketLibraries.cmake
+++ b/libssh2/cmake/SocketLibraries.cmake
@@ -0,0 +1,64 @@
 # Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

 # Some systems have their socket functions in a library.
 # (Solaris -lsocket/-lnsl, Windows -lws2_32).  This macro appends those
 # libraries to the given list
 macro(append_needed_socket_libraries LIBRARIES_LIST)
  if(CMAKE_SYSTEM_NAME STREQUAL "Windows" AND CMAKE_SIZEOF_VOID_P EQUAL 4)
    # x86 Windows uses STDCALL for these functions, so their names are mangled,
    # meaning the platform checks don't work. Hardcoding these until we get
    # a better solution.
    set(HAVE_SOCKET 1)
    set(HAVE_SELECT 1)
    set(HAVE_INET_ADDR 1)
    set(NEED_LIB_WS2_32 1)
  else()
    check_function_exists_may_need_library(socket HAVE_SOCKET socket ws2_32)
    check_function_exists_may_need_library(select HAVE_SELECT ws2_32)
    check_function_exists_may_need_library(inet_addr HAVE_INET_ADDR nsl ws2_32)
  endif()

  if(NEED_LIB_SOCKET)
    list(APPEND ${LIBRARIES_LIST} socket)
  endif()
  if(NEED_LIB_NSL)
    list(APPEND ${LIBRARIES_LIST} nsl)
  endif()
  if(NEED_LIB_WS2_32)
    list(APPEND ${LIBRARIES_LIST} ws2_32)
  endif()

 endmacro()
--- a/libssh2/cmake/Toolchain-Linux-32.cmake
+++ b/libssh2/cmake/Toolchain-Linux-32.cmake
@@ -0,0 +1,42 @@
 # Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

 # Cross-compile 32-bit binary on 64-bit linux host
 set(CMAKE_SYSTEM_NAME Linux)
 set(CMAKE_SYSTEM_VERSION 1)
 set(CMAKE_SYSTEM_PROCESSOR "i386")

 set(CMAKE_CXX_COMPILER_ARG1 "-m32")
 set(CMAKE_C_COMPILER_ARG1 "-m32")
--- a/libssh2/cmake/max_warnings.cmake
+++ b/libssh2/cmake/max_warnings.cmake
@@ -0,0 +1,23 @@
 if(MSVC)
  # Use the highest warning level for visual studio.
  if(CMAKE_CXX_FLAGS MATCHES "/W[0-4]")
    string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
  else()
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /W4")
  endif()
  if(CMAKE_C_FLAGS MATCHES "/W[0-4]")
    string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
  else()
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4")
  endif()

  # Disable broken warnings
  add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE)
 elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX)
  if(NOT CMAKE_CXX_FLAGS MATCHES "-Wall")
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall")
  endif()
  if(NOT CMAKE_C_FLAGS MATCHES "-Wall")
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
  endif()
 endif()
--- a/libssh2/config.rpath
+++ b/libssh2/config.rpath
@@ -0,0 +1,660 @@
 #! /bin/sh
 # Output a system dependent set of variables, describing how to set the
 # run time search path of shared libraries in an executable.
 #
 #   Copyright 1996-2006 Free Software Foundation, Inc.
 #   Taken from GNU libtool, 2001
 #   Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
 #
 #   This file is free software; the Free Software Foundation gives
 #   unlimited permission to copy and/or distribute it, with or without
 #   modifications, as long as this notice is preserved.
 #
 # The first argument passed to this file is the canonical host specification,
 #    CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
 # or
 #    CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
 # The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
 # should be set by the caller.
 #
 # The set of defined variables is at the end of this script.

 # Known limitations:
 # - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
 #   than 256 bytes, otherwise the compiler driver will dump core. The only
 #   known workaround is to choose shorter directory names for the build
 #   directory and/or the installation directory.

 # All known linkers require a `.a' archive for static linking (except MSVC,
 # which needs '.lib').
 libext=a
 shrext=.so

 host="$1"
 host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
 host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
 host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`

 # Code taken from libtool.m4's _LT_CC_BASENAME.

 for cc_temp in $CC""; do
  case $cc_temp in
    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
    \-*) ;;
    *) break;;
  esac
 done
 cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`

 # Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC.

 wl=
 if test "$GCC" = yes; then
  wl='-Wl,'
 else
  case "$host_os" in
    aix*)
      wl='-Wl,'
      ;;
    darwin*)
      case $cc_basename in
        xlc*)
          wl='-Wl,'
          ;;
      esac
      ;;
    mingw* | pw32* | os2*)
      ;;
    hpux9* | hpux10* | hpux11*)
      wl='-Wl,'
      ;;
    irix5* | irix6* | nonstopux*)
      wl='-Wl,'
      ;;
    newsos6)
      ;;
    linux*)
      case $cc_basename in
        icc* | ecc*)
          wl='-Wl,'
          ;;
        pgcc | pgf77 | pgf90)
          wl='-Wl,'
          ;;
        ccc*)
          wl='-Wl,'
          ;;
        como)
          wl='-lopt='
          ;;
        *)
          case `$CC -V 2>&1 | sed 5q` in
            *Sun\ C*)
              wl='-Wl,'
              ;;
          esac
          ;;
      esac
      ;;
    osf3* | osf4* | osf5*)
      wl='-Wl,'
      ;;
    sco3.2v5*)
      ;;
    solaris*)
      wl='-Wl,'
      ;;
    sunos4*)
      wl='-Qoption ld '
      ;;
    sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
      wl='-Wl,'
      ;;
    sysv4*MP*)
      ;;
    unicos*)
      wl='-Wl,'
      ;;
    uts4*)
      ;;
  esac
 fi

 # Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS.

 hardcode_libdir_flag_spec=
 hardcode_libdir_separator=
 hardcode_direct=no
 hardcode_minus_L=no

 case "$host_os" in
  cygwin* | mingw* | pw32*)
    # FIXME: the MSVC++ port hasn't been tested in a loooong time
    # When not using gcc, we currently assume that we are using
    # Microsoft Visual C++.
    if test "$GCC" != yes; then
      with_gnu_ld=no
    fi
    ;;
  interix*)
    # we just hope/assume this is gcc and not c89 (= MSVC++)
    with_gnu_ld=yes
    ;;
  openbsd*)
    with_gnu_ld=no
    ;;
 esac

 ld_shlibs=yes
 if test "$with_gnu_ld" = yes; then
  # Set some defaults for GNU ld with shared library support. These
  # are reset later if shared libraries are not supported. Putting them
  # here allows them to be overridden if necessary.
  # Unlike libtool, we use -rpath here, not --rpath, since the documented
  # option of GNU ld is called -rpath, not --rpath.
  hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
  case "$host_os" in
    aix3* | aix4* | aix5*)
      # On AIX/PPC, the GNU linker is very broken
      if test "$host_cpu" != ia64; then
        ld_shlibs=no
      fi
      ;;
    amigaos*)
      hardcode_libdir_flag_spec='-L$libdir'
      hardcode_minus_L=yes
      # Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
      # that the semantics of dynamic libraries on AmigaOS, at least up
      # to version 4, is to share data among multiple programs linked
      # with the same dynamic library.  Since this doesn't match the
      # behavior of shared libraries on other platforms, we cannot use
      # them.
      ld_shlibs=no
      ;;
    beos*)
      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
        :
      else
        ld_shlibs=no
      fi
      ;;
    cygwin* | mingw* | pw32*)
      # hardcode_libdir_flag_spec is actually meaningless, as there is
      # no search path for DLLs.
      hardcode_libdir_flag_spec='-L$libdir'
      if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
        :
      else
        ld_shlibs=no
      fi
      ;;
    interix3*)
      hardcode_direct=no
      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
      ;;
    linux*)
      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
        :
      else
        ld_shlibs=no
      fi
      ;;
    netbsd*)
      ;;
    solaris*)
      if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
        ld_shlibs=no
      elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
        :
      else
        ld_shlibs=no
      fi
      ;;
    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
      case `$LD -v 2>&1` in
        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
          ld_shlibs=no
          ;;
        *)
          if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
            hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
          else
            ld_shlibs=no
          fi
          ;;
      esac
      ;;
    sunos4*)
      hardcode_direct=yes
      ;;
    *)
      if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
        :
      else
        ld_shlibs=no
      fi
      ;;
  esac
  if test "$ld_shlibs" = no; then
    hardcode_libdir_flag_spec=
  fi
 else
  case "$host_os" in
    aix3*)
      # Note: this linker hardcodes the directories in LIBPATH if there
      # are no directories specified by -L.
      hardcode_minus_L=yes
      if test "$GCC" = yes; then
        # Neither direct hardcoding nor static linking is supported with a
        # broken collect2.
        hardcode_direct=unsupported
      fi
      ;;
    aix4* | aix5*)
      if test "$host_cpu" = ia64; then
        # On IA64, the linker does run time linking by default, so we don't
        # have to do anything special.
        aix_use_runtimelinking=no
      else
        aix_use_runtimelinking=no
        # Test if we are trying to use run time linking or normal
        # AIX style linking. If -brtl is somewhere in LDFLAGS, we
        # need to do runtime linking.
        case $host_os in aix4.[23]|aix4.[23].*|aix5*)
          for ld_flag in $LDFLAGS; do
            if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
              aix_use_runtimelinking=yes
              break
            fi
          done
          ;;
        esac
      fi
      hardcode_direct=yes
      hardcode_libdir_separator=':'
      if test "$GCC" = yes; then
        case $host_os in aix4.[012]|aix4.[012].*)
          collect2name=`${CC} -print-prog-name=collect2`
          if test -f "$collect2name" && \
            strings "$collect2name" | grep resolve_lib_name >/dev/null
          then
            # We have reworked collect2
            hardcode_direct=yes
          else
            # We have old collect2
            hardcode_direct=unsupported
            hardcode_minus_L=yes
            hardcode_libdir_flag_spec='-L$libdir'
            hardcode_libdir_separator=
          fi
          ;;
        esac
      fi
      # Begin _LT_AC_SYS_LIBPATH_AIX.
      echo 'int main () { return 0; }' > conftest.c
      ${CC} ${LDFLAGS} conftest.c -o conftest
      aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
 }'`
      if test -z "$aix_libpath"; then
        aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0  *\(.*\)$/\1/; p; }
 }'`
      fi
      if test -z "$aix_libpath"; then
        aix_libpath="/usr/lib:/lib"
      fi
      rm -f conftest.c conftest
      # End _LT_AC_SYS_LIBPATH_AIX.
      if test "$aix_use_runtimelinking" = yes; then
        hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
      else
        if test "$host_cpu" = ia64; then
          hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
        else
          hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
        fi
      fi
      ;;
    amigaos*)
      hardcode_libdir_flag_spec='-L$libdir'
      hardcode_minus_L=yes
      # see comment about different semantics on the GNU ld section
      ld_shlibs=no
      ;;
    bsdi[45]*)
      ;;
    cygwin* | mingw* | pw32*)
      # When not using gcc, we currently assume that we are using
      # Microsoft Visual C++.
      # hardcode_libdir_flag_spec is actually meaningless, as there is
      # no search path for DLLs.
      hardcode_libdir_flag_spec=' '
      libext=lib
      ;;
    darwin* | rhapsody*)
      hardcode_direct=no
      if test "$GCC" = yes ; then
        :
      else
        case $cc_basename in
          xlc*)
            ;;
          *)
            ld_shlibs=no
            ;;
        esac
      fi
      ;;
    dgux*)
      hardcode_libdir_flag_spec='-L$libdir'
      ;;
    freebsd1*)
      ld_shlibs=no
      ;;
    freebsd2.2*)
      hardcode_libdir_flag_spec='-R$libdir'
      hardcode_direct=yes
      ;;
    freebsd2*)
      hardcode_direct=yes
      hardcode_minus_L=yes
      ;;
    freebsd* | kfreebsd*-gnu | dragonfly*)
      hardcode_libdir_flag_spec='-R$libdir'
      hardcode_direct=yes
      ;;
    hpux9*)
      hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
      hardcode_libdir_separator=:
      hardcode_direct=yes
      # hardcode_minus_L: Not really in the search PATH,
      # but as the default location of the library.
      hardcode_minus_L=yes
      ;;
    hpux10*)
      if test "$with_gnu_ld" = no; then
        hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
        hardcode_libdir_separator=:
        hardcode_direct=yes
        # hardcode_minus_L: Not really in the search PATH,
        # but as the default location of the library.
        hardcode_minus_L=yes
      fi
      ;;
    hpux11*)
      if test "$with_gnu_ld" = no; then
        hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
        hardcode_libdir_separator=:
        case $host_cpu in
          hppa*64*|ia64*)
            hardcode_direct=no
            ;;
          *)
            hardcode_direct=yes
            # hardcode_minus_L: Not really in the search PATH,
            # but as the default location of the library.
            hardcode_minus_L=yes
            ;;
        esac
      fi
      ;;
    irix5* | irix6* | nonstopux*)
      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
      hardcode_libdir_separator=:
      ;;
    netbsd*)
      hardcode_libdir_flag_spec='-R$libdir'
      hardcode_direct=yes
      ;;
    newsos6)
      hardcode_direct=yes
      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
      hardcode_libdir_separator=:
      ;;
    openbsd*)
      hardcode_direct=yes
      if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
        hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
      else
        case "$host_os" in
          openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
            hardcode_libdir_flag_spec='-R$libdir'
            ;;
          *)
            hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
            ;;
        esac
      fi
      ;;
    os2*)
      hardcode_libdir_flag_spec='-L$libdir'
      hardcode_minus_L=yes
      ;;
    osf3*)
      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
      hardcode_libdir_separator=:
      ;;
    osf4* | osf5*)
      if test "$GCC" = yes; then
        hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
      else
        # Both cc and cxx compiler support -rpath directly
        hardcode_libdir_flag_spec='-rpath $libdir'
      fi
      hardcode_libdir_separator=:
      ;;
    solaris*)
      hardcode_libdir_flag_spec='-R$libdir'
      ;;
    sunos4*)
      hardcode_libdir_flag_spec='-L$libdir'
      hardcode_direct=yes
      hardcode_minus_L=yes
      ;;
    sysv4)
      case $host_vendor in
        sni)
          hardcode_direct=yes # is this really true???
          ;;
        siemens)
          hardcode_direct=no
          ;;
        motorola)
          hardcode_direct=no #Motorola manual says yes, but my tests say they lie
          ;;
      esac
      ;;
    sysv4.3*)
      ;;
    sysv4*MP*)
      if test -d /usr/nec; then
        ld_shlibs=yes
      fi
      ;;
    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
      ;;
    sysv5* | sco3.2v5* | sco5v6*)
      hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
      hardcode_libdir_separator=':'
      ;;
    uts4*)
      hardcode_libdir_flag_spec='-L$libdir'
      ;;
    *)
      ld_shlibs=no
      ;;
  esac
 fi

 # Check dynamic linker characteristics
 # Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER.
 # Unlike libtool.m4, here we don't care about _all_ names of the library, but
 # only about the one the linker finds when passed -lNAME. This is the last
 # element of library_names_spec in libtool.m4, or possibly two of them if the
 # linker has special search rules.
 library_names_spec=      # the last element of library_names_spec in libtool.m4
 libname_spec='lib$name'
 case "$host_os" in
  aix3*)
    library_names_spec='$libname.a'
    ;;
  aix4* | aix5*)
    library_names_spec='$libname$shrext'
    ;;
  amigaos*)
    library_names_spec='$libname.a'
    ;;
  beos*)
    library_names_spec='$libname$shrext'
    ;;
  bsdi[45]*)
    library_names_spec='$libname$shrext'
    ;;
  cygwin* | mingw* | pw32*)
    shrext=.dll
    library_names_spec='$libname.dll.a $libname.lib'
    ;;
  darwin* | rhapsody*)
    shrext=.dylib
    library_names_spec='$libname$shrext'
    ;;
  dgux*)
    library_names_spec='$libname$shrext'
    ;;
  freebsd1*)
    ;;
  kfreebsd*-gnu)
    library_names_spec='$libname$shrext'
    ;;
  freebsd* | dragonfly*)
    case "$host_os" in
      freebsd[123]*)
        library_names_spec='$libname$shrext$versuffix' ;;
      *)
        library_names_spec='$libname$shrext' ;;
    esac
    ;;
  gnu*)
    library_names_spec='$libname$shrext'
    ;;
  hpux9* | hpux10* | hpux11*)
    case $host_cpu in
      ia64*)
        shrext=.so
        ;;
      hppa*64*)
        shrext=.sl
        ;;
      *)
        shrext=.sl
        ;;
    esac
    library_names_spec='$libname$shrext'
    ;;
  interix3*)
    library_names_spec='$libname$shrext'
    ;;
  irix5* | irix6* | nonstopux*)
    library_names_spec='$libname$shrext'
    case "$host_os" in
      irix5* | nonstopux*)
        libsuff= shlibsuff=
        ;;
      *)
        case $LD in
          *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
          *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
          *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
          *) libsuff= shlibsuff= ;;
        esac
        ;;
    esac
    ;;
  linux*oldld* | linux*aout* | linux*coff*)
    ;;
  linux*)
    library_names_spec='$libname$shrext'
    ;;
  knetbsd*-gnu)
    library_names_spec='$libname$shrext'
    ;;
  netbsd*)
    library_names_spec='$libname$shrext'
    ;;
  newsos6)
    library_names_spec='$libname$shrext'
    ;;
  nto-qnx*)
    library_names_spec='$libname$shrext'
    ;;
  openbsd*)
    library_names_spec='$libname$shrext$versuffix'
    ;;
  os2*)
    libname_spec='$name'
    shrext=.dll
    library_names_spec='$libname.a'
    ;;
  osf3* | osf4* | osf5*)
    library_names_spec='$libname$shrext'
    ;;
  solaris*)
    library_names_spec='$libname$shrext'
    ;;
  sunos4*)
    library_names_spec='$libname$shrext$versuffix'
    ;;
  sysv4 | sysv4.3*)
    library_names_spec='$libname$shrext'
    ;;
  sysv4*MP*)
    library_names_spec='$libname$shrext'
    ;;
  sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
    library_names_spec='$libname$shrext'
    ;;
  uts4*)
    library_names_spec='$libname$shrext'
    ;;
 esac

 sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
 escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
 shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
 escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
 escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
 escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`

 LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF

 # How to pass a linker flag through the compiler.
 wl="$escaped_wl"

 # Static library suffix (normally "a").
 libext="$libext"

 # Shared library suffix (normally "so").
 shlibext="$shlibext"

 # Format of library name prefix.
 libname_spec="$escaped_libname_spec"

 # Library names that the linker finds when passed -lNAME.
 library_names_spec="$escaped_library_names_spec"

 # Flag to hardcode \$libdir into a binary during linking.
 # This must work even if \$libdir does not exist.
 hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"

 # Whether we need a single -rpath flag with a separated argument.
 hardcode_libdir_separator="$hardcode_libdir_separator"

 # Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
 # resulting binary.
 hardcode_direct="$hardcode_direct"

 # Set to yes if using the -LDIR flag during linking hardcodes DIR into the
 # resulting binary.
 hardcode_minus_L="$hardcode_minus_L"

 EOF
--- a/libssh2/configure.ac
+++ b/libssh2/configure.ac
@@ -0,0 +1,412 @@
 # AC_PREREQ(2.57)
 AC_INIT(libssh2, [-], libssh2-devel@cool.haxx.se)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_SRCDIR([src])
 AC_CONFIG_HEADERS([src/libssh2_config.h])
 AM_MAINTAINER_MODE
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])

 dnl SED is needed by some of the tools
 AC_PATH_PROG( SED, sed, sed-was-not-found-by-configure,
              $PATH:/usr/bin:/usr/local/bin)
 AC_SUBST(SED)

 if test "x$SED" = "xsed-was-not-found-by-configure"; then
  AC_MSG_WARN([sed was not found, this may ruin your chances to build fine])
 fi

 dnl figure out the libssh2 version
 LIBSSH2VER=`$SED -ne 's/^#define LIBSSH2_VERSION *"\(.*\)"/\1/p' ${srcdir}/include/libssh2.h`
 AM_INIT_AUTOMAKE
 AC_MSG_CHECKING([libssh2 version])
 AC_MSG_RESULT($LIBSSH2VER)

 AC_SUBST(LIBSSH2VER)

 AB_VERSION=$LIBSSH2VER

 AB_INIT

 # Check for the OS.
 # Daniel's note: this should not be necessary and we need to work to
 # get this removed.
 AC_CANONICAL_HOST
 case "$host" in
    *-mingw*)
    CFLAGS="$CFLAGS -DLIBSSH2_WIN32"
    LIBS="$LIBS -lws2_32"
    ;;
 	*-cygwin)
 	CFLAGS="$CFLAGS -DLIBSSH2_WIN32"
    ;;
 	*darwin*)
 	CFLAGS="$CFLAGS -DLIBSSH2_DARWIN"
 	;;
    *hpux*)
    ;;
    *osf*)
    CFLAGS="$CFLAGS -D_POSIX_PII_SOCKET"
    ;;
    *)
    ;;
 esac

 AC_CHECK_TYPE(long long,
   [AC_DEFINE(HAVE_LONGLONG, 1,
      [Define to 1 if the compiler supports the 'long long' data type.])]
   longlong="yes"
 )

 dnl Our configure and build reentrant settings
 CURL_CONFIGURE_REENTRANT

 # Some systems (Solaris?) have socket() in -lsocket.
 AC_SEARCH_LIBS(socket, socket)

 # Solaris has inet_addr() in -lnsl.
 AC_SEARCH_LIBS(inet_addr, nsl)

 AC_SUBST(LIBS)

 AC_PROG_CC
 AC_PROG_CXX
 AC_PROG_INSTALL
 AC_PROG_LN_S
 AC_PROG_MAKE_SET
 AC_PATH_PROGS(SSHD, [sshd], [],
     [$PATH$PATH_SEPARATOR/usr/libexec$PATH_SEPARATOR]dnl
     [/usr/sbin$PATH_SEPARATOR/usr/etc$PATH_SEPARATOR/etc])
 AM_CONDITIONAL(SSHD, test -n "$SSHD")
 AC_LIBTOOL_WIN32_DLL
 AC_PROG_LIBTOOL
 AC_C_BIGENDIAN

 dnl check for how to do large files
 AC_SYS_LARGEFILE

 # Crypto backends

 found_crypto=none
 found_crypto_str=""
 support_clear_memory=no
 crypto_errors=""

 m4_set_add([crypto_backends], [openssl])
 m4_set_add([crypto_backends], [libgcrypt])
 m4_set_add([crypto_backends], [mbedtls])
 m4_set_add([crypto_backends], [wincng])

 AC_ARG_WITH([crypto],
  AC_HELP_STRING([--with-crypto=auto|]m4_set_contents([crypto_backends], [|]),
    [Select crypto backend (default: auto)]),
  use_crypto=$withval,
  use_crypto=auto
 )

 case "${use_crypto}" in
  auto|m4_set_contents([crypto_backends], [|]))
    m4_set_map([crypto_backends], [LIBSSH2_CHECK_CRYPTO])
    ;;
  yes|"")
    crypto_errors="No crypto backend specified!"
    ;;
  *)
    crypto_errors="Unknown crypto backend '${use_crypto}' specified!"
    ;;
 esac

 if test "$found_crypto" = "none"; then
  crypto_errors="${crypto_errors}
 Specify --with-crypto=\$backend and/or the neccessary library search prefix.

 Known crypto backends: auto, m4_set_contents([crypto_backends], [, ])"
  AS_MESSAGE([ERROR: ${crypto_errors}])
 else
  test "$found_crypto_str" = "" && found_crypto_str="$found_crypto"
 fi

 m4_set_foreach([crypto_backends], [backend],
  [AM_CONDITIONAL(m4_toupper(backend), test "$found_crypto" = "backend")]
 )
 m4_undefine([backend])


 # libz

 AC_ARG_WITH([libz],
  AC_HELP_STRING([--with-libz],[Use libz for compression]),
  use_libz=$withval,
  use_libz=auto)

 found_libz=no
 libz_errors=""

 if test "$use_libz" != no; then
  AC_LIB_HAVE_LINKFLAGS([z], [], [#include <zlib.h>])
  if test "$ac_cv_libz" != yes; then
    if test "$use_libz" = auto; then
      AC_MSG_NOTICE([Cannot find libz, disabling compression])
      found_libz="disabled; no libz found"
    else
      libz_errors="No libz found!
 Try --with-libz-prefix=PATH if you know that you have it."
      AS_MESSAGE([ERROR: $libz_errors])
    fi
  else
    AC_DEFINE(LIBSSH2_HAVE_ZLIB, 1, [Compile in zlib support])
    LIBSREQUIRED="$LIBSREQUIRED${LIBSREQUIRED:+ }zlib"
    found_libz="yes"
  fi
 fi

 AC_SUBST(LIBSREQUIRED)

 #
 # Optional Settings
 #
 AC_ARG_ENABLE(crypt-none,
  AC_HELP_STRING([--enable-crypt-none],[Permit "none" cipher -- NOT RECOMMENDED]),
  [AC_DEFINE(LIBSSH2_CRYPT_NONE, 1, [Enable "none" cipher -- NOT RECOMMENDED])])

 AC_ARG_ENABLE(mac-none,
  AC_HELP_STRING([--enable-mac-none],[Permit "none" MAC -- NOT RECOMMENDED]),
  [AC_DEFINE(LIBSSH2_MAC_NONE, 1, [Enable "none" MAC -- NOT RECOMMENDED])])

 AC_ARG_ENABLE(gex-new,
  AC_HELP_STRING([--disable-gex-new],[Disable "new" diffie-hellman-group-exchange-sha1 method]),
  [GEX_NEW=$enableval])
 if test "$GEX_NEW" != "no"; then
  AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax])
 fi

 AC_ARG_ENABLE(clear-memory,
  AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]),
  [CLEAR_MEMORY=$enableval])
 if test "$CLEAR_MEMORY" != "no"; then
  if test "$support_clear_memory" = "yes"; then
    AC_DEFINE(LIBSSH2_CLEAR_MEMORY, 1, [Enable clearing of memory before being freed])
    enable_clear_memory=yes
  else
    if test "$CLEAR_MEMORY" = "yes"; then
      AC_MSG_ERROR([secure clearing/zeroing of memory is not supported by the selected crypto backend])
    else
      AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend])
    fi
    enable_clear_memory=unsupported
  fi
 else
  if test "$support_clear_memory" = "yes"; then
    enable_clear_memory=no
  else
    AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend])
    enable_clear_memory=unsupported
  fi
 fi

 dnl ************************************************************
 dnl option to switch on compiler debug options
 dnl
 AC_MSG_CHECKING([whether to enable pedantic and debug compiler options])
 AC_ARG_ENABLE(debug,
 AC_HELP_STRING([--enable-debug],[Enable pedantic and debug options])
 AC_HELP_STRING([--disable-debug],[Disable debug options]),
 [ case "$enable_debug" in
  no)
       AC_MSG_RESULT(no)
       CPPFLAGS="$CPPFLAGS -DNDEBUG"
       ;;
  *)   AC_MSG_RESULT(yes)
    enable_debug=yes
    CPPFLAGS="$CPPFLAGS -DLIBSSH2DEBUG"
    CFLAGS="$CFLAGS -g"

    dnl set compiler "debug" options to become more picky, and remove
    dnl optimize options from CFLAGS
    CURL_CC_DEBUG_OPTS
       ;;
  esac
 ],
       enable_debug=no
       AC_MSG_RESULT(no)
 )

 dnl ************************************************************
 dnl Enable hiding of internal symbols in library to reduce its size and
 dnl speed dynamic linking of applications.  This currently is only supported
 dnl on gcc >= 4.0 and SunPro C.
 dnl
 AC_MSG_CHECKING([whether to enable hidden symbols in the library])
 AC_ARG_ENABLE(hidden-symbols,
 AC_HELP_STRING([--enable-hidden-symbols],[Hide internal symbols in library])
 AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibility in library]),
 [ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       ;;
  *)
       AC_MSG_CHECKING([whether $CC supports it])
       if test "$GCC" = yes ; then
         if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then
           AC_MSG_RESULT(yes)
           AC_DEFINE(LIBSSH2_API, [__attribute__ ((visibility ("default")))], [to make a symbol visible])
           CFLAGS="$CFLAGS -fvisibility=hidden"
         else
            AC_MSG_RESULT(no)
          fi

       else
         dnl Test for SunPro cc
         if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
           AC_MSG_RESULT(yes)
           AC_DEFINE(LIBSSH2_API, [__global], [to make a symbol visible])
           CFLAGS="$CFLAGS -xldscope=hidden"
         else
           AC_MSG_RESULT(no)
         fi
       fi
       ;;
  esac ],
       AC_MSG_RESULT(no)
 )

 # Build example applications?
 AC_MSG_CHECKING([whether to build example applications])
 AC_ARG_ENABLE([examples-build],
 AC_HELP_STRING([--enable-examples-build], [Build example applications (this is the default)])
 AC_HELP_STRING([--disable-examples-build], [Do not build example applications]),
 [case "$enableval" in
  no | false)
    build_examples='no'
    ;;
  *)
    build_examples='yes'
    ;;
 esac], [build_examples='yes'])
 AC_MSG_RESULT($build_examples)
 AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$build_examples" != "xno"])


 # Build OSS fuzzing targets?
 AC_ARG_ENABLE([ossfuzzers],
  [AS_HELP_STRING([--enable-ossfuzzers],
    [Whether to generate the fuzzers for OSS-Fuzz])],
  [have_ossfuzzers=yes], [have_ossfuzzers=no])
 AM_CONDITIONAL([USE_OSSFUZZERS], [test "x$have_ossfuzzers" = "xyes"])


 # Set the correct flags for the given fuzzing engine.
 AC_SUBST([LIB_FUZZING_ENGINE])
 AM_CONDITIONAL([USE_OSSFUZZ_FLAG], [test "x$LIB_FUZZING_ENGINE" = "x-fsanitize=fuzzer"])
 AM_CONDITIONAL([USE_OSSFUZZ_STATIC], [test -f "$LIB_FUZZING_ENGINE"])


 # Checks for header files.
 # AC_HEADER_STDC
 AC_CHECK_HEADERS([errno.h fcntl.h stdio.h stdlib.h unistd.h sys/uio.h])
 AC_CHECK_HEADERS([sys/select.h sys/socket.h sys/ioctl.h sys/time.h])
 AC_CHECK_HEADERS([arpa/inet.h netinet/in.h])
 AC_CHECK_HEADERS([sys/un.h], [have_sys_un_h=yes], [have_sys_un_h=no])
 AM_CONDITIONAL([HAVE_SYS_UN_H], test "x$have_sys_un_h" = xyes)

 case $host in
  *-*-cygwin* | *-*-cegcc*)
    # These are POSIX-like systems using BSD-like sockets API.
    ;;
  *)
    AC_CHECK_HEADERS([windows.h winsock2.h ws2tcpip.h])
    ;;
 esac

 case $host in
  *darwin*|*interix*)
    dnl poll() does not work on these platforms
    dnl Interix: "does provide poll(), but the implementing developer must
    dnl have been in a bad mood, because poll() only works on the /proc
    dnl filesystem here"
    dnl Mac OS X's poll has funny behaviors, like:
    dnl not being able to do poll on no fildescriptors (10.3?)
    dnl not being able to poll on some files (like anything in /dev)
    dnl not having reliable timeout support
    dnl inconsistent return of POLLHUP where other implementations give POLLIN
    AC_MSG_NOTICE([poll use is disabled on this platform])
    ;;
  *)
    AC_CHECK_FUNCS(poll)
    ;;
 esac

 AC_CHECK_FUNCS(gettimeofday select strtoll memset_s)

 dnl Check for select() into ws2_32 for Msys/Mingw
 if test "$ac_cv_func_select" != "yes"; then
  AC_MSG_CHECKING([for select in ws2_32])
  AC_TRY_LINK([
 #ifdef HAVE_WINSOCK2_H
 #ifndef WIN32_LEAN_AND_MEAN
 #define WIN32_LEAN_AND_MEAN
 #endif
 #include <winsock2.h>
 #endif
    ],[
      select(0,(fd_set *)NULL,(fd_set *)NULL,(fd_set *)NULL,(struct timeval *)NULL);
    ],[
      AC_MSG_RESULT([yes])
      HAVE_SELECT="1"
      AC_DEFINE_UNQUOTED(HAVE_SELECT, 1,
        [Define to 1 if you have the select function.])
    ],[
      AC_MSG_RESULT([no])
  ])
 fi

 AC_FUNC_ALLOCA

 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
 AC_C_INLINE

 CURL_CHECK_NONBLOCKING_SOCKET

 missing_required_deps=0

 if test "${libz_errors}" != ""; then
  AS_MESSAGE([ERROR: ${libz_errors}])
  missing_required_deps=1
 fi

 if test "$found_crypto" = "none"; then
  AS_MESSAGE([ERROR: ${crypto_errors}])
  missing_required_deps=1
 fi

 if test $missing_required_deps = 1; then
  AC_MSG_ERROR([Required dependencies are missing!])
 fi

 # Configure parameters
 LIBSSH2_CHECK_OPTION_WERROR

 AC_CONFIG_FILES([Makefile
                 src/Makefile
                 tests/Makefile
                 tests/ossfuzz/Makefile
                 example/Makefile
                 docs/Makefile
                 libssh2.pc])
 AC_OUTPUT

 AC_MSG_NOTICE([summary of build options:

  version:          ${LIBSSH2VER}
  Host type:        ${host}
  Install prefix:   ${prefix}
  Compiler:         ${CC}
  Compiler flags:   ${CFLAGS}
  Library types:    Shared=${enable_shared}, Static=${enable_static}
  Crypto library:   ${found_crypto_str}
  Clear memory:     $enable_clear_memory
  Debug build:      $enable_debug
  Build examples:   $build_examples
  Path to sshd:     $ac_cv_path_SSHD (only for self-tests)
  zlib compression: ${found_libz}
 ])
--- a/libssh2/docs/.gitignore
+++ b/libssh2/docs/.gitignore
@@ -0,0 +1,3 @@
 Makefile
 Makefile.in
 coverage
--- a/libssh2/docs/AUTHORS
+++ b/libssh2/docs/AUTHORS
@@ -0,0 +1,79 @@
 libssh2 is the result of many friendly people. This list is an attempt to
 mention all contributors. If we've missed anyone, tell us!

 This list of names is a-z sorted.

 Adam Gobiowski
 Alexander Holyapin
 Alexander Lamaison
 Alfred Gebert
 Ben Kibbey
 Bjorn Stenborg
 Carlo Bramini
 Cristian Rodríguez
 Daiki Ueno
 Dan Casey
 Dan Fandrich
 Daniel Stenberg
 Dave Hayden
 Dave McCaldon
 David J Sullivan
 David Robins
 Dmitry Smirnov
 Douglas Masterson
 Edink Kadribasic
 Erik Brossler
 Francois Dupoux
 Gellule Xg
 Grubsky Grigory
 Guenter Knauf
 Heiner Steven
 Henrik Nordstrom
 James Housleys
 Jasmeet Bagga
 Jean-Louis Charton
 Jernej Kovacic
 Joey Degges
 John Little
 Jose Baars
 Jussi Mononen
 Kamil Dudka
 Lars Nordin
 Mark McPherson
 Mark Smith
 Markus Moeller
 Matt Lilley
 Matthew Booth
 Maxime Larocque
 Mike Protts
 Mikhail Gusarov
 Neil Gierman
 Olivier Hervieu
 Paul Howarth
 Paul Querna
 Paul Veldkamp
 Peter Krempa
 Peter O'Gorman
 Peter Stuge
 Pierre Joye
 Rafael Kitover
 Romain Bondue
 Sara Golemon
 Satish Mittal
 Sean Peterson
 Selcuk Gueney
 Simon Hart
 Simon Josefsson
 Sofian Brabez
 Steven Ayre
 Steven Dake
 Steven Van Ingelgem
 TJ Saunders
 Tommy Lindgren
 Tor Arntsen
 Vincent Jaulin
 Vincent Torri
 Vlad Grachov
 Wez Furlong
 Yang Tse
 Zl Liu
--- a/libssh2/docs/BINDINGS
+++ b/libssh2/docs/BINDINGS
@@ -0,0 +1,29 @@

 Creative people have written bindings or interfaces for various environments
 and programming languages. Using one of these bindings allows you to take
 advantage of libssh2 directly from within your favourite language.

 The bindings listed below are not part of the libssh2 distribution archives,
 but must be downloaded and installed separately.

 Cocoa/Objective-C
  https://github.com/karelia/libssh2_sftp-Cocoa-wrapper

 Haskell
  FFI bindings - https://hackage.haskell.org/package/libssh2

 Perl
  Net::SSH2 - https://metacpan.org/pod/Net::SSH2

 PHP
  ssh2 - https://pecl.php.net/package/ssh2

 Python
  pylibssh2 - https://pypi.python.org/pypi/pylibssh2

 Python-ctypes

  PySsh2 - https://github.com/gellule/PySsh2

 Ruby
  libssh2-ruby - https://github.com/mitchellh/libssh2-ruby
--- a/libssh2/docs/CMakeLists.txt
+++ b/libssh2/docs/CMakeLists.txt
@@ -0,0 +1,210 @@
 # Copyright (c) 2014 Alexander Lamaison <alexander.lamaison@gmail.com>
 #
 # Redistribution and use in source and binary forms,
 # with or without modification, are permitted provided
 # that the following conditions are met:
 #
 #   Redistributions of source code must retain the above
 #   copyright notice, this list of conditions and the
 #   following disclaimer.
 #
 #   Redistributions in binary form must reproduce the above
 #   copyright notice, this list of conditions and the following
 #   disclaimer in the documentation and/or other materials
 #   provided with the distribution.
 #
 #   Neither the name of the copyright holder nor the names
 #   of any other contributors may be used to endorse or
 #   promote products derived from this software without
 #   specific prior written permission.
 #
 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
 # OF SUCH DAMAGE.

 set(MAN_PAGES
  libssh2_agent_connect.3
  libssh2_agent_disconnect.3
  libssh2_agent_free.3
  libssh2_agent_get_identity.3
  libssh2_agent_get_identity_path.3
  libssh2_agent_init.3
  libssh2_agent_list_identities.3
  libssh2_agent_set_identity_path.3
  libssh2_agent_userauth.3
  libssh2_banner_set.3
  libssh2_base64_decode.3
  libssh2_channel_close.3
  libssh2_channel_direct_tcpip.3
  libssh2_channel_direct_tcpip_ex.3
  libssh2_channel_eof.3
  libssh2_channel_exec.3
  libssh2_channel_flush.3
  libssh2_channel_flush_ex.3
  libssh2_channel_flush_stderr.3
  libssh2_channel_forward_accept.3
  libssh2_channel_forward_cancel.3
  libssh2_channel_forward_listen.3
  libssh2_channel_forward_listen_ex.3
  libssh2_channel_free.3
  libssh2_channel_get_exit_signal.3
  libssh2_channel_get_exit_status.3
  libssh2_channel_handle_extended_data.3
  libssh2_channel_handle_extended_data2.3
  libssh2_channel_ignore_extended_data.3
  libssh2_channel_open_ex.3
  libssh2_channel_open_session.3
  libssh2_channel_process_startup.3
  libssh2_channel_read.3
  libssh2_channel_read_ex.3
  libssh2_channel_read_stderr.3
  libssh2_channel_receive_window_adjust.3
  libssh2_channel_receive_window_adjust2.3
  libssh2_channel_request_pty.3
  libssh2_channel_request_pty_ex.3
  libssh2_channel_request_pty_size.3
  libssh2_channel_request_pty_size_ex.3
  libssh2_channel_send_eof.3
  libssh2_channel_set_blocking.3
  libssh2_channel_setenv.3
  libssh2_channel_setenv_ex.3
  libssh2_channel_shell.3
  libssh2_channel_subsystem.3
  libssh2_channel_wait_closed.3
  libssh2_channel_wait_eof.3
  libssh2_channel_window_read.3
  libssh2_channel_window_read_ex.3
  libssh2_channel_window_write.3
  libssh2_channel_window_write_ex.3
  libssh2_channel_write.3
  libssh2_channel_write_ex.3
  libssh2_channel_write_stderr.3
  libssh2_channel_x11_req.3
  libssh2_channel_x11_req_ex.3
  libssh2_exit.3
  libssh2_free.3
  libssh2_hostkey_hash.3
  libssh2_init.3
  libssh2_keepalive_config.3
  libssh2_keepalive_send.3
  libssh2_knownhost_add.3
  libssh2_knownhost_addc.3
  libssh2_knownhost_check.3
  libssh2_knownhost_checkp.3
  libssh2_knownhost_del.3
  libssh2_knownhost_free.3
  libssh2_knownhost_get.3
  libssh2_knownhost_init.3
  libssh2_knownhost_readfile.3
  libssh2_knownhost_readline.3
  libssh2_knownhost_writefile.3
  libssh2_knownhost_writeline.3
  libssh2_poll.3
  libssh2_poll_channel_read.3
  libssh2_publickey_add.3
  libssh2_publickey_add_ex.3
  libssh2_publickey_init.3
  libssh2_publickey_list_fetch.3
  libssh2_publickey_list_free.3
  libssh2_publickey_remove.3
  libssh2_publickey_remove_ex.3
  libssh2_publickey_shutdown.3
  libssh2_scp_recv.3
  libssh2_scp_recv2.3
  libssh2_scp_send.3
  libssh2_scp_send64.3
  libssh2_scp_send_ex.3
  libssh2_session_abstract.3
  libssh2_session_banner_get.3
  libssh2_session_banner_set.3
  libssh2_session_block_directions.3
  libssh2_session_callback_set.3
  libssh2_session_disconnect.3
  libssh2_session_disconnect_ex.3
  libssh2_session_flag.3
  libssh2_session_free.3
  libssh2_session_get_blocking.3
  libssh2_session_get_timeout.3
  libssh2_session_handshake.3
  libssh2_session_hostkey.3
  libssh2_session_init.3
  libssh2_session_init_ex.3
  libssh2_session_last_errno.3
  libssh2_session_last_error.3
  libssh2_session_set_last_error.3
  libssh2_session_method_pref.3
  libssh2_session_methods.3
  libssh2_session_set_blocking.3
  libssh2_session_set_timeout.3
  libssh2_session_startup.3
  libssh2_session_supported_algs.3
  libssh2_sftp_close.3
  libssh2_sftp_close_handle.3
  libssh2_sftp_closedir.3
  libssh2_sftp_fsetstat.3
  libssh2_sftp_fstat.3
  libssh2_sftp_fstat_ex.3
  libssh2_sftp_fstatvfs.3
  libssh2_sftp_fsync.3
  libssh2_sftp_get_channel.3
  libssh2_sftp_init.3
  libssh2_sftp_last_error.3
  libssh2_sftp_lstat.3
  libssh2_sftp_mkdir.3
  libssh2_sftp_mkdir_ex.3
  libssh2_sftp_open.3
  libssh2_sftp_open_ex.3
  libssh2_sftp_opendir.3
  libssh2_sftp_read.3
  libssh2_sftp_readdir.3
  libssh2_sftp_readdir_ex.3
  libssh2_sftp_readlink.3
  libssh2_sftp_realpath.3
  libssh2_sftp_rename.3
  libssh2_sftp_rename_ex.3
  libssh2_sftp_rewind.3
  libssh2_sftp_rmdir.3
  libssh2_sftp_rmdir_ex.3
  libssh2_sftp_seek.3
  libssh2_sftp_seek64.3
  libssh2_sftp_setstat.3
  libssh2_sftp_shutdown.3
  libssh2_sftp_stat.3
  libssh2_sftp_stat_ex.3
  libssh2_sftp_statvfs.3
  libssh2_sftp_symlink.3
  libssh2_sftp_symlink_ex.3
  libssh2_sftp_tell.3
  libssh2_sftp_tell64.3
  libssh2_sftp_unlink.3
  libssh2_sftp_unlink_ex.3
  libssh2_sftp_write.3
  libssh2_trace.3
  libssh2_trace_sethandler.3
  libssh2_userauth_authenticated.3
  libssh2_userauth_hostbased_fromfile.3
  libssh2_userauth_hostbased_fromfile_ex.3
  libssh2_userauth_keyboard_interactive.3
  libssh2_userauth_keyboard_interactive_ex.3
  libssh2_userauth_list.3
  libssh2_userauth_password.3
  libssh2_userauth_password_ex.3
  libssh2_userauth_publickey.3
  libssh2_userauth_publickey_fromfile.3
  libssh2_userauth_publickey_fromfile_ex.3
  libssh2_userauth_publickey_frommemory.3
  libssh2_version.3)

 include(GNUInstallDirs)
 install(FILES ${MAN_PAGES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man3)
--- a/libssh2/docs/HACKING
+++ b/libssh2/docs/HACKING
@@ -0,0 +1,13 @@

 libssh2 source code style guide:

 - 4 level indent
 - spaces-only (no tabs)
 - open braces on the if/for line:

     if (banana) {
         go_nuts();
     }

 - keep source lines shorter than 80 columns
 - See libssh2-style.el for how to achieve this within Emacs
--- a/libssh2/docs/HACKING.CRYPTO
+++ b/libssh2/docs/HACKING.CRYPTO
@@ -0,0 +1,901 @@
 	Definitions needed to implement a specific crypto library

 This document offers some hints about implementing a new crypto library
 interface.

 A crypto library interface consists of at least a header file, defining
 entities referenced from the libssh2 core modules.
 Real code implementation (if needed), is left at the implementor's choice.

 This document lists the entities that must/may be defined in the header file.

 Procedures listed as "void" may indeed have a result type: the void indication
 indicates the libssh2 core modules never use the function result.


 0) Build system.

 Adding a crypto backend to the autotools build system (./configure) is easy:

 0.1) Add one new line in configure.ac

 m4_set_add([crypto_backends], [newname])

 This automatically creates a --with-crypto=newname option.

 0.2) Add an m4_case stanza to LIBSSH2_CRYPTO_CHECK in acinclude.m4

 This must check for all required libraries, and if found set and AC_SUBST a
 variable with the library linking flags. The recommended method is to use
 LIBSSH2_LIB_HAVE_LINKFLAGS from LIBSSH2_CRYPTO_CHECK, which automatically
 creates and handles a --with-$newname-prefix option and sets an
 LTLIBNEWNAME variable on success.

 0.3) Create Makefile.newname.inc in the top-level directory

 This must set CRYPTO_CSOURCES, CRYPTO_HHEADERS and CRYPTO_LTLIBS.
 Set CRYPTO_CSOURCES and CRYPTO_HHEADERS to the new backend source files
 and set CRYPTO_LTLIBS to the required library linking parameters, e.g.
 $(LTLIBNEWNAME) as generated by by LIBSSH2_LIB_HAVE_LINKFLAGS.

 0.4) Add a new block in src/Makefile.am

 if NEWNAME
 include ../Makefile.newname.inc
 endif


 1) Crypto library initialization/termination.

 void libssh2_crypto_init(void);
 Initializes the crypto library. May be an empty macro if not needed.

 void libssh2_crypto_exit(void);
 Terminates the crypto library use. May be an empty macro if not needed.


 2) HMAC

 libssh2_hmac_ctx
 Type of an HMAC computation context. Generally a struct.
 Used for all hash algorithms.

 void libssh2_hmac_ctx_init(libssh2_hmac_ctx ctx);
 Initializes the HMAC computation context ctx.
 Called before setting-up the hash algorithm.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_hmac_update(libssh2_hmac_ctx ctx,
 	                 const unsigned char *data,
 	                 int datalen);
 Continue computation of an HMAC on datalen bytes at data using context ctx.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_hmac_final(libssh2_hmac_ctx ctx,
 	                unsigned char output[]);
 Get the computed HMAC from context ctx into the output buffer. The
 minimum data buffer size depends on the HMAC hash algorithm.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_hmac_cleanup(libssh2_hmac_ctx *ctx);
 Releases the HMAC computation context at ctx.


 3) Hash algorithms.

 3.1) SHA-1
 Must always be implemented.

 SHA_DIGEST_LENGTH
 #define to 20, the SHA-1 digest length.

 libssh2_sha1_ctx
 Type of an SHA-1 computation context. Generally a struct.

 int libssh2_sha1_init(libssh2_sha1_ctx *x);
 Initializes the SHA-1 computation context at x.
 Returns 1 for success and 0 for failure

 void libssh2_sha1_update(libssh2_sha1_ctx ctx,
 	                 const unsigned char *data,
 	                 size_t len);
 Continue computation of SHA-1 on len bytes at data using context ctx.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_sha1_final(libssh2_sha1_ctx ctx,
                        unsigned char output[SHA_DIGEST_LEN]);
 Get the computed SHA-1 signature from context ctx and store it into the
 output buffer.
 Release the context.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx,
 	                    const void *key,
 	                    int keylen);
 Setup the HMAC computation context ctx for an HMAC-SHA-1 computation using the
 keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().

 3.2) SHA-256
 Must always be implemented.

 SHA256_DIGEST_LENGTH
 #define to 32, the SHA-256 digest length.

 libssh2_sha256_ctx
 Type of an SHA-256 computation context. Generally a struct.

 int libssh2_sha256_init(libssh2_sha256_ctx *x);
 Initializes the SHA-256 computation context at x.
 Returns 1 for success and 0 for failure

 void libssh2_sha256_update(libssh2_sha256_ctx ctx,
 	                   const unsigned char *data,
 	                   size_t len);
 Continue computation of SHA-256 on len bytes at data using context ctx.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_sha256_final(libssh2_sha256_ctx ctx,
 	                  unsigned char output[SHA256_DIGEST_LENGTH]);
 Gets the computed SHA-256 signature from context ctx into the output buffer.
 Release the context.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 int libssh2_sha256(const unsigned char *message,
                   unsigned long len,
                   unsigned char output[SHA256_DIGEST_LENGTH]);
 Computes the SHA-256 signature over the given message of length len and
 store the result into the output buffer.
 Return 1 if error, else 0.
 Note: Seems unused in current code, but defined in each crypto library backend.

 LIBSSH2_HMAC_SHA256
 #define as 1 if the crypto library supports HMAC-SHA-256, else 0.
 If defined as 0, the rest of this section can be omitted.

 void libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx,
 	                      const void *key,
 	                      int keylen);
 Setup the HMAC computation context ctx for an HMAC-256 computation using the
 keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().

 3.3) SHA-384
 Mandatory if ECDSA is implemented. Can be omitted otherwise.

 SHA384_DIGEST_LENGTH
 #define to 48, the SHA-384 digest length.

 libssh2_sha384_ctx
 Type of an SHA-384 computation context. Generally a struct.

 int libssh2_sha384_init(libssh2_sha384_ctx *x);
 Initializes the SHA-384 computation context at x.
 Returns 1 for success and 0 for failure

 void libssh2_sha384_update(libssh2_sha384_ctx ctx,
 	                   const unsigned char *data,
 	                   size_t len);
 Continue computation of SHA-384 on len bytes at data using context ctx.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_sha384_final(libssh2_sha384_ctx ctx,
 	                  unsigned char output[SHA384_DIGEST_LENGTH]);
 Gets the computed SHA-384 signature from context ctx into the output buffer.
 Release the context.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 int libssh2_sha384(const unsigned char *message,
                   unsigned long len,
                   unsigned char output[SHA384_DIGEST_LENGTH]);
 Computes the SHA-384 signature over the given message of length len and
 store the result into the output buffer.
 Return 1 if error, else 0.

 3.4) SHA-512
 Must always be implemented.

 SHA512_DIGEST_LENGTH
 #define to 64, the SHA-512 digest length.

 libssh2_sha512_ctx
 Type of an SHA-512 computation context. Generally a struct.

 int libssh2_sha512_init(libssh2_sha512_ctx *x);
 Initializes the SHA-512 computation context at x.
 Returns 1 for success and 0 for failure

 void libssh2_sha512_update(libssh2_sha512_ctx ctx,
 	                   const unsigned char *data,
 	                   size_t len);
 Continue computation of SHA-512 on len bytes at data using context ctx.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_sha512_final(libssh2_sha512_ctx ctx,
 	                  unsigned char output[SHA512_DIGEST_LENGTH]);
 Gets the computed SHA-512 signature from context ctx into the output buffer.
 Release the context.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 int libssh2_sha512(const unsigned char *message,
                   unsigned long len,
                   unsigned char output[SHA512_DIGEST_LENGTH]);
 Computes the SHA-512 signature over the given message of length len and
 store the result into the output buffer.
 Return 1 if error, else 0.
 Note: Seems unused in current code, but defined in each crypto library backend.

 LIBSSH2_HMAC_SHA512
 #define as 1 if the crypto library supports HMAC-SHA-512, else 0.
 If defined as 0, the rest of this section can be omitted.

 void libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx,
 	                      const void *key,
 	                      int keylen);
 Setup the HMAC computation context ctx for an HMAC-512 computation using the
 keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().

 3.5) MD5
 LIBSSH2_MD5
 #define to 1 if the crypto library supports MD5, else 0.
 If defined as 0, the rest of this section can be omitted.

 MD5_DIGEST_LENGTH
 #define to 16, the MD5 digest length.

 libssh2_md5_ctx
 Type of an MD5 computation context. Generally a struct.

 int libssh2_md5_init(libssh2_md5_ctx *x);
 Initializes the MD5 computation context at x.
 Returns 1 for success and 0 for failure

 void libssh2_md5_update(libssh2_md5_ctx ctx,
 	                const unsigned char *data,
 	                size_t len);
 Continues computation of MD5 on len bytes at data using context ctx.
 Returns 1 for success and 0 for failure.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_md5_final(libssh2_md5_ctx ctx,
 	               unsigned char output[MD5_DIGEST_LENGTH]);
 Gets the computed MD5 signature from context ctx into the output buffer.
 Release the context.
 Note: if the ctx parameter is modified by the underlying code,
 this procedure must be implemented as a macro to map ctx --> &ctx.

 void libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx,
 	                   const void *key,
 	                   int keylen);
 Setup the HMAC computation context ctx for an HMAC-MD5 computation using the
 keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().

 3.6) RIPEMD-160
 LIBSSH2_HMAC_RIPEMD
 #define as 1 if the crypto library supports HMAC-RIPEMD-160, else 0.
 If defined as 0, the rest of this section can be omitted.

 void libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx,
 	                         const void *key,
 	                         int keylen);
 Setup the HMAC computation context ctx for an HMAC-RIPEMD-160 computation using
 the keylen-byte key. Is invoked just after libssh2_hmac_ctx_init().
 Returns 1 for success and 0 for failure.


 4) Bidirectional key ciphers.

 _libssh2_cipher_ctx
 Type of a cipher computation context.

 _libssh2_cipher_type(name);
 Macro defining name as storage identifying a cipher algorithm for
 the crypto library interface. No trailing semicolon.

 int _libssh2_cipher_init(_libssh2_cipher_ctx *h,
                         _libssh2_cipher_type(algo),
                         unsigned char *iv,
                         unsigned char *secret,
                         int encrypt);
 Creates a cipher context for the given algorithm with the initialization vector
 iv and the secret key secret. Prepare for encryption or decryption depending on
 encrypt.
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
                          _libssh2_cipher_type(algo),
                          int encrypt,
                          unsigned char *block,
                          size_t blocksize);
 Encrypt or decrypt in-place data at (block, blocksize) using the given
 context and/or algorithm.
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 void _libssh2_cipher_dtor(_libssh2_cipher_ctx *ctx);
 Release cipher context at ctx.

 4.1) AES
 4.1.1) AES in CBC block mode.
 LIBSSH2_AES
 #define as 1 if the crypto library supports AES in CBC mode, else 0.
 If defined as 0, the rest of this section can be omitted.

 _libssh2_cipher_aes128
 AES-128-CBC algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 _libssh2_cipher_aes192
 AES-192-CBC algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 _libssh2_cipher_aes256
 AES-256-CBC algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 4.1.2) AES in CTR block mode.
 LIBSSH2_AES_CTR
 #define as 1 if the crypto library supports AES in CTR mode, else 0.
 If defined as 0, the rest of this section can be omitted.

 _libssh2_cipher_aes128ctr
 AES-128-CTR algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 _libssh2_cipher_aes192ctr
 AES-192-CTR algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 _libssh2_cipher_aes256ctr
 AES-256-CTR algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 4.2) Blowfish in CBC block mode.
 LIBSSH2_BLOWFISH
 #define as 1 if the crypto library supports blowfish in CBC mode, else 0.
 If defined as 0, the rest of this section can be omitted.

 _libssh2_cipher_blowfish
 Blowfish-CBC algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 4.3) RC4.
 LIBSSH2_RC4
 #define as 1 if the crypto library supports RC4 (arcfour), else 0.
 If defined as 0, the rest of this section can be omitted.

 _libssh2_cipher_arcfour
 RC4 algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 4.4) CAST5 in CBC block mode.
 LIBSSH2_CAST
 #define 1 if the crypto library supports cast, else 0.
 If defined as 0, the rest of this section can be omitted.

 _libssh2_cipher_cast5
 CAST5-CBC algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().

 4.5) Tripple DES in CBC block mode.
 LIBSSH2_3DES
 #define as 1 if the crypto library supports TripleDES in CBC mode, else 0.
 If defined as 0, the rest of this section can be omitted.

 _libssh2_cipher_3des
 TripleDES-CBC algorithm identifier initializer.
 #define with constant value of type _libssh2_cipher_type().


 5) Diffie-Hellman support.

 5.1) Diffie-Hellman context.
 _libssh2_dh_ctx
 Type of a Diffie-Hellman computation context.
 Must always be defined.

 5.2) Diffie-Hellman computation procedures.
 void libssh2_dh_init(_libssh2_dh_ctx *dhctx);
 Initializes the Diffie-Hellman context at `dhctx'. No effective context
 creation needed here.

 int libssh2_dh_key_pair(_libssh2_dh_ctx *dhctx, _libssh2_bn *public,
                        _libssh2_bn *g, _libssh2_bn *p, int group_order,
                        _libssh2_bn_ctx *bnctx);
 Generates a Diffie-Hellman key pair using base `g', prime `p' and the given
 `group_order'. Can use the given big number context `bnctx' if needed.
 The private key is stored as opaque in the Diffie-Hellman context `*dhctx' and
 the public key is returned in `public'.
 0 is returned upon success, else -1.

 int libssh2_dh_secret(_libssh2_dh_ctx *dhctx, _libssh2_bn *secret,
                      _libssh2_bn *f, _libssh2_bn *p, _libssh2_bn_ctx * bnctx)
 Computes the Diffie-Hellman secret from the previously created context `*dhctx',
 the public key `f' from the other party and the same prime `p' used at
 context creation. The result is stored in `secret'.
 0 is returned upon success, else -1.

 void libssh2_dh_dtor(_libssh2_dh_ctx *dhctx)
 Destroys Diffie-Hellman context at `dhctx' and resets its storage.


 6) Big numbers.
 Positive multi-byte integers support is sufficient.

 6.1) Computation contexts.
 This has a real meaning if the big numbers computations need some context
 storage. If not, use a dummy type and functions (macros).

 _libssh2_bn_ctx
 Type of multiple precision computation context. May not be empty. if not used,
 #define as char, for example.

 _libssh2_bn_ctx _libssh2_bn_ctx_new(void);
 Returns a new multiple precision computation context.

 void _libssh2_bn_ctx_free(_libssh2_bn_ctx ctx);
 Releases a multiple precision computation context.

 6.2) Computation support.
 _libssh2_bn
 Type of multiple precision numbers (aka bignumbers or huge integers) for the
 crypto library.

 _libssh2_bn * _libssh2_bn_init(void);
 Creates a multiple precision number (preset to zero).

 _libssh2_bn * _libssh2_bn_init_from_bin(void);
 Create a multiple precision number intended to be set by the
 _libssh2_bn_from_bin() function (see below). Unlike _libssh2_bn_init(), this
 code may be a dummy initializer if the _libssh2_bn_from_bin() actually
 allocates the number. Returns a value of type _libssh2_bn *.

 void _libssh2_bn_free(_libssh2_bn *bn);
 Destroys the multiple precision number at bn.

 unsigned long _libssh2_bn_bytes(_libssh2_bn *bn);
 Get the number of bytes needed to store the bits of the multiple precision
 number at bn.

 unsigned long _libssh2_bn_bits(_libssh2_bn *bn);
 Returns the number of bits of multiple precision number at bn.

 int _libssh2_bn_set_word(_libssh2_bn *bn, unsigned long val);
 Sets the value of bn to val.
 Returns 1 on success, 0 otherwise.

 _libssh2_bn * _libssh2_bn_from_bin(_libssh2_bn *bn, int len,
 	                           const unsigned char *val);
 Converts the positive integer in big-endian form of length len at val
 into a _libssh2_bn and place it in bn. If bn is NULL, a new _libssh2_bn is
 created.
 Returns a pointer to target _libssh2_bn or NULL if error.

 int _libssh2_bn_to_bin(_libssh2_bn *bn, unsigned char *val);
 Converts the absolute value of bn into big-endian form and store it at
 val. val must point to _libssh2_bn_bytes(bn) bytes of memory.
 Returns the length of the big-endian number.


 7) Private key algorithms.
 Format of an RSA public key:
 a) "ssh-rsa".
 b) RSA exponent, MSB first, with high order bit = 0.
 c) RSA modulus, MSB first, with high order bit = 0.
 Each item is preceded by its 32-bit byte length, MSB first.

 Format of a DSA public key:
 a) "ssh-dss".
 b) p, MSB first, with high order bit = 0.
 c) q, MSB first, with high order bit = 0.
 d) g, MSB first, with high order bit = 0.
 e) pub_key, MSB first, with high order bit = 0.
 Each item is preceded by its 32-bit byte length, MSB first.

 Format of an ECDSA public key:
 a) "ecdsa-sha2-nistp256" or "ecdsa-sha2-nistp384" or "ecdsa-sha2-nistp521".
 b) domain: "nistp256", "nistp384" or "nistp521" matching a).
 c) raw public key ("octal").
 Each item is preceded by its 32-bit byte length, MSB first.

 Format of an ED25519 public key:
 a) "ssh-ed25519".
 b) raw key (32 bytes).
 Each item is preceded by its 32-bit byte length, MSB first.

 int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
                              unsigned char **method,
                              size_t *method_len,
                              unsigned char **pubkeydata,
                              size_t *pubkeydata_len,
                              const char *privatekey,
                              const char *passphrase);
 Reads a private key from file privatekey and extract the public key -->
 (pubkeydata, pubkeydata_len). Store the associated method (ssh-rsa or ssh-dss)
 into (method, method_len).
 Both buffers have to be allocated using LIBSSH2_ALLOC().
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
                                    unsigned char **method,
                                    size_t *method_len,
                                    unsigned char **pubkeydata,
                                    size_t *pubkeydata_len,
                                    const char *privatekeydata,
                                    size_t privatekeydata_len,
                                    const char *passphrase);
 Gets a private key from bytes at (privatekeydata, privatekeydata_len) and
 extract the public key --> (pubkeydata, pubkeydata_len). Store the associated
 method (ssh-rsa or ssh-dss) into (method, method_len).
 Both buffers have to be allocated using LIBSSH2_ALLOC().
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.


 7.1) RSA
 LIBSSH2_RSA
 #define as 1 if the crypto library supports RSA, else 0.
 If defined as 0, the rest of this section can be omitted.

 libssh2_rsa_ctx
 Type of an RSA computation context. Generally a struct.

 int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
                     const unsigned char *edata,
                     unsigned long elen,
                     const unsigned char *ndata,
                     unsigned long nlen,
                     const unsigned char *ddata,
                     unsigned long dlen,
                     const unsigned char *pdata,
                     unsigned long plen,
                     const unsigned char *qdata,
                     unsigned long qlen,
                     const unsigned char *e1data,
                     unsigned long e1len,
                     const unsigned char *e2data,
                     unsigned long e2len,
                     const unsigned char *coeffdata, unsigned long coefflen);
 Creates a new context for RSA computations from key source values:
 	pdata, plen	Prime number p. Only used if private key known (ddata).
 	qdata, qlen	Prime number q. Only used if private key known (ddata).
 	ndata, nlen	Modulus n.
 	edata, elen	Exponent e.
 	ddata, dlen	e^-1 % phi(n) = private key. May be NULL if unknown.
 	e1data, e1len	dp = d % (p-1). Only used if private key known (dtata).
 	e2data, e2len	dq = d % (q-1). Only used if private key known (dtata).
 	coeffdata, coefflen	q^-1 % p. Only used if private key known.
 Returns 0 if OK.
 This procedure is already prototyped in crypto.h.
 Note: the current generic code only calls this function with e and n (public
 key parameters): unless used internally by the backend, it is not needed to
 support the private key and the other parameters here.

 int _libssh2_rsa_new_private(libssh2_rsa_ctx **rsa,
                             LIBSSH2_SESSION *session,
                             const char *filename,
                             unsigned const char *passphrase);
 Reads an RSA private key from file filename into a new RSA context.
 Must call _libssh2_init_if_needed().
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
                                        LIBSSH2_SESSION *session,
                                        const char *data,
 					size_t data_len,
                                        unsigned const char *passphrase);
 Gets an RSA private key from data into a new RSA context.
 Must call _libssh2_init_if_needed().
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
                             const unsigned char *sig,
                             unsigned long sig_len,
                             const unsigned char *m, unsigned long m_len);
 Verify (sig, sig_len) signature of (m, m_len) using an SHA-1 hash and the
 RSA context.
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_rsa_sha1_signv(LIBSSH2_SESSION *session,
 	                    unsigned char **sig, size_t *siglen,
 	                    int count, const struct iovec vector[],
 	                    libssh2_rsa_ctx *ctx);
 RSA signs the SHA-1 hash computed over the count data chunks in vector.
 Signature is stored at (sig, siglen).
 Signature buffer must be allocated from the given session.
 Returns 0 if OK, else -1.
 Note: this procedure is optional: if provided, it MUST be defined as a macro.

 int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
                           libssh2_rsa_ctx *rsactx,
                           const unsigned char *hash,
                           size_t hash_len,
                           unsigned char **signature,
                           size_t *signature_len);
 RSA signs the (hash, hashlen) SHA-1 hash bytes and stores the allocated
 signature at (signature, signature_len).
 Signature buffer must be allocated from the given session.
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.
 Note: this procedure is not used if macro _libssh2_rsa_sha1_signv() is defined.

 void _libssh2_rsa_free(libssh2_rsa_ctx *rsactx);
 Releases the RSA computation context at rsactx.


 7.2) DSA
 LIBSSH2_DSA
 #define as 1 if the crypto library supports DSA, else 0.
 If defined as 0, the rest of this section can be omitted.


 libssh2_dsa_ctx
 Type of a DSA computation context. Generally a struct.

 int _libssh2_dsa_new(libssh2_dsa_ctx **dsa,
                     const unsigned char *pdata,
                     unsigned long plen,
                     const unsigned char *qdata,
                     unsigned long qlen,
                     const unsigned char *gdata,
                     unsigned long glen,
                     const unsigned char *ydata,
                     unsigned long ylen,
                     const unsigned char *x, unsigned long x_len);
 Creates a new context for DSA computations from source key values:
 	pdata, plen	Prime number p. Only used if private key known (ddata).
 	qdata, qlen	Prime number q. Only used if private key known (ddata).
 	gdata, glen	G number.
 	ydata, ylen	Public key.
 	xdata, xlen	Private key. Only taken if xlen non-zero.
 Returns 0 if OK.
 This procedure is already prototyped in crypto.h.

 int _libssh2_dsa_new_private(libssh2_dsa_ctx **dsa,
                             LIBSSH2_SESSION *session,
                             const char *filename,
                             unsigned const char *passphrase);
 Gets a DSA private key from file filename into a new DSA context.
 Must call _libssh2_init_if_needed().
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx **dsa,
                                        LIBSSH2_SESSION *session,
                                        const char *data,
 					size_t data_len,
                                        unsigned const char *passphrase);
 Gets a DSA private key from the data_len-bytes data into a new DSA context.
 Must call _libssh2_init_if_needed().
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
                             const unsigned char *sig,
                             const unsigned char *m, unsigned long m_len);
 Verify (sig, siglen) signature of (m, m_len) using an SHA-1 hash and the
 DSA context.
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
                           const unsigned char *hash,
                           unsigned long hash_len, unsigned char *sig);
 DSA signs the (hash, hash_len) data using SHA-1 and store the signature at sig.
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 void _libssh2_dsa_free(libssh2_dsa_ctx *dsactx);
 Releases the DSA computation context at dsactx.


 7.3) ECDSA
 LIBSSH2_ECDSA
 #define as 1 if the crypto library supports ECDSA, else 0.
 If defined as 0, _libssh2_ec_key should be defined as void and the rest of
 this section can be omitted.

 EC_MAX_POINT_LEN
 Maximum point length. Usually defined as ((528 * 2 / 8) + 1) (= 133).

 libssh2_ecdsa_ctx
 Type of an ECDSA computation context. Generally a struct.

 _libssh2_ec_key
 Type of an elliptic curve key.

 libssh2_curve_type
 An enum type defining curve types. Current supported identifiers are:
 	LIBSSH2_EC_CURVE_NISTP256
 	LIBSSH2_EC_CURVE_NISTP384
 	LIBSSH2_EC_CURVE_NISTP521

 int _libssh2_ecdsa_create_key(_libssh2_ec_key **out_private_key,
                              unsigned char **out_public_key_octal,
                              size_t *out_public_key_octal_len,
                              libssh2_curve_type curve_type);
 Create a new ECDSA private key of type curve_type and return it at
 out_private_key. If out_public_key_octal is not NULL, store an allocated
 pointer to the associated public key in "octal" form in it and its length
 at out_public_key_octal_len.
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ecdsa_new_private(libssh2_ecdsa_ctx **ec_ctx,
                               LIBSSH2_SESSION * session,
                               const char *filename,
                               unsigned const char *passphrase);
 Reads an ECDSA private key from PEM file filename into a new ECDSA context.
 Must call _libssh2_init_if_needed().
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ecdsa_new_private_frommemory(libssh2_ecdsa_ctx ** ec_ctx,
                                        LIBSSH2_SESSION * session,
                                        const char *filedata,
                                        size_t filedata_len,
                                        unsigned const char *passphrase);
 Builds an ECDSA private key from PEM data at filedata of length filedata_len
 into a new ECDSA context stored at ec_ctx.
 Must call _libssh2_init_if_needed().
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ecdsa_curve_name_with_octal_new(libssh2_ecdsa_ctx **ecdsactx,
                                             const unsigned char *k,
                                             size_t k_len,
                                             libssh2_curve_type type);
 Stores at ecdsactx a new ECDSA context associated with the given curve type
 and with "octal" form public key (k, k_len).
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ecdsa_new_openssh_private(libssh2_ecdsa_ctx **ec_ctx,
                                       LIBSSH2_SESSION * session,
                                       const char *filename,
                                       unsigned const char *passphrase);
 Reads a PEM-encoded ECDSA private key from file filename encrypted with
 passphrase and stores at ec_ctx a new ECDSA context for it.
 Return 0 if OK, else -1.
 Currently used only from openssl backend (ought to be private).
 This procedure is already prototyped in crypto.h.

 int _libssh2_ecdsa_sign(LIBSSH2_SESSION *session, libssh2_ecdsa_ctx *ec_ctx,
                        const unsigned char *hash, unsigned long hash_len,
                        unsigned char **signature, size_t *signature_len);
 ECDSA signs the (hash, hashlen) hash bytes and stores the allocated
 signature at (signature, signature_len). Hash algorithm used should be
 SHA-256, SHA-384 or SHA-512 depending on type stored in ECDSA context at ec_ctx.
 Signature buffer must be allocated from the given session.
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ecdsa_verify(libssh2_ecdsa_ctx *ctx,
                          const unsigned char *r, size_t r_len,
                          const unsigned char *s, size_t s_len,
                          const unsigned char *m, size_t m_len);
 Verify the ECDSA signature made of (r, r_len) and (s, s_len) of (m, m_len)
 using the hash algorithm configured in the ECDSA context ctx.
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 libssh2_curve_type _libssh2_ecdsa_get_curve_type(libssh2_ecdsa_ctx *ecdsactx);
 Returns the curve type associated with given context.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ecdsa_curve_type_from_name(const char *name,
                                        libssh2_curve_type *out_type);
 Stores in out_type the curve type matching string name of the form
 "ecdsa-sha2-nistpxxx".
 Return 0 if OK, else -1.
 Currently used only from openssl backend (ought to be private).
 This procedure is already prototyped in crypto.h.

 void _libssh2_ecdsa_free(libssh2_ecdsa_ctx *ecdsactx);
 Releases the ECDSA computation context at ecdsactx.


 7.4) ED25519
 LIBSSH2_ED25519
 #define as 1 if the crypto library supports ED25519, else 0.
 If defined as 0, the rest of this section can be omitted.


 libssh2_ed25519_ctx
 Type of an ED25519 computation context. Generally a struct.

 int _libssh2_curve25519_new(LIBSSH2_SESSION *session, libssh2_ed25519_ctx **ctx,
                            uint8_t **out_public_key,
                            uint8_t **out_private_key);
 Generates an ED25519 key pair, stores a pointer to them at out_private_key
 and out_public_key respectively and stores at ctx a new ED25519 context for
 this key.
 Argument ctx, out_private_key and out_public key may be NULL to disable storing
 the corresponding value.
 Length of each key is LIBSSH2_ED25519_KEY_LEN (32 bytes).
 Key buffers are allocated and should be released by caller after use.
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ed25519_new_private(libssh2_ed25519_ctx **ed_ctx,
                                 LIBSSH2_SESSION *session,
                                 const char *filename,
                                 const uint8_t *passphrase);
 Reads an ED25519 private key from PEM file filename into a new ED25519 context.
 Must call _libssh2_init_if_needed().
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ed25519_new_public(libssh2_ed25519_ctx **ed_ctx,
                                LIBSSH2_SESSION *session,
                                const unsigned char *raw_pub_key,
                                 const uint8_t key_len);
 Stores at ed_ctx a new ED25519 key context for raw public key (raw_pub_key,
 key_len).
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ed25519_new_private_frommemory(libssh2_ed25519_ctx **ed_ctx,
                                            LIBSSH2_SESSION *session,
                                            const char *filedata,
                                            size_t filedata_len,
                                            unsigned const char *passphrase);
 Builds an ED25519 private key from PEM data at filedata of length filedata_len
 into a new ED25519 context stored at ed_ctx.
 Must call _libssh2_init_if_needed().
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ed25519_sign(libssh2_ed25519_ctx *ctx, LIBSSH2_SESSION *session,
                          uint8_t **out_sig, size_t *out_sig_len,
                          const uint8_t *message, size_t message_len);
 ED25519 signs the (message, message_len) bytes and stores the allocated
 signature at (sig, sig_len).
 Signature buffer is allocated from the given session.
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_ed25519_verify(libssh2_ed25519_ctx *ctx, const uint8_t *s,
                            size_t s_len, const uint8_t *m, size_t m_len);
 Verify (s, s_len) signature of (m, m_len) using the given ED25519 context.
 Return 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 int _libssh2_curve25519_gen_k(_libssh2_bn **k,
                              uint8_t private_key[LIBSSH2_ED25519_KEY_LEN],
                              uint8_t srvr_public_key[LIBSSH2_ED25519_KEY_LEN]);
 Computes a shared ED25519 secret key from the given raw server public key and 
 raw client public key and stores it as a big number in *k. Big number should
 have been initialized before calling this function.
 Returns 0 if OK, else -1.
 This procedure is already prototyped in crypto.h.

 void _libssh2_ed25519_free(libssh2_ed25519_ctx *ed25519ctx);
 Releases the ED25519 computation context at ed25519ctx.


 8) Miscellaneous

 void libssh2_prepare_iovec(struct iovec *vector, unsigned int len);
 Prepare len consecutive iovec slots before using them.
 In example, this is needed to preset unused structure slacks on platforms
 requiring it.
 If this is not needed, it should be defined as an empty macro.

 void _libssh2_random(unsigned char *buf, int len);
 Store len random bytes at buf.
--- a/libssh2/docs/INSTALL_AUTOTOOLS
+++ b/libssh2/docs/INSTALL_AUTOTOOLS
@@ -0,0 +1,355 @@
 Installation Instructions
 *************************

 Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005 Free
 Software Foundation, Inc.

 This file is free documentation; the Free Software Foundation gives
 unlimited permission to copy, distribute and modify it.

 When Building directly from Master
 ==================================

 If you want to build directly from the git repository, you must first
 generate the configure script and Makefile using autotools. There is
 a convenience script that calls all tools in the correct order. Make
 sure that autoconf, automake and libtool are installed on your system,
 then execute:

  autoreconf -fi

 After executing this script, you can build the project as usual:

  ./configure
  make

 Basic Installation
 ==================

 These are generic installation instructions.

   The `configure' shell script attempts to guess correct values for
 various system-dependent variables used during compilation.  It uses
 those values to create a `Makefile' in each directory of the package.
 It may also create one or more `.h' files containing system-dependent
 definitions.  Finally, it creates a shell script `config.status' that
 you can run in the future to recreate the current configuration, and a
 file `config.log' containing compiler output (useful mainly for
 debugging `configure').

   It can also use an optional file (typically called `config.cache'
 and enabled with `--cache-file=config.cache' or simply `-C') that saves
 the results of its tests to speed up reconfiguring.  (Caching is
 disabled by default to prevent problems with accidental use of stale
 cache files.)

   If you need to do unusual things to compile the package, please try
 to figure out how `configure' could check whether to do them, and mail
 diffs or instructions to the address given in the `README' so they can
 be considered for the next release.  If you are using the cache, and at
 some point `config.cache' contains results you don't want to keep, you
 may remove or edit it.

   The file `configure.ac' (or `configure.in') is used to create
 `configure' by a program called `autoconf'.  You only need
 `configure.ac' if you want to change it or regenerate `configure' using
 a newer version of `autoconf'.

 The simplest way to compile this package is:

  1. `cd' to the directory containing the package's source code and type
     `./configure' to configure the package for your system.  If you're
     using `csh' on an old version of System V, you might need to type
     `sh ./configure' instead to prevent `csh' from trying to execute
     `configure' itself.

     Running `configure' takes awhile.  While running, it prints some
     messages telling which features it is checking for.

  2. Type `make' to compile the package.

  3. Optionally, type `make check' to run any self-tests that come with
     the package.

  4. Type `make install' to install the programs and any data files and
     documentation.

  5. You can remove the program binaries and object files from the
     source code directory by typing `make clean'.  To also remove the
     files that `configure' created (so you can compile the package for
     a different kind of computer), type `make distclean'.  There is
     also a `make maintainer-clean' target, but that is intended mainly
     for the package's developers.  If you use it, you may have to get
     all sorts of other programs in order to regenerate files that came
     with the distribution.

 Compilers and Options
 =====================

 Some systems require unusual options for compilation or linking that the
 `configure' script does not know about.  Run `./configure --help' for
 details on some of the pertinent environment variables.

   You can give `configure' initial values for configuration parameters
 by setting variables in the command line or in the environment.  Here
 is an example:

     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix

   *Note Defining Variables::, for more details.

 Compiling For Multiple Architectures
 ====================================

 You can compile the package for more than one kind of computer at the
 same time, by placing the object files for each architecture in their
 own directory.  To do this, you must use a version of `make' that
 supports the `VPATH' variable, such as GNU `make'.  `cd' to the
 directory where you want the object files and executables to go and run
 the `configure' script.  `configure' automatically checks for the
 source code in the directory that `configure' is in and in `..'.

   If you have to use a `make' that does not support the `VPATH'
 variable, you have to compile the package for one architecture at a
 time in the source code directory.  After you have installed the
 package for one architecture, use `make distclean' before reconfiguring
 for another architecture.

 Installation Names
 ==================

 By default, `make install' installs the package's commands under
 `/usr/local/bin', include files under `/usr/local/include', etc.  You
 can specify an installation prefix other than `/usr/local' by giving
 `configure' the option `--prefix=PREFIX'.

   You can specify separate installation prefixes for
 architecture-specific files and architecture-independent files.  If you
 pass the option `--exec-prefix=PREFIX' to `configure', the package uses
 PREFIX as the prefix for installing programs and libraries.
 Documentation and other data files still use the regular prefix.

   In addition, if you use an unusual directory layout you can give
 options like `--bindir=DIR' to specify different values for particular
 kinds of files.  Run `configure --help' for a list of the directories
 you can set and what kinds of files go in them.

   If the package supports it, you can cause programs to be installed
 with an extra prefix or suffix on their names by giving `configure' the
 option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.

 Optional Features
 =================

 Some packages pay attention to `--enable-FEATURE' options to
 `configure', where FEATURE indicates an optional part of the package.
 They may also pay attention to `--with-PACKAGE' options, where PACKAGE
 is something like `gnu-as' or `x' (for the X Window System).  The
 `README' should mention any `--enable-' and `--with-' options that the
 package recognizes.

   For packages that use the X Window System, `configure' can usually
 find the X include and library files automatically, but if it doesn't,
 you can use the `configure' options `--x-includes=DIR' and
 `--x-libraries=DIR' to specify their locations.

 Specifying the System Type
 ==========================

 There may be some features `configure' cannot figure out automatically,
 but needs to determine by the type of machine the package will run on.
 Usually, assuming the package is built to be run on the _same_
 architectures, `configure' can figure that out, but if it prints a
 message saying it cannot guess the machine type, give it the
 `--build=TYPE' option.  TYPE can either be a short name for the system
 type, such as `sun4', or a canonical name which has the form:

     CPU-COMPANY-SYSTEM

 where SYSTEM can have one of these forms:

     OS KERNEL-OS

   See the file `config.sub' for the possible values of each field.  If
 `config.sub' isn't included in this package, then this package doesn't
 need to know the machine type.

   If you are _building_ compiler tools for cross-compiling, you should
 use the option `--target=TYPE' to select the type of system they will
 produce code for.

   If you want to _use_ a cross compiler, that generates code for a
 platform different from the build platform, you should specify the
 "host" platform (i.e., that on which the generated programs will
 eventually be run) with `--host=TYPE'.

 Sharing Defaults
 ================

 If you want to set default values for `configure' scripts to share, you
 can create a site shell script called `config.site' that gives default
 values for variables like `CC', `cache_file', and `prefix'.
 `configure' looks for `PREFIX/share/config.site' if it exists, then
 `PREFIX/etc/config.site' if it exists.  Or, you can set the
 `CONFIG_SITE' environment variable to the location of the site script.
 A warning: not all `configure' scripts look for a site script.

 Defining Variables
 ==================

 Variables not defined in a site shell script can be set in the
 environment passed to `configure'.  However, some packages may run
 configure again during the build, and the customized values of these
 variables may be lost.  In order to avoid this problem, you should set
 them in the `configure' command line, using `VAR=value'.  For example:

     ./configure CC=/usr/local2/bin/gcc

 causes the specified `gcc' to be used as the C compiler (unless it is
 overridden in the site shell script).  Here is a another example:

     /bin/bash ./configure CONFIG_SHELL=/bin/bash

 Here the `CONFIG_SHELL=/bin/bash' operand causes subsequent
 configuration-related scripts to be executed by `/bin/bash'.

 `configure' Invocation
 ======================

 `configure' recognizes the following options to control how it operates.

 `--help'
 `-h'
     Print a summary of the options to `configure', and exit.

 `--version'
 `-V'
     Print the version of Autoconf used to generate the `configure'
     script, and exit.

 `--cache-file=FILE'
     Enable the cache: use and save the results of the tests in FILE,
     traditionally `config.cache'.  FILE defaults to `/dev/null' to
     disable caching.

 `--config-cache'
 `-C'
     Alias for `--cache-file=config.cache'.

 `--quiet'
 `--silent'
 `-q'
     Do not print messages saying which checks are being made.  To
     suppress all normal output, redirect it to `/dev/null' (any error
     messages will still be shown).

 `--srcdir=DIR'
     Look for the package's source code in directory DIR.  Usually
     `configure' can determine that directory automatically.

 `configure' also accepts some other, not widely useful, options.  Run
 `configure --help' for more details.

 More configure options
 ======================

 Some ./configure options deserve additional comments:

 * --enable-crypt-none

 	The SSH2 Transport allows for unencrypted data
 	transmission using the "none" cipher.  Because this is
 	such a huge security hole, it is typically disabled on
 	SSH2 implementations and is disabled in libssh2 by
 	default as well.

 	Enabling this option will allow for "none" as a
 	negotiable method, however it still requires that the
 	method be advertized by the remote end and that no
 	more-preferable methods are available.

 * --enable-mac-none

 	The SSH2 Transport also allows implementations to
 	forego a message authentication code.  While this is
 	less of a security risk than using a "none" cipher, it
 	is still not recommended as disabling MAC hashes
 	removes a layer of security.

 	Enabling this option will allow for "none" as a
 	negotiable method, however it still requires that the
 	method be advertized by the remote end and that no
 	more-preferable methods are available.

 * --disable-gex-new

 	The diffie-hellman-group-exchange-sha1 (dh-gex) key
 	exchange method originally defined an exchange
 	negotiation using packet type 30 to request a
 	generation pair based on a single target value.  Later
 	refinement of dh-gex provided for range and target
 	values.  By default libssh2 will use the newer range
 	method.

 	If you experience trouble connecting to an old SSH
 	server using dh-gex, try this option to fallback on
 	the older more reliable method.

 * --with-libgcrypt
 * --without-libgcrypt
 * --with-libgcrypt-prefix=DIR

 	libssh2 can use the Libgcrypt library
 	(https://www.gnupg.org/) for cryptographic operations.
        One of the cryptographic libraries is required.

 	Configure will attempt to locate Libgcrypt
 	automatically.

 	If your installation of Libgcrypt is in another
 	location, specify it using --with-libgcrypt-prefix.

 * --with-openssl
 * --without-openssl
 * --with-libssl-prefix=[DIR]

 	libssh2 can use the OpenSSL library
 	(https://www.openssl.org) for cryptographic operations.
        One of the cryptographic libraries is required.

 	Configure will attempt to locate OpenSSL in the
 	default location.

 	If your installation of OpenSSL is in another
 	location, specify it using --with-libssl-prefix.

 * --with-mbedtls
 * --without-mbedtls
 * --with-libmbedtls-prefix=[DIR]

        libssh2 can use the mbedTLS library
        (https://tls.mbed.org) for cryptographic operations.
        One of the cryptographic libraries is required.

        Configure will attempt to locate mbedTLS in the
        default location.

        If your installation of mbedTLS is in another
        location, specify it using --with-libmbedtls-prefix.

 * --with-libz
 * --without-libz
 * --with-libz-prefix=[DIR]

 	If present, libssh2 will attempt to use the zlib
 	(http://www.zlib.org) for payload compression, however
 	zlib is not required.

 	If your installation of Libz is in another location,
 	specify it using --with-libz-prefix.

 * --enable-debug

 	Will make the build use more pedantic and strict compiler
 	options as well as enable the libssh2_trace() function (for
 	showing debug traces).
--- a/libssh2/docs/INSTALL_CMAKE.md
+++ b/libssh2/docs/INSTALL_CMAKE.md
@@ -0,0 +1,188 @@
 License: see COPYING

 Source code: https://github.com/libssh2/libssh2

 Web site source code: https://github.com/libssh2/www

 Installation instructions are in docs/INSTALL
 =======
 To build libssh2 you will need CMake v2.8 or later [1] and one of the
 following cryptography libraries:

 * OpenSSL
 * Libgcrypt
 * WinCNG
 * mbedTLS

 Getting started
 ---------------

 If you are happy with the default options, make a new build directory,
 change to it, configure the build environment and build the project:

 ```
  mkdir bin
  cd bin
  cmake ..
  cmake --build .
 ```

 libssh2 will be built as a static library and will use any
 cryptography library available.  The library binary will be put in
 `bin/src`, with the examples in `bin/example` and the tests in
 `bin/tests`.

 Customising the build
 ---------------------

 Of course, you might want to customise the build options.  You can
 pass the options to CMake on the command line:

  cmake -D<option>=<value> ..

 The following options are available:

 * `BUILD_SHARED_LIBS=OFF`

    Determines whether libssh2 is built as a static library or as a
    shared library (.dll/.so).  Can be `ON` or `OFF`.

 * `CRYPTO_BACKEND=`

    Chooses a specific cryptography library to use for cryptographic
    operations.  Can be `OpenSSL` (https://www.openssl.org),
    `Libgcrypt` (https://www.gnupg.org/), `WinCNG` (Windows Vista+),
    `mbedTLS` (https://tls.mbed.org/) or blank to use any library available.

    CMake will attempt to locate the libraries automatically.  See [2]
    for more information.

 * `ENABLE_ZLIB_COMPRESSION=OFF`

    Will use zlib (http://www.zlib.org) for payload compression.  Can
    be `ON` or `OFF`.

 * `ENABLE_CRYPT_NONE=OFF`

    The SSH2 Transport allows for unencrypted data transmission using
    the "none" cipher.  Because this is such a huge security hole, it
    is typically disabled on SSH2 implementations and is disabled in
    libssh2 by default as well.

    Enabling this option will allow for "none" as a negotiable method,
    however it still requires that the method be advertized by the
    remote end and that no more-preferable methods are available.

 * `ENABLE_MAC_NONE=OFF`

    The SSH2 Transport also allows implementations to forego a message
    authentication code.  While this is less of a security risk than
    using a "none" cipher, it is still not recommended as disabling
    MAC hashes removes a layer of security.

    Enabling this option will allow for "none" as a negotiable method,
    however it still requires that the method be advertized by the
    remote end and that no more-preferable methods are available.

 * `ENABLE_GEX_NEW=ON`

    The diffie-hellman-group-exchange-sha1 (dh-gex) key exchange
    method originally defined an exchange negotiation using packet
    type 30 to request a generation pair based on a single target
    value.  Later refinement of dh-gex provided for range and target
    values.  By default libssh2 will use the newer range method.

    If you experience trouble connecting to an old SSH server using
    dh-gex, try this option to fallback on the older more reliable
    method.

 * `ENABLE_DEBUG_LOGGING=ON` in Debug, `=OFF` in Release

    Will enable the libssh2_trace() function for showing debug traces.

 * `CLEAR_MEMORY=ON`

    Securely zero memory before freeing it (if the backend supports this).

 Build tools
 -----------

 The previous examples used CMake to start the build using:

  cmake --build .

 Alternatively, once CMake has configured your project, you can just
 use your own build tool, e.g GNU make, Visual Studio, etc., from that
 point onwards.

 Tests
 -----

 To test the build, run the appropriate test target for your build
 system.  For example:

 ```
  cmake --build . --target test
 ```
 or
 ```
  cmake --build . --target RUN_TESTS
 ```

 How do I use libssh2 in my project if my project doesn't use CMake?
 -------------------------------------------------------------------

 If you are not using CMake for your own project, install libssh2
 ```
  cmake <libssh2 source location>
  cmake --build .
  cmake --build . --target install
 ```
 or
 ```
  cmake --build . --target INSTALL
 ```

 and then specify the install location to your project in the normal
 way for your build environment.  If you don't like the default install
 location, add `-DCMAKE_INSTALL_PREFIX=<chosen prefix>` when initially
 configuring the project.

 How can I use libssh2 in my project if it also uses CMake?
 ----------------------------------------------------------

 If your own project also uses CMake, you don't need to worry about
 setting it up with libssh2's location.  Just add just the following
 lines and CMake will find libssh2 on your system, set up the necessary
 paths and link the library with your binary.

    find_package(Libssh2 REQUIRED CONFIG)
    target_link_libraries(my_project_target Libssh2::libssh2)

 Of course, you still have to make libssh2 available on your system
 first.  You can install it in the traditional way shown above, but you
 don't have to.  Instead you can just build it, which will export its
 location to the user package registry [3] where `find_package` will
 find it.

 You can even combine the two steps using a so-called 'superbuild'
 project [4] that downloads, builds and exports libssh2, and then
 builds your project:

    include(ExternalProject)

    ExternalProject_Add(
        Libssh2
        URL <libssh2 download location>
        URL_HASH SHA1=<libssh2 archive SHA1>
        INSTALL_COMMAND "")

    ExternalProject_Add(
        MyProject DEPENDS Libssh2
        SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src
        INSTALL_COMMAND "")

 [1] https://www.cmake.org/cmake/resources/software.html
 [2] https://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html
 [3] https://www.cmake.org/cmake/help/v3.0/manual/cmake-packages.7.html#package-registry
 [4] https://blog.kitware.com/wp-content/uploads/2016/01/kitware_quarterly1009.pdf
--- a/libssh2/docs/Makefile.am
+++ b/libssh2/docs/Makefile.am
@@ -0,0 +1,177 @@
 # $Id: Makefile.am,v 1.37 2009/03/26 15:41:15 bagder Exp $

 EXTRA_DIST = template.3 BINDINGS INSTALL_AUTOTOOLS INSTALL_CMAKE.md HACKING TODO \
 AUTHORS CMakeLists.txt HACKING.CRYPTO SECURITY.md

 dist_man_MANS = \
 	libssh2_agent_connect.3 \
 	libssh2_agent_disconnect.3 \
 	libssh2_agent_free.3 \
 	libssh2_agent_get_identity.3 \
 	libssh2_agent_get_identity_path.3 \
 	libssh2_agent_init.3 \
 	libssh2_agent_list_identities.3 \
 	libssh2_agent_set_identity_path.3 \
 	libssh2_agent_userauth.3 \
 	libssh2_banner_set.3 \
 	libssh2_base64_decode.3 \
 	libssh2_channel_close.3 \
 	libssh2_channel_direct_tcpip.3 \
 	libssh2_channel_direct_tcpip_ex.3 \
 	libssh2_channel_eof.3 \
 	libssh2_channel_exec.3 \
 	libssh2_channel_flush.3 \
 	libssh2_channel_flush_ex.3 \
 	libssh2_channel_flush_stderr.3 \
 	libssh2_channel_forward_accept.3 \
 	libssh2_channel_forward_cancel.3 \
 	libssh2_channel_forward_listen.3 \
 	libssh2_channel_forward_listen_ex.3 \
 	libssh2_channel_free.3 \
 	libssh2_channel_get_exit_signal.3 \
 	libssh2_channel_get_exit_status.3 \
 	libssh2_channel_handle_extended_data.3 \
 	libssh2_channel_handle_extended_data2.3 \
 	libssh2_channel_ignore_extended_data.3 \
 	libssh2_channel_open_ex.3 \
 	libssh2_channel_open_session.3 \
 	libssh2_channel_process_startup.3 \
 	libssh2_channel_read.3 \
 	libssh2_channel_read_ex.3 \
 	libssh2_channel_read_stderr.3 \
 	libssh2_channel_receive_window_adjust.3 \
 	libssh2_channel_receive_window_adjust2.3 \
 	libssh2_channel_request_pty.3 \
 	libssh2_channel_request_pty_ex.3 \
 	libssh2_channel_request_pty_size.3 \
 	libssh2_channel_request_pty_size_ex.3 \
 	libssh2_channel_send_eof.3 \
 	libssh2_channel_set_blocking.3 \
 	libssh2_channel_setenv.3 \
 	libssh2_channel_setenv_ex.3 \
 	libssh2_channel_shell.3 \
 	libssh2_channel_subsystem.3 \
 	libssh2_channel_wait_closed.3 \
 	libssh2_channel_wait_eof.3 \
 	libssh2_channel_window_read.3 \
 	libssh2_channel_window_read_ex.3 \
 	libssh2_channel_window_write.3 \
 	libssh2_channel_window_write_ex.3 \
 	libssh2_channel_write.3 \
 	libssh2_channel_write_ex.3 \
 	libssh2_channel_write_stderr.3 \
 	libssh2_channel_x11_req.3 \
 	libssh2_channel_x11_req_ex.3 \
 	libssh2_exit.3 \
 	libssh2_free.3 \
 	libssh2_hostkey_hash.3 \
 	libssh2_init.3 \
 	libssh2_keepalive_config.3 \
 	libssh2_keepalive_send.3 \
 	libssh2_knownhost_add.3 \
 	libssh2_knownhost_addc.3 \
 	libssh2_knownhost_check.3 \
 	libssh2_knownhost_checkp.3 \
 	libssh2_knownhost_del.3 \
 	libssh2_knownhost_free.3 \
 	libssh2_knownhost_get.3 \
 	libssh2_knownhost_init.3 \
 	libssh2_knownhost_readfile.3 \
 	libssh2_knownhost_readline.3 \
 	libssh2_knownhost_writefile.3 \
 	libssh2_knownhost_writeline.3 \
 	libssh2_poll.3 \
 	libssh2_poll_channel_read.3 \
 	libssh2_publickey_add.3 \
 	libssh2_publickey_add_ex.3 \
 	libssh2_publickey_init.3 \
 	libssh2_publickey_list_fetch.3 \
 	libssh2_publickey_list_free.3 \
 	libssh2_publickey_remove.3 \
 	libssh2_publickey_remove_ex.3 \
 	libssh2_publickey_shutdown.3 \
 	libssh2_scp_recv.3 \
 	libssh2_scp_recv2.3 \
 	libssh2_scp_send.3 \
 	libssh2_scp_send64.3 \
 	libssh2_scp_send_ex.3 \
 	libssh2_session_abstract.3 \
 	libssh2_session_banner_get.3 \
 	libssh2_session_banner_set.3 \
 	libssh2_session_block_directions.3 \
 	libssh2_session_callback_set.3 \
 	libssh2_session_disconnect.3 \
 	libssh2_session_disconnect_ex.3 \
 	libssh2_session_flag.3 \
 	libssh2_session_free.3 \
 	libssh2_session_get_blocking.3 \
 	libssh2_session_get_timeout.3 \
 	libssh2_session_handshake.3 \
 	libssh2_session_hostkey.3 \
 	libssh2_session_init.3 \
 	libssh2_session_init_ex.3 \
 	libssh2_session_last_errno.3 \
 	libssh2_session_last_error.3 \
 	libssh2_session_set_last_error.3 \
 	libssh2_session_method_pref.3 \
 	libssh2_session_methods.3 \
 	libssh2_session_set_blocking.3 \
 	libssh2_session_set_timeout.3 \
 	libssh2_session_startup.3 \
 	libssh2_session_supported_algs.3 \
 	libssh2_sftp_close.3 \
 	libssh2_sftp_close_handle.3 \
 	libssh2_sftp_closedir.3 \
 	libssh2_sftp_fsetstat.3 \
 	libssh2_sftp_fstat.3 \
 	libssh2_sftp_fstat_ex.3 \
 	libssh2_sftp_fstatvfs.3 \
 	libssh2_sftp_fsync.3 \
 	libssh2_sftp_get_channel.3 \
 	libssh2_sftp_init.3 \
 	libssh2_sftp_last_error.3 \
 	libssh2_sftp_lstat.3 \
 	libssh2_sftp_mkdir.3 \
 	libssh2_sftp_mkdir_ex.3 \
 	libssh2_sftp_open.3 \
 	libssh2_sftp_open_ex.3 \
 	libssh2_sftp_opendir.3 \
 	libssh2_sftp_read.3 \
 	libssh2_sftp_readdir.3 \
 	libssh2_sftp_readdir_ex.3 \
 	libssh2_sftp_readlink.3 \
 	libssh2_sftp_realpath.3 \
 	libssh2_sftp_rename.3 \
 	libssh2_sftp_rename_ex.3 \
 	libssh2_sftp_rewind.3 \
 	libssh2_sftp_rmdir.3 \
 	libssh2_sftp_rmdir_ex.3 \
 	libssh2_sftp_seek.3 \
 	libssh2_sftp_seek64.3 \
 	libssh2_sftp_setstat.3 \
 	libssh2_sftp_shutdown.3 \
 	libssh2_sftp_stat.3 \
 	libssh2_sftp_stat_ex.3 \
 	libssh2_sftp_statvfs.3 \
 	libssh2_sftp_symlink.3 \
 	libssh2_sftp_symlink_ex.3 \
 	libssh2_sftp_tell.3 \
 	libssh2_sftp_tell64.3 \
 	libssh2_sftp_unlink.3 \
 	libssh2_sftp_unlink_ex.3 \
 	libssh2_sftp_write.3 \
 	libssh2_trace.3 \
 	libssh2_trace_sethandler.3 \
 	libssh2_userauth_authenticated.3 \
 	libssh2_userauth_hostbased_fromfile.3 \
 	libssh2_userauth_hostbased_fromfile_ex.3 \
 	libssh2_userauth_keyboard_interactive.3 \
 	libssh2_userauth_keyboard_interactive_ex.3 \
 	libssh2_userauth_list.3 \
 	libssh2_userauth_password.3 \
 	libssh2_userauth_password_ex.3 \
 	libssh2_userauth_publickey.3 \
 	libssh2_userauth_publickey_fromfile.3 \
 	libssh2_userauth_publickey_fromfile_ex.3 \
 	libssh2_userauth_publickey_frommemory.3 \
 	libssh2_version.3
--- a/libssh2/docs/SECURITY.md
+++ b/libssh2/docs/SECURITY.md
@@ -0,0 +1,100 @@
 libssh2 security
 ================

 This document is intended to provide guidance on how security vulnerabilities
 should be handled in the libssh2 project.

 Publishing Information
 ----------------------

 All known and public libssh2 vulnerabilities will be listed on [the libssh2
 web site](https://www.libssh2.org/).

 Security vulnerabilities should not be entered in the project's public bug
 tracker unless the necessary configuration is in place to limit access to the
 issue to only the reporter and the project's security team.

 Vulnerability Handling
 ----------------------

 The typical process for handling a new security vulnerability is as follows.

 No information should be made public about a vulnerability until it is
 formally announced at the end of this process. That means, for example that a
 bug tracker entry must NOT be created to track the issue since that will make
 the issue public and it should not be discussed on the project's public
 mailing list. Also messages associated with any commits should not make any
 reference to the security nature of the commit if done prior to the public
 announcement.

 - The person discovering the issue, the reporter, reports the vulnerability
  privately to `libssh2-security@haxx.se`. That's an email alias that reaches a
  handful of selected and trusted people.

 - Messages that do not relate to the reporting or managing of an undisclosed
  security vulnerability in libssh2 are ignored and no further action is
  required.

 - A person in the security team sends an e-mail to the original reporter to
  acknowledge the report.

 - The security team investigates the report and either rejects it or accepts
  it.

 - If the report is rejected, the team writes to the reporter to explain why.

 - If the report is accepted, the team writes to the reporter to let him/her
  know it is accepted and that they are working on a fix.

 - The security team discusses the problem, works out a fix, considers the
  impact of the problem and suggests a release schedule. This discussion
  should involve the reporter as much as possible.

 - The release of the information should be "as soon as possible" and is most
  often synced with an upcoming release that contains the fix. If the
  reporter, or anyone else, thinks the next planned release is too far away
  then a separate earlier release for security reasons should be considered.

 - Write a security advisory draft about the problem that explains what the
  problem is, its impact, which versions it affects, solutions or
  workarounds, when the release is out and make sure to credit all
  contributors properly.

 - Request a CVE number from
  [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
  when also informing and preparing them for the upcoming public security
  vulnerability announcement - attach the advisory draft for information. Note
  that 'distros' won't accept an embargo longer than 14 days.

 - Update the "security advisory" with the CVE number.

 - The security team commits the fix in a private branch. The commit message
  should ideally contain the CVE number. This fix is usually also distributed
  to the 'distros' mailing list to allow them to use the fix prior to the
  public announcement.

 - At the day of the next release, the private branch is merged into the master
  branch and pushed. Once pushed, the information is accessible to the public
  and the actual release should follow suit immediately afterwards.

 - The project team creates a release that includes the fix.

 - The project team announces the release and the vulnerability to the world in
  the same manner we always announce releases. It gets sent to the libssh2
  mailing list and the oss-security mailing list.

 - The security web page on the web site should get the new vulnerability
  mentioned.

 LIBSSH2-SECURITY (at haxx dot se)
 --------------------------------

 Who is on this list? There are a couple of criteria you must meet, and then we
 might ask you to join the list or you can ask to join it. It really isn't very
 formal. We basically only require that you have a long-term presence in the
 libssh2 project and you have shown an understanding for the project and its way
 of working. You must've been around for a good while and you should have no
 plans in vanishing in the near future.

 We do not make the list of participants public mostly because it tends to vary
 somewhat over time and a list somewhere will only risk getting outdated.
--- a/libssh2/docs/TODO
+++ b/libssh2/docs/TODO
@@ -0,0 +1,174 @@
 Things TODO
 ===========

 * Fix the numerous malloc+copy operations for sending data, see "Buffering
  Improvements" below for details

 * make sure the windowing code adapts better to slow situations so that it
  doesn't then use as much memory as today. Possibly by an app-controllable
  "Window mode"?

 * Decrease the number of mallocs. Everywhere. Will get easier once the
  buffering improvements have been done.

 * Use SO_NOSIGPIPE for Mac OS/BSD systems where MSG_NOSIGNAL doesn't
  exist/work

 * Extend the test suite to actually test lots of aspects of libssh2

 * Fix all compiler warnings (some can't be done without API changes)

 * Expose error messages sent by the server

 * select() is troublesome with libssh2 when using multiple channels over
  the same session. See "New Transport API" below for more details.

 At next SONAME bump
 ===================

 * stop using #defined macros as part of the official API. The macros should
  either be turned into real functions or discarded from the API.

 * fix the parts of the API where object pointers and function pointers are
  mixed like libssh2_session_callback_set()

 * remove the following functions from the API/ABI

  libssh2_base64_decode()
  libssh2_session_flag()
  libssh2_channel_handle_extended_data()
  libssh2_channel_receive_window_adjust()
  libssh2_poll()
  libssh2_poll_channel_read()
  libssh2_session_startup() (libssh2_session_handshake() is the replacement)
  libssh2_banner_set() (libssh2_session_banner_set() is the repacement)

 * Rename a few function:

  libssh2_hostkey_hash => libssh2_session_hostkey_hash
  libssh2_banner_set => libssh2_session_banner_set

 * change 'int' to 'libssh2_socket_t' in the public API for sockets.

 * Use 'size_t' for string lengths in all functions.

 * Add a comment field to struct libssh2_knownhost.

 * remove the existing libssh2_knownhost_add() function and rename
  libssh2_knownhost_addc to become the new libssh2_knownhost_add instead

 * remove the existing libssh2_scp_send_ex() function and rename
  libssh2_scp_send64 to become the new libssh2_scp_send instead.

 * remove the existing libssh2_knownhost_check() functin and rename
  libssh2_knownhost_checkp() to become the new libssh2_knownhost_check instead

 Buffering Improvements
 ======================

 transport_write

  - If this function gets called with a total packet size that is larger than
  32K, it should create more than one SSH packet so that it keeps the largest
  one below 32K

 sftp_write

  - should not copy/allocate anything for the data, only create a header chunk
  and pass on the payload data to channel_write "pointed to"

 New Transport API
 =================

 THE PROBLEM

 The problem in a nutshell is that when an application opens up multiple
 channels over a single session, those are all using the same socket. If the
 application is then using select() to wait for traffic (like any sensible app
 does) and wants to act on the data when select() tells there is something to
 for example read, what does an application do?

 With our current API, you have to loop over all the channels and read from
 them to see if they have data. This effectively makes blocking reads
 impossible. If the app has many channels in a setup like this, it even becomes
 slow. (The original API had the libssh2_poll_channel_read() and libssh2_poll()
 to somewhat overcome this hurdle, but they too have pretty much the same
 problems plus a few others.)

 Traffic in the other direction is similarly limited: the app has to try
 sending to all channels, even though some of them may very well not accept any
 data at that point.

 A SOLUTION

 I suggest we introduce two new helper functions:

 libssh2_transport_read()

 - Read "a bunch" of data from the given socket and returns information to the
   app about what channels that are now readable (ie they will not block when
   read from). The function can be called over and over and it will repeatedly
   return info about what channels that are readable at that moment.

 libssh2_transport_write()

 - Returns information about what channels that are writable, in the sense
   that they have windows set from the remote side that allows data to get
   sent. Writing to one of those channels will not block. Of course, the
   underlying socket may only accept a certain amount of data, so at the first
   short return, nothing more should be attempted to get sent until select()
   (or equivalent) has been used on the master socket again.

 I haven't yet figured out a sensible API for how these functions should return
 that info, but if we agree on the general principles I guess we can work that
 out.

 VOLUNTARY

  I wanted to mention that these two helper functions would not be mandatory
  in any way. They would just be there for those who want them, and existing
  programs can remain using the old functions only if they prefer to.

 New SFTP API
 ============

 PURPOSE

 Provide API functions that explicitly tells at once that a (full) SFTP file
 transfer is wanted, to allow libssh2 to leverage on that knowledge to speed
 up things internally. It can for example do read ahead, buffer writes (merge
 small writes into larger chunks), better tune the SSH window and more. This
 sort of API is already provided for SCP transfers.

 API

 New functions:

    LIBSSH2_SFTP_HANDLE *libssh2_sftp_send(SFTP_SESSION *sftp,
                                           uint64_t filesize,
                                           char *remote_path,
                                           size_t remote_path_len,
                                           long mode);

 Tell libssh2 that a local file with a given size is about to get sent to
 the SFTP server.

    LIBSSH2_SFTP_HANDLE *libssh2_sftp_recv();

 Tell libssh2 that a remote file is requested to get downloaded from the SFTP
 server.

 Only the setup of the file transfer is different from an application's point
 of view. Depending on direction of the transfer(s), the following already
 existing functions should then be used until the transfer is complete:

 libssh2_sftp_read()
 libssh2_sftp_write()

 HOW TO USE

 1. Setup the transfer using one of the two new functions.

 2. Loop through the reading or writing of data.

 3. Cleanup the transfer
--- a/libssh2/docs/libssh2_agent_connect.3
+++ b/libssh2/docs/libssh2_agent_connect.3
@@ -0,0 +1,23 @@
 .\"
 .\" Copyright (c) 2009 by Daiki Ueno
 .\"
 .TH libssh2_agent_connect 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
 .SH NAME
 libssh2_agent_connect - connect to an ssh-agent
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_agent_connect(LIBSSH2_AGENT *agent);
 .SH DESCRIPTION
 Connect to an ssh-agent running on the system.

 Call \fBlibssh2_agent_disconnect(3)\fP to close the connection after
 you're doing using it.
 .SH RETURN VALUE
 Returns 0 if succeeded, or a negative value for error.
 .SH AVAILABILITY
 Added in libssh2 1.2
 .SH SEE ALSO
 .BR libssh2_agent_init(3)
 .BR libssh2_agent_disconnect(3)

--- a/libssh2/docs/libssh2_agent_disconnect.3
+++ b/libssh2/docs/libssh2_agent_disconnect.3
@@ -0,0 +1,20 @@
 .\"
 .\" Copyright (c) 2009 by Daiki Ueno
 .\"
 .TH libssh2_agent_disconnect 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
 .SH NAME
 libssh2_agent_disconnect - close a connection to an ssh-agent
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_agent_disconnect(LIBSSH2_AGENT *agent);
 .SH DESCRIPTION
 Close a connection to an ssh-agent.

 .SH RETURN VALUE
 Returns 0 if succeeded, or a negative value for error.
 .SH AVAILABILITY
 Added in libssh2 1.2
 .SH SEE ALSO
 .BR libssh2_agent_connect(3)
 .BR libssh2_agent_free(3)
--- a/libssh2/docs/libssh2_agent_free.3
+++ b/libssh2/docs/libssh2_agent_free.3
@@ -0,0 +1,20 @@
 .\"
 .\" Copyright (c) 2009 by Daiki Ueno
 .\"
 .TH libssh2_agent_free 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
 .SH NAME
 libssh2_agent_free - free an ssh-agent handle
 .SH SYNOPSIS
 #include <libssh2.h>

 void libssh2_agent_free(LIBSSH2_AGENT *agent);
 .SH DESCRIPTION
 Free an ssh-agent handle.  This function also frees the internal
 collection of public keys.
 .SH RETURN VALUE
 None.
 .SH AVAILABILITY
 Added in libssh2 1.2
 .SH SEE ALSO
 .BR libssh2_agent_init(3)
 .BR libssh2_agent_disconnect(3)
--- a/libssh2/docs/libssh2_agent_get_identity.3
+++ b/libssh2/docs/libssh2_agent_get_identity.3
@@ -0,0 +1,34 @@
 .\"
 .\" Copyright (c) 2009 by Daiki Ueno
 .\"
 .TH libssh2_agent_get_identity 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
 .SH NAME
 libssh2_agent_get_identity - get a public key off the collection of public keys managed by ssh-agent
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_agent_get_identity(LIBSSH2_AGENT *agent,
                               struct libssh2_agent_publickey **store,
                               struct libssh2_agent_publickey *prev);
 .SH DESCRIPTION
 \fIlibssh2_agent_get_identity(3)\fP allows an application to iterate
 over all public keys in the collection managed by ssh-agent.

 \fIstore\fP should point to a pointer that gets filled in to point to the
 public key data.

 \fIprev\fP is a pointer to a previous 'struct libssh2_agent_publickey'
 as returned by a previous invoke of this function, or NULL to get the
 first entry in the internal collection.
 .SH RETURN VALUE
 Returns 0 if everything is fine and information about a host was stored in
 the \fIstore\fP struct.

 Returns 1 if it reached the end of public keys.

 Returns negative values for error
 .SH AVAILABILITY
 Added in libssh2 1.2
 .SH SEE ALSO
 .BR libssh2_agent_list_identities(3)
 .BR libssh2_agent_userauth(3)
--- a/libssh2/docs/libssh2_agent_get_identity_path.3
+++ b/libssh2/docs/libssh2_agent_get_identity_path.3
@@ -0,0 +1,22 @@
 .\"
 .\" Copyright (c) 2019 by Will Cosgrove
 .\"
 .TH libssh2_agent_get_identity_path 3 "6 Mar 2019" "libssh2 1.9" "libssh2 manual"
 .SH NAME
 libssh2_agent_get_identity_path - gets the custom ssh-agent socket path
 .SH SYNOPSIS
 #include <libssh2.h>

 const char *
 libssh2_agent_get_identity_path(LIBSSH2_AGENT *agent);
 .SH DESCRIPTION
 Returns the custom agent identity socket path if set using libssh2_agent_set_identity_path()

 .SH RETURN VALUE
 Returns the socket path on disk.
 .SH AVAILABILITY
 Added in libssh2 1.9
 .SH SEE ALSO
 .BR libssh2_agent_init(3)
 .BR libssh2_agent_set_identity_path(3)

--- a/libssh2/docs/libssh2_agent_init.3
+++ b/libssh2/docs/libssh2_agent_init.3
@@ -0,0 +1,26 @@
 .\"
 .\" Copyright (c) 2009 by Daiki Ueno
 .\"
 .TH libssh2_agent_init 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
 .SH NAME
 libssh2_agent_init - init an ssh-agent handle
 .SH SYNOPSIS
 #include <libssh2.h>

 LIBSSH2_AGENT *libssh2_agent_init(LIBSSH2_SESSION *session);
 .SH DESCRIPTION
 Init an ssh-agent handle. Returns the handle to an internal
 representation of an ssh-agent connection.  After the successful
 initialization, an application can call \fBlibssh2_agent_connect(3)\fP
 to connect to a running ssh-agent.

 Call \fBlibssh2_agent_free(3)\fP to free the handle again after you're
 doing using it.
 .SH RETURN VALUE
 Returns a handle pointer or NULL if something went wrong. The returned handle
 is used as input to all other ssh-agent related functions libssh2 provides.
 .SH AVAILABILITY
 Added in libssh2 1.2
 .SH SEE ALSO
 .BR libssh2_agent_connect(3)
 .BR libssh2_agent_free(3)
--- a/libssh2/docs/libssh2_agent_list_identities.3
+++ b/libssh2/docs/libssh2_agent_list_identities.3
@@ -0,0 +1,24 @@
 .\"
 .\" Copyright (c) 2009 by Daiki Ueno
 .\"
 .TH libssh2_agent_list_identities 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
 .SH NAME
 libssh2_agent_list_identities - request an ssh-agent to list of public keys.
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_agent_list_identities(LIBSSH2_AGENT *agent);
 .SH DESCRIPTION
 Request an ssh-agent to list of public keys, and stores them in the
 internal collection of the handle.  Call
 \fIlibssh2_agent_get_identity(3)\fP to get a public key off the
 collection.

 .SH RETURN VALUE
 Returns 0 if succeeded, or a negative value for error.
 .SH AVAILABILITY
 Added in libssh2 1.2
 .SH SEE ALSO
 .BR libssh2_agent_connect(3)
 .BR libssh2_agent_get_identity(3)

--- a/libssh2/docs/libssh2_agent_set_identity_path.3
+++ b/libssh2/docs/libssh2_agent_set_identity_path.3
@@ -0,0 +1,22 @@
 .\"
 .\" Copyright (c) 2019 by Will Cosgrove
 .\"
 .TH libssh2_agent_set_identity_path 3 "6 Mar 2019" "libssh2 1.9" "libssh2 manual"
 .SH NAME
 libssh2_agent_set_identity_path - set an ssh-agent socket path on disk
 .SH SYNOPSIS
 #include <libssh2.h>

 void
 libssh2_agent_set_identity_path(LIBSSH2_AGENT *agent, const char *path);
 .SH DESCRIPTION
 Allows a custom agent identity socket path instead of the default SSH_AUTH_SOCK env value

 .SH RETURN VALUE
 Returns void
 .SH AVAILABILITY
 Added in libssh2 1.9
 .SH SEE ALSO
 .BR libssh2_agent_init(3)
 .BR libssh2_agent_get_identity_path(3)

--- a/libssh2/docs/libssh2_agent_userauth.3
+++ b/libssh2/docs/libssh2_agent_userauth.3
@@ -0,0 +1,29 @@
 .\"
 .\" Copyright (c) 2009 by Daiki Ueno
 .\"
 .TH libssh2_agent_userauth 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
 .SH NAME
 libssh2_agent_userauth - authenticate a session with a public key, with the help of ssh-agent
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_agent_userauth(LIBSSH2_AGENT *agent,
                           const char *username,
                           struct libssh2_agent_publickey *identity);
 .SH DESCRIPTION
 \fIagent\fP - ssh-agent handle as returned by 
 .BR libssh2_agent_init(3)

 \fIusername\fP - Remote user name to authenticate as.

 \fIidentity\fP - Public key to authenticate with, as returned by 
 .BR libssh2_agent_get_identity(3)

 Attempt public key authentication with the help of ssh-agent.
 .SH RETURN VALUE
 Returns 0 if succeeded, or a negative value for error.
 .SH AVAILABILITY
 Added in libssh2 1.2
 .SH SEE ALSO
 .BR libssh2_agent_init(3)
 .BR libssh2_agent_get_identity(3)
--- a/libssh2/docs/libssh2_banner_set.3
+++ b/libssh2/docs/libssh2_banner_set.3
@@ -0,0 +1,32 @@
 .TH libssh2_banner_set 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_banner_set - set the SSH protocol banner for the local client
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_banner_set(LIBSSH2_SESSION *session, const char *banner);

 .SH DESCRIPTION
 This function is \fBDEPRECATED\fP. Use \fIlibssh2_session_banner_set(3)\fP
 instead!

 \fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)

 \fIbanner\fP - A pointer to a user defined banner

 Set the banner that will be sent to the remote host when the SSH session is 
 started with 
 .BR libssh2_session_handshake(3)
  This is optional; a banner corresponding to the protocol and libssh2 version will be sent by default.
 .SH RETURN VALUE
 Return 0 on success or negative on failure.  It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
 .SH AVAILABILITY
 Marked as deprecated since 1.4.0
 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
 .SH SEE ALSO
 .BR libssh2_session_handshake(3)
--- a/libssh2/docs/libssh2_base64_decode.3
+++ b/libssh2/docs/libssh2_base64_decode.3
@@ -0,0 +1,25 @@
 .TH libssh2_base64_decode 3 "23 Dec 2008" "libssh2 1.0" "libssh2 manual"
 .SH NAME
 libssh2_base64_decode - decode a base64 encoded string
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_base64_decode(LIBSSH2_SESSION *session, char **dest,
                          unsigned int *dest_len, const char *src,
                          unsigned int src_len);
 .SH DESCRIPTION
 This function is deemed DEPRECATED and will be removed from libssh2 in a
 future version. Don't use it!

 Decode a base64 chunk and store it into a newly allocated buffer. 'dest_len'
 will be set to hold the length of the returned buffer that '*dest' will point
 to.

 The returned buffer is allocated by this function, but it is not clear how to
 free that memory!
 .SH BUGS
 The memory that *dest points to is allocated by the malloc function libssh2
 uses, but there's no way for an application to free this data in a safe and
 reliable way!
 .SH RETURN VALUE
 0 if successful, \-1 if any error occurred.
--- a/libssh2/docs/libssh2_channel_close.3
+++ b/libssh2/docs/libssh2_channel_close.3
@@ -0,0 +1,29 @@
 .TH libssh2_channel_close 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_close - close a channel
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_close(LIBSSH2_CHANNEL *channel);

 .SH DESCRIPTION
 \fIchannel\fP - active channel stream to set closed status on.

 Close an active data channel. In practice this means sending an SSH_MSG_CLOSE 
 packet to the remote host which serves as instruction that no further data 
 will be sent to it. The remote host may still send data back until it sends 
 its own close message in response. To wait for the remote end to close its 
 connection as well, follow this command with 
 .BR libssh2_channel_wait_closed(3)

 .SH RETURN VALUE
 Return 0 on success or negative on failure.  It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.

 .SH ERRORS
 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.

 .SH SEE ALSO
 .BR libssh2_channel_open_ex(3)
--- a/libssh2/docs/libssh2_channel_direct_tcpip.3
+++ b/libssh2/docs/libssh2_channel_direct_tcpip.3
@@ -0,0 +1,18 @@
 .TH libssh2_channel_direct_tcpip 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_direct_tcpip - convenience macro for \fIlibssh2_channel_direct_tcpip_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 LIBSSH2_CHANNEL *
 libssh2_channel_direct_tcpip(LIBSSH2_SESSION *session, const char *host, int port);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_direct_tcpip_ex(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_direct_tcpip_ex(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_direct_tcpip_ex(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_direct_tcpip_ex(3)
--- a/libssh2/docs/libssh2_channel_direct_tcpip_ex.3
+++ b/libssh2/docs/libssh2_channel_direct_tcpip_ex.3
@@ -0,0 +1,35 @@
 .TH libssh2_channel_direct_tcpip_ex 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_direct_tcpip_ex - Tunnel a TCP connection through an SSH session
 .SH SYNOPSIS
 #include <libssh2.h>

 LIBSSH2_CHANNEL * 
 libssh2_channel_direct_tcpip_ex(LIBSSH2_SESSION *session, const char *host, int port, const char *shost, int sport);

 LIBSSH2_CHANNEL * 
 libssh2_channel_direct_tcpip(LIBSSH2_SESSION *session, const char *host, int port);

 .SH DESCRIPTION
 \fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)

 \fIhost\fP - Third party host to connect to using the SSH host as a proxy.

 \fIport\fP - Port on third party host to connect to.

 \fIshost\fP - Host to tell the SSH server the connection originated on.

 \fIsport\fP - Port to tell the SSH server the connection originated from.

 Tunnel a TCP/IP connection through the SSH transport via the remote host to 
 a third party. Communication from the client to the SSH server remains 
 encrypted, communication from the server to the 3rd party host travels 
 in cleartext.

 .SH RETURN VALUE
 Pointer to a newly allocated LIBSSH2_CHANNEL instance, or NULL on errors.
 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
 .SH SEE ALSO
 .BR libssh2_session_init_ex(3)
--- a/libssh2/docs/libssh2_channel_eof.3
+++ b/libssh2/docs/libssh2_channel_eof.3
@@ -0,0 +1,17 @@
 .TH libssh2_channel_eof 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_eof - check a channel's EOF status
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_eof(LIBSSH2_CHANNEL *channel);
 .SH DESCRIPTION
 \fIchannel\fP - active channel stream to set closed status on.

 Check if the remote host has sent an EOF status for the selected stream.
 .SH RETURN VALUE
 Returns 1 if the remote host has sent EOF, otherwise 0. Negative on
 failure.
 .SH SEE ALSO
 .BR libssh2_channel_close(3)
--- a/libssh2/docs/libssh2_channel_exec.3
+++ b/libssh2/docs/libssh2_channel_exec.3
@@ -0,0 +1,17 @@
 .TH libssh2_channel_exec 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_exec - convenience macro for \fIlibssh2_channel_process_startup(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_channel_exec(LIBSSH2_CHANNEL *channel, const char *command);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_process_startup(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_process_startup(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_process_startup(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_process_startup(3)
--- a/libssh2/docs/libssh2_channel_flush.3
+++ b/libssh2/docs/libssh2_channel_flush.3
@@ -0,0 +1,17 @@
 .TH libssh2_channel_flush 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_flush - convenience macro for \fIlibssh2_channel_flush_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_channel_flush(LIBSSH2_CHANNEL *channel);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_flush_ex(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_flush_ex(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_flush_ex(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_flush_ex(3)
--- a/libssh2/docs/libssh2_channel_flush_ex.3
+++ b/libssh2/docs/libssh2_channel_flush_ex.3
@@ -0,0 +1,32 @@
 .TH libssh2_channel_flush_ex 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_flush_ex - flush a channel
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_flush_ex(LIBSSH2_CHANNEL *channel, int streamid);

 int 
 libssh2_channel_flush(LIBSSH2_CHANNEL *channel);

 int 
 libssh2_channel_flush_stderr(LIBSSH2_CHANNEL *channel);

 .SH DESCRIPTION
 \fIchannel\fP - Active channel stream to flush.

 \fIstreamid\fP - Specific substream number to flush. Groups of substreams may 
 be flushed by passing on of the following Constants.
 .br
 \fBLIBSSH2_CHANNEL_FLUSH_EXTENDED_DATA\fP: Flush all extended data substreams
 .br
 \fBLIBSSH2_CHANNEL_FLUSH_ALL\fP: Flush all substreams

 Flush the read buffer for a given channel instance. Individual substreams may 
 be flushed by number or using one of the provided macros.

 .SH RETURN VALUE
 Return 0 on success or negative on failure.  It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
--- a/libssh2/docs/libssh2_channel_flush_stderr.3
+++ b/libssh2/docs/libssh2_channel_flush_stderr.3
@@ -0,0 +1,17 @@
 .TH libssh2_channel_flush_stderr 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_flush_stderr - convenience macro for \fIlibssh2_channel_flush_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_channel_flush_stderr(LIBSSH2_CHANNEL *channel);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_flush_ex(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_flush_ex(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_flush_ex(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_flush_ex(3)
--- a/libssh2/docs/libssh2_channel_forward_accept.3
+++ b/libssh2/docs/libssh2_channel_forward_accept.3
@@ -0,0 +1,20 @@
 .TH libssh2_channel_forward_accept 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_forward_accept - accept a queued connection
 .SH SYNOPSIS
 #include <libssh2.h>

 LIBSSH2_CHANNEL *
 libssh2_channel_forward_accept(LIBSSH2_LISTENER *listener);

 .SH DESCRIPTION
 \fIlistener\fP is a forwarding listener instance as returned by
 \fBlibssh2_channel_forward_listen_ex(3)\fP.
 .SH RETURN VALUE
 A newly allocated channel instance or NULL on failure.
 .SH ERRORS
 When this function returns NULL use \fIlibssh2_session_last_errno(3)\fP to
 extract the error code. If that code is \fILIBSSH2_ERROR_EAGAIN\fP, the
 session is set to do non-blocking I/O but the call would block.
 .SH SEE ALSO
 .BR libssh2_channel_forward_listen_ex(3)
--- a/libssh2/docs/libssh2_channel_forward_cancel.3
+++ b/libssh2/docs/libssh2_channel_forward_cancel.3
@@ -0,0 +1,27 @@
 .TH libssh2_channel_forward_cancel 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_forward_cancel - cancel a forwarded TCP port
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener);

 .SH DESCRIPTION
 \fIlistener\fP - Forwarding listener instance as returned by 
 .BR libssh2_channel_forward_listen_ex(3)

 Instruct the remote host to stop listening for new connections on a previously requested host/port.

 .SH RETURN VALUE
 Return 0 on success or negative on failure.  It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.

 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.

 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.

 .SH SEE ALSO
 .BR libssh2_channel_forward_listen_ex(3)
--- a/libssh2/docs/libssh2_channel_forward_listen.3
+++ b/libssh2/docs/libssh2_channel_forward_listen.3
@@ -0,0 +1,17 @@
 .TH libssh2_channel_forward_listen 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_forward_listen - convenience macro for \fIlibssh2_channel_forward_listen_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 int libssh2_channel_forward_listen(LIBSSH2_SESSION *session, int port);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_forward_listen_ex(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_forward_listen_ex(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_forward_listen_ex(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_forward_listen_ex(3)
--- a/libssh2/docs/libssh2_channel_forward_listen_ex.3
+++ b/libssh2/docs/libssh2_channel_forward_listen_ex.3
@@ -0,0 +1,46 @@
 .TH libssh2_channel_forward_listen_ex 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_forward_listen_ex - listen to inbound connections
 .SH SYNOPSIS
 #include <libssh2.h>

 LIBSSH2_LISTENER * 
 libssh2_channel_forward_listen_ex(LIBSSH2_SESSION *session, char *host, int port, int *bound_port, int queue_maxsize);

 LIBSSH2_LISTENER * 
 libssh2_channel_forward_listen(LIBSSH2_SESSION *session, int port);

 .SH DESCRIPTION
 Instruct the remote SSH server to begin listening for inbound TCP/IP
 connections. New connections will be queued by the library until accepted by
 \fIlibssh2_channel_forward_accept(3)\fP.

 \fIsession\fP - instance as returned by libssh2_session_init(). 

 \fIhost\fP - specific address to bind to on the remote host. Binding to
 0.0.0.0 (default when NULL is passed) will bind to all available addresses.

 \fIport\fP - port to bind to on the remote host. When 0 is passed, the remote
 host will select the first available dynamic port.

 \fIbound_port\fP - Populated with the actual port bound on the remote
 host. Useful when requesting dynamic port numbers.

 \fIqueue_maxsize\fP - Maximum number of pending connections to queue before
 rejecting further attempts.

 \fIlibssh2_channel_forward_listen(3)\fP is a macro.
 .SH RETURN VALUE
 A newly allocated LIBSSH2_LISTENER instance or NULL on failure.
 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP - An internal memory allocation call failed.

 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.

 \fILIBSSH2_ERROR_PROTO\fP - An invalid SSH protocol response was received on the socket.

 \fILIBSSH2_ERROR_REQUEST_DENIED\fP - The remote server refused the request.

 \fILIBSSH2_ERROR_EAGAIN\fP - Marked for non-blocking I/O but the call would block.
 .SH SEE ALSO
 .BR libssh2_channel_forward_accept(3)
--- a/libssh2/docs/libssh2_channel_free.3
+++ b/libssh2/docs/libssh2_channel_free.3
@@ -0,0 +1,25 @@
 .TH libssh2_channel_free 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_free - free all resources associated with a channel
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_free(LIBSSH2_CHANNEL *channel);

 .SH DESCRIPTION
 \fIchannel\fP - Channel stream to free.

 Release all resources associated with a channel stream. If the channel has 
 not yet been closed with 
 .BR libssh2_channel_close(3)
 , it will be called automatically so that the remote end may know that it 
 can safely free its own resources.

 .SH RETURN VALUE
 Return 0 on success or negative on failure.  It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.

 .SH SEE ALSO
 .BR libssh2_channel_close(3)
--- a/libssh2/docs/libssh2_channel_get_exit_signal.3
+++ b/libssh2/docs/libssh2_channel_get_exit_signal.3
@@ -0,0 +1,34 @@
 .TH libssh2_channel_get_exit_signal 3 "4 Oct 2010" "libssh2 1.2.8" "libssh2 manual"
 .SH NAME
 libssh2_channel_get_exit_signal - get the remote exit signal
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_get_exit_signal(LIBSSH2_CHANNEL *channel, char **exitsignal, size_t *exitsignal_len, char **errmsg, size_t *errmsg_len, char **langtag, size_t *langtag_len);

 .SH DESCRIPTION
 \fIchannel\fP - Closed channel stream to retrieve exit signal from.

 \fIexitsignal\fP - If not NULL, is populated by reference with the exit signal
 (without leading "SIG"). Note that the string is stored in a newly allocated
 buffer. If the remote program exited cleanly, the referenced string pointer
 will be set to NULL. 

 \fIexitsignal_len\fP - If not NULL, is populated by reference with the length
 of exitsignal. 

 \fIerrmsg\fP - If not NULL, is populated by reference with the error message
 (if provided by remote server, if not it will be set to NULL). Note that the
 string is stored in a newly allocated buffer.

 \fIerrmsg_len\fP - If not NULL, is populated by reference with the length of errmsg.

 \fIlangtag\fP - If not NULL, is populated by reference with the language tag 
 (if provided by remote server, if not it will be set to NULL). Note that the
 string is stored in a newly allocated buffer.

 \fIlangtag_len\fP - If not NULL, is populated by reference with the length of langtag.

 .SH RETURN VALUE
 Numeric error code corresponding to the the Error Code constants.
--- a/libssh2/docs/libssh2_channel_get_exit_status.3
+++ b/libssh2/docs/libssh2_channel_get_exit_status.3
@@ -0,0 +1,18 @@
 .TH libssh2_channel_get_exit_status 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_get_exit_status - get the remote exit code
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_get_exit_status(LIBSSH2_CHANNEL* channel)

 .SH DESCRIPTION
 \fIchannel\fP - Closed channel stream to retrieve exit status from.

 Returns the exit code raised by the process running on the remote host at 
 the other end of the named channel. Note that the exit status may not be 
 available if the remote end has not yet set its status to closed.

 .SH RETURN VALUE
 Returns 0 on failure, otherwise the \fIExit Status\fP reported by remote host
--- a/libssh2/docs/libssh2_channel_handle_extended_data.3
+++ b/libssh2/docs/libssh2_channel_handle_extended_data.3
@@ -0,0 +1,35 @@
 .TH libssh2_channel_handle_extended_data 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_handle_extended_data - set extended data handling mode
 .SH SYNOPSIS
 #include <libssh2.h>

 void 
 libssh2_channel_handle_extended_data(LIBSSH2_CHANNEL *channel, int ignore_mode);

 .SH DESCRIPTION
 This function is deprecated. Use the
 \fIlibssh2_channel_handle_extended_data2(3)\fP function instead!

 \fIchannel\fP - Active channel stream to change extended data handling on.

 \fIignore_mode\fP - One of the three LIBSSH2_CHANNEL_EXTENDED_DATA_* Constants.
 .br
 \fBLIBSSH2_CHANNEL_EXTENDED_DATA_NORMAL\fP: Queue extended data for eventual 
 reading
 .br
 \fBLIBSSH2_CHANNEL_EXTENDED_DATA_MERGE\fP: Treat extended data and ordinary
 data the same. Merge all substreams such that calls to
 \fIlibssh2_channel_read(3)\fP will pull from all substreams on a
 first-in/first-out basis.
 .br
 \fBLIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE\fP: Discard all extended data as it 
 arrives.

 Change how a channel deals with extended data packets. By default all extended
 data is queued until read by \fIlibssh2_channel_read_ex(3)\fP
 .SH RETURN VALUE
 None.
 .SH SEE ALSO
 .BR libssh2_channel_handle_extended_data2(3)
 .BR libssh2_channel_read_ex(3)
--- a/libssh2/docs/libssh2_channel_handle_extended_data2.3
+++ b/libssh2/docs/libssh2_channel_handle_extended_data2.3
@@ -0,0 +1,35 @@
 .TH libssh2_channel_handle_extended_data2 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_handle_extended_data2 - set extended data handling mode
 .SH SYNOPSIS
 #include <libssh2.h>

 int 
 libssh2_channel_handle_extended_data2(LIBSSH2_CHANNEL *channel, int ignore_mode);

 .SH DESCRIPTION
 \fIchannel\fP - Active channel stream to change extended data handling on.

 \fIignore_mode\fP - One of the three LIBSSH2_CHANNEL_EXTENDED_DATA_* Constants.
 .br
 \fBLIBSSH2_CHANNEL_EXTENDED_DATA_NORMAL\fP: Queue extended data for eventual 
 reading
 .br
 \fBLIBSSH2_CHANNEL_EXTENDED_DATA_MERGE\fP: Treat extended data and ordinary 
 data the same. Merge all substreams such that calls to 
 .BR libssh2_channel_read(3)
 will pull from all substreams on a first-in/first-out basis.
 .br
 \fBLIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE\fP: Discard all extended data as it 
 arrives.

 Change how a channel deals with extended data packets. By default all 
 extended data is queued until read by 
 .BR libssh2_channel_read_ex(3)

 .SH RETURN VALUE
 Return 0 on success or LIBSSH2_ERROR_EAGAIN when it would otherwise block.

 .SH SEE ALSO
 .BR libssh2_channel_handle_extended_data(3)
 .BR libssh2_channel_read_ex(3)
--- a/libssh2/docs/libssh2_channel_ignore_extended_data.3
+++ b/libssh2/docs/libssh2_channel_ignore_extended_data.3
@@ -0,0 +1,20 @@
 .TH libssh2_channel_ignore_extended_data 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_ignore_extended_data - convenience macro for \fIlibssh2_channel_handle_extended_data(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 libssh2_channel_ignore_extended_data(arguments)

 .SH DESCRIPTION
 This function is deprecated. Use the
 \fIlibssh2_channel_handle_extended_data2(3)\fP function instead!

 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_handle_extended_data(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_handle_extended_data(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_handle_extended_data(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_handle_extended_data(3)
--- a/libssh2/docs/libssh2_channel_open_ex.3
+++ b/libssh2/docs/libssh2_channel_open_ex.3
@@ -0,0 +1,54 @@
 .TH libssh2_channel_open_ex 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_open_ex - establish a generic session channel
 .SH SYNOPSIS
 #include <libssh2.h>

 LIBSSH2_CHANNEL *
 libssh2_channel_open_ex(LIBSSH2_SESSION *session, const char *channel_type, unsigned int channel_type_len, unsigned int window_size, unsigned int packet_size, const char *message, unsigned int message_len);

 LIBSSH2_CHANNEL *
 libssh2_channel_open_session(session);

 .SH DESCRIPTION
 \fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)

 \fIchannel_type\fP - Channel type to open. Typically one of session, 
 direct-tcpip, or tcpip-forward. The SSH2 protocol allowed for additional 
 types including local, custom channel types.

 \fIchannel_type_len\fP - Length of channel_type

 \fIwindow_size\fP - Maximum amount of unacknowledged data remote host is 
 allowed to send before receiving an SSH_MSG_CHANNEL_WINDOW_ADJUST packet.

 \fIpacket_size\fP - Maximum number of bytes remote host is allowed to send 
 in a single SSH_MSG_CHANNEL_DATA or SSG_MSG_CHANNEL_EXTENDED_DATA packet.

 \fImessage\fP - Additional data as required by the selected channel_type.

 \fImessage_len\fP - Length of message parameter.

 Allocate a new channel for exchanging data with the server. This method is 
 typically called through its macroized form: 
 .BR libssh2_channel_open_session(3)
 or via 
 .BR libssh2_channel_direct_tcpip(3)
 or
 .BR libssh2_channel_forward_listen(3)

 .SH RETURN VALUE
 Pointer to a newly allocated LIBSSH2_CHANNEL instance, or NULL on errors.

 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.

 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.

 \fILIBSSH2_ERROR_CHANNEL_FAILURE\fP - 

 \fILIBSSH2_ERROR_EAGAIN\fP - Marked for non-blocking I/O but the call would block.

 .SH SEE ALSO
 Add related functions
--- a/libssh2/docs/libssh2_channel_open_session.3
+++ b/libssh2/docs/libssh2_channel_open_session.3
@@ -0,0 +1,18 @@
 .TH libssh2_channel_open_session 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_open_session - convenience macro for \fIlibssh2_channel_open_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 LIBSSH2_CHANNEL *
 libssh2_channel_open_session(LIBSSH2_SESSION *session);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_open_ex(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_open_ex(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_open_ex(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_open_ex(3)
--- a/libssh2/docs/libssh2_channel_process_startup.3
+++ b/libssh2/docs/libssh2_channel_process_startup.3
@@ -0,0 +1,38 @@
 .TH libssh2_channel_process_startup 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_process_startup - request a shell on a channel
 .SH SYNOPSIS
 .nf
 #include <libssh2.h>

 int libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel,
                                    const char *request,
                                    unsigned int request_len,
                                    const char *message,
                                    unsigned int message_len);
 .SH DESCRIPTION
 \fIchannel\fP - Active session channel instance.

 \fIrequest\fP - Type of process to startup. The SSH2 protocol currently 
 defines shell, exec, and subsystem as standard process services.

 \fIrequest_len\fP - Length of request parameter.

 \fImessage\fP - Request specific message data to include.

 \fImessage_len\fP - Length of message parameter.

 Initiate a request on a session type channel such as returned by 
 .BR libssh2_channel_open_ex(3)
 .SH RETURN VALUE
 Return 0 on success or negative on failure.  It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.

 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.

 \fILIBSSH2_ERROR_CHANNEL_REQUEST_DENIED\fP - 
 .SH SEE ALSO
 .BR libssh2_channel_open_ex(3)
--- a/libssh2/docs/libssh2_channel_read.3
+++ b/libssh2/docs/libssh2_channel_read.3
@@ -0,0 +1,17 @@
 .TH libssh2_channel_read 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_read - convenience macro for \fIlibssh2_channel_read_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 ssize_t libssh2_channel_read(LIBSSH2_CHANNEL *channel, char *buf, size_t buflen);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_read_ex(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_read_ex(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_read_ex(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_read_ex(3)
--- a/libssh2/docs/libssh2_channel_read_ex.3
+++ b/libssh2/docs/libssh2_channel_read_ex.3
@@ -0,0 +1,45 @@
 .TH libssh2_channel_read_ex 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
 .SH NAME
 libssh2_channel_read_ex - read data from a channel stream
 .SH SYNOPSIS
 #include <libssh2.h>

 ssize_t
 libssh2_channel_read_ex(LIBSSH2_CHANNEL *channel, int stream_id, char *buf, size_t buflen);

 ssize_t
 libssh2_channel_read(LIBSSH2_CHANNEL *channel, char *buf, size_t buflen);

 ssize_t
 libssh2_channel_read_stderr(LIBSSH2_CHANNEL *channel, char *buf, size_t buflen);

 .SH DESCRIPTION
 Attempt to read data from an active channel stream. All channel streams have
 one standard I/O substream (stream_id == 0), and may have up to 2^32 extended
 data streams as identified by the selected \fIstream_id\fP. The SSH2 protocol
 currently defines a stream ID of 1 to be the stderr substream.

 \fIchannel\fP - active channel stream to read from. 

 \fIstream_id\fP - substream ID number (e.g. 0 or SSH_EXTENDED_DATA_STDERR) 

 \fIbuf\fP - pointer to storage buffer to read data into

 \fIbuflen\fP - size of the buf storage

 \fIlibssh2_channel_read(3)\fP and \fIlibssh2_channel_read_stderr(3)\fP are
 macros.
 .SH RETURN VALUE
 Actual number of bytes read or negative on failure. It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.

 Note that a return value of zero (0) can in fact be a legitimate value and
 only signals that no payload data was read. It is not an error.
 .SH ERRORS
 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.

 \fILIBSSH2_ERROR_CHANNEL_CLOSED\fP - The channel has been closed.

 .SH SEE ALSO
 .BR libssh2_poll_channel_read(3)
--- a/libssh2/docs/libssh2_channel_read_stderr.3
+++ b/libssh2/docs/libssh2_channel_read_stderr.3
@@ -0,0 +1,17 @@
 .TH libssh2_channel_read_stderr 3 "20 Feb 2010" "libssh2 1.2.4" "libssh2 manual"
 .SH NAME
 libssh2_channel_read_stderr - convenience macro for \fIlibssh2_channel_read_ex(3)\fP calls
 .SH SYNOPSIS
 #include <libssh2.h>

 ssize_t libssh2_channel_read_stderr(LIBSSH2_CHANNEL *channel, char *buf, size_t buflen);

 .SH DESCRIPTION
 This is a macro defined in a public libssh2 header file that is using the
 underlying function \fIlibssh2_channel_read_ex(3)\fP.
 .SH RETURN VALUE
 See \fIlibssh2_channel_read_ex(3)\fP
 .SH ERRORS
 See \fIlibssh2_channel_read_ex(3)\fP
 .SH SEE ALSO
 .BR libssh2_channel_read_ex(3)
Author	SHA1	Message	Date
John-Mark Gurney	71bcb0ebbf	change this to a better initalization since malloc isn't spelled calloc here..	3 years ago
John-Mark Gurney	29e65c2822	when in non-blocking mode, return _EAGAIN.. There is no way the consumer knows that another write is outstanding.. This is safe as it will "never" block, as soon as there is space, select will return, and the correct write should be called to finish itself up, unblocking the other... I can picture a deadlock though where the write flag gets cleared when finished up, and the other channel write was previously _EAGAIN'd... This implies that a similar solution to read needs to be done, which is if any write happens, spin the loop again, trying all the outstanding writes to make sure they get a chance..	4 years ago
John-Mark Gurney	b7b3505407	remove some debug prints...	4 years ago
John-Mark Gurney	b7d400fabc	fix multiple sessions... This fixes a bug where ggatessh was consuming 100% cpu because the error from sftp_open wasn't being checked, now ggatessh will exit if this fails (and log the failure)... Add a test to make sure that a second session is launched and works.. This discovered that the sftp_open wasn't passing in the correct file name... Now that there will be multiple IOs in flight, this should improve performance a bit...	4 years ago
John-Mark Gurney	8aec20b81c	run the tests from the correct location...	4 years ago
John-Mark Gurney	6850ed2c2d	looks like these do need to be enabled, hanging on pending sessions: debug: pending: session: 0x4181d180, handle: 0x0 debug: selecting: inbound , read: sockfd: 1, popfd: 1, write: sockfd: 0 debug: select: 1, read: sockfd: 1, popfd: 0, write: sockfd: 0 debug: pending: session: 0x4181d180, handle: 0x0 debug: selecting: inbound , read: sockfd: 1, popfd: 1, write: sockfd: 0	4 years ago
John-Mark Gurney	eea6e7ac94	attempt to fix ggatessh to work with libssh2's broken event system... This I believe fixes problems with it. First off, is to call an internal function to make sure to process any packets that are pending despite there being no outstanding actions... The second part is dealing w/ the issue that one channel may read data for a previously processes channel... There isn't a good way to get what channels have pending data, instead, use a custom wrapper around recv, and if ANY data was read/returned, process all the pending requests again. This will do a bit of extra work, but it a lot more simple than fixing libssh2 to be sane...	4 years ago
John-Mark Gurney	dd9f381cbc	make sure that stderr gets included..	4 years ago
John-Mark Gurney	897e2fb09b	add a target for updating the libssh2 tree...	4 years ago
John-Mark Gurney	718dd008f3	add some debugging for understanding how these flags are set..	4 years ago
John-Mark Gurney	3d99ded146	disable read ahead algorithm so we don't waste bandwidth..	4 years ago
John-Mark Gurney	a0e97ef851	Merge commit 'f80eeb6932099bc9143b267ad4814ef1874adcb0' into ssh-main	4 years ago
John-Mark Gurney	f80eeb6932	Squashed 'libssh2/' changes from f75f3488..720998f3 720998f3 kex.c: fix simple typo, niumber -> number (#545) cfe0bf64 session.c: Correct a typo which may lead to stack overflow (#533) REVERT: f75f3488 add some debugging for understanding how these flags are set.. REVERT: 57635ddf disable read ahead algorithm so we don't waste bandwidth.. git-subtree-dir: libssh2 git-subtree-split: 720998f322f4bffffe531d5ec6a240c8c18459b2	4 years ago
John-Mark Gurney	5310940f97	this is a better way to find the path... On boot, the script is sourced, not executed, so the old method won't work. This isn't great if there are two scripts if/when it gets installed to base, but prefering the package one seems to make sense over the built in one if it exists..	4 years ago
John-Mark Gurney	02ef0d100e	make rescue work, fix stopping... make script work in /etc and /usr/local/etc	4 years ago
John-Mark Gurney	129cdb5ee6	add more info on how to use ggatessh... talk about libssh2 modifications and sftp-firewall for sftp-server... Also document how to enable debugging for libssh2 for tracking things down...	4 years ago
John-Mark Gurney	3711c67c08	support hole punching when _DELETE commands are received... If the server doesn't support it, EOPNOTSUPP is returned..	4 years ago
John-Mark Gurney	79171e6e22	add support to libssh2 for hole punching...	4 years ago
John-Mark Gurney	03d6dcfd33	disable building libssh2 shared, we link statically, so no need..	4 years ago
John-Mark Gurney	2beecd4be5	make sure man page is installed by PREFIX as well..	4 years ago
John-Mark Gurney	e8ac8c5818	use PREFIX if defined..	4 years ago
John-Mark Gurney	f84348aab7	add man page for the rc.d script...	4 years ago
John-Mark Gurney	e0356be662	add an rc.d script for ggatessh...	4 years ago
John-Mark Gurney	eb5536bdaa	fix launching when a pidfile is unspecified...	4 years ago
John-Mark Gurney	7969362509	add a dist target for building a dist w/ autoreconf run..	4 years ago
John-Mark Gurney	1a12d7a97c	install to PREFIX if defined, make tests dir before install.. This gets things working sanely for packaging...	4 years ago
John-Mark Gurney	349b114752	add support for ro/wo and tests to verify this funcionality.. Also did some line wrapping..	4 years ago
John-Mark Gurney	92a8ebf544	add info about testing..	4 years ago
John-Mark Gurney	fb496005f8	use the newly imported libssh2 so this makes it mostly self contained..	4 years ago
John-Mark Gurney	282d7ea8f8	fix compiling by moving the pid code to the correct location..	4 years ago
John-Mark Gurney	41d0940e45	add the changes to disable no-readahead.. Merge commit '1507d27be0bbb550ca53ca8215a997a1b31e9017' into ssh-main	4 years ago
John-Mark Gurney	1507d27be0	Squashed 'libssh2/' changes from 6c7769dc..f75f3488 f75f3488 add some debugging for understanding how these flags are set.. 57635ddf disable read ahead algorithm so we don't waste bandwidth.. git-subtree-dir: libssh2 git-subtree-split: f75f3488824d7935d15d75a869783b37fe446927	4 years ago
John-Mark Gurney	c5e5828f0a	Merge commit 'd93d59807ef355920625505a3e1898c3d7f81e83' as 'libssh2'	4 years ago
John-Mark Gurney	d93d59807e	Squashed 'libssh2/' content from commit 6c7769d git-subtree-dir: libssh2 git-subtree-split: `6c7769dcc4`	4 years ago
John-Mark Gurney	1c8b4c849f	make ggatessh work.. it uses libssh2, but it is recommended to use a patched version that does not do read ahead. It also supports resizing when rescuing and the file has changed sizes..	4 years ago
John-Mark Gurney	ad55687781	add a tool to see what requests have not completed, useful for debugging..	4 years ago
John-Mark Gurney	dbf3c5c767	when debugging flush to get messages out timely...	4 years ago
John-Mark Gurney	8c7209fe1b	get things mostly working.. the performance is ok, but likely can be improved upon: libcurl seems to not reuse connections, why not? libcurl when using any auth, ALWAYS tries unauth'd for EVERY request instead of caching that this url NEEDs auth there are some error handling cases that could be improved	4 years ago
John-Mark Gurney	e1c3f9d200	guess this isn't useful, wsgidav doesn't function..	4 years ago
John-Mark Gurney	e0703efbd3	add discussion about issues w/ WebDAV/REST and this..	4 years ago
John-Mark Gurney	5afc427d47	only display the first few erros, and fail if everything didn't get displayed..	4 years ago
John-Mark Gurney	b9ca728a15	update tests to new name and create the starting test... This isn't the best as it depends upon a WebDAV server already running..	4 years ago
John-Mark Gurney	acb98a9b09	add docs about running up a simple WebDAV server..	4 years ago
John-Mark Gurney	7d19a61c4f	rename ggatec to ggatehttp so that it won't overwrite ggatec	4 years ago
John-Mark Gurney	a26a992b6e	forgot to cleanup Makefile	4 years ago
John-Mark Gurney	1cb4afd5fb	start on a variant for https instead...	4 years ago