Relase 0.9.6

Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
ChangeLog: Fix release date of 0.9.5
2026-02-04 12:20:42 +09:00 · 2021-08-19 09:49:25 +02:00 · 2021-08-18 19:53:10 +02:00 · 2021-08-18 14:16:23 +02:00 · 2021-08-18 14:16:18 +02:00 · 2021-08-17 18:33:24 +02:00
475 changed files with 26875 additions and 99062 deletions
--- a/.clang-format
+++ b/.clang-format
@@ -1,29 +0,0 @@
---
-# https://clang.llvm.org/docs/ClangFormatStyleOptions.html
-BasedOnStyle: LLVM
-IndentWidth: 4
-UseTab: Never
-AllowShortIfStatementsOnASingleLine: false
-BreakBeforeBraces: Custom
-BraceWrapping:
-    AfterEnum: false
-    AfterFunction: true
-    AfterStruct: false
-    AfterUnion: false
-    AfterExternBlock: false
-    BeforeElse: false
-    BeforeWhile: false
-IndentCaseLabels: false
-IndentCaseBlocks: false
-ColumnLimit: 80
-AlignAfterOpenBracket: Align
-AllowAllParametersOfDeclarationOnNextLine: false
-BinPackArguments: false
-BinPackParameters: false
-AllowAllArgumentsOnNextLine: false
-AllowShortFunctionsOnASingleLine: Empty
-BreakAfterReturnType: ExceptShortType
-AlwaysBreakAfterReturnType: AllDefinitions
-AlignEscapedNewlines: Left
-ForEachMacros: ['ssh_callbacks_iterate']
-AlignConsecutiveMacros: 'Consecutive'
--- a/.clang-format-ignore
+++ b/.clang-format-ignore
@@ -1 +0,0 @@
-src/external/*
--- a/.cmake-format.yaml
+++ b/.cmake-format.yaml
@@ -1,6 +0,0 @@
---
-line_width: 80
-tab_size: 4
-use_tabchars: false
-separate_ctrl_name_with_space: true
-separate_fn_name_with_space: false
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,23 +0,0 @@
-root = true
-
-[*]
-charset = utf-8
-max_line_length = 80
-end_of_line = lf
-trim_trailing_whitespace = true
-insert_final_newline = true
-
-[*.{c,h}]
-indent_style = space
-indent_size = 4
-tab_width = 4
-
-[CMakeLists.txt]
-indent_style = space
-indent_size = 4
-tab_width = 4
-
-[*.cmake]
-indent_style = space
-indent_size = 4
-tab_width = 4
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,11 @@
 *.a
 *.o
+.*
 *.swp
 *~$
 cscope.*
 compile_commands.json
-/.cache
 /.clangd
 tags
 /build
 /obj*
-doc/tags.xml
-.DS_Store
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
--- a/.gitlab-ci/checkabi.sh
+++ b/.gitlab-ci/checkabi.sh
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-INSTALL_DIR1=${1}
-INSTALL_DIR2=${2}
-
-abidiff \
-    --headers-dir1 "${INSTALL_DIR1}/include/libssh/" \
-    --headers-dir2 "${INSTALL_DIR2}/include/libssh/" \
-    "${INSTALL_DIR1}/lib64/libssh.so" \
-    "${INSTALL_DIR2}/lib64/libssh.so" \
-    --fail-no-debug-info
-abiret=$?
-
-ABIDIFF_ERROR=$(((abiret & 0x01) != 0))
-ABIDIFF_USAGE_ERROR=$(((abiret & 0x02) != 0))
-ABIDIFF_ABI_CHANGE=$(((abiret & 0x04) != 0))
-ABIDIFF_ABI_INCOMPATIBLE_CHANGE=$(((abiret & 0x08) != 0))
-ABIDIFF_UNKNOWN_BIT_SET=$(((abiret & 0xf0) != 0))
-
-if [ $ABIDIFF_ERROR -ne 0 ]; then
-    echo "abidiff reported ABIDIFF_ERROR."
-    exit 1
-fi
-if [ $ABIDIFF_USAGE_ERROR -ne 0 ]; then
-    echo "abidiff reported ABIDIFF_USAGE_ERROR."
-    exit 1
-fi
-if [ $ABIDIFF_UNKNOWN_BIT_SET -ne 0 ]; then
-    echo "abidiff reported ABIDIFF_UNKNOWN_BIT_SET."
-    exit 1
-fi
-
-if [ $ABIDIFF_ABI_INCOMPATIBLE_CHANGE -ne 0 ]; then
-    echo "abidiff result ABIDIFF_ABI_INCOMPATIBLE_CHANGE, this breaks the API!"
-    exit 1
-fi
-
-if [ $ABIDIFF_ABI_CHANGE -ne 0 ]; then
-  echo "Ignoring abidiff result ABI_CHANGE"
-fi
-
-exit 0
--- a/.gitlab-ci/clang-format-check.sh
+++ b/.gitlab-ci/clang-format-check.sh
@@ -1,12 +0,0 @@
-#!/bin/sh
-# Based on Github Action
-# https://github.com/yshui/git-clang-format-lint
-
-diff=$(git-clang-format --diff --commit "$CI_MERGE_REQUEST_DIFF_BASE_SHA")
-[ "$diff" = "no modified files to format" ] && exit 0
-[ "$diff" = "clang-format did not modify any files" ] && exit 0
-
-printf "You have introduced coding style breakages, suggested changes:\n\n"
-
-echo "${diff}" | colordiff
-exit 1
--- a/.gitlab-ci/cmocka.cfg
+++ b/.gitlab-ci/cmocka.cfg
@@ -1,475 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  cppcheck library configuration for cmocka
-
-  This file provides cppcheck with information about cmocka's assertion functions
-  and their behavior, particularly that assertion failures do not return.
-
-  This helps cppcheck understand that after assert_non_null(ptr), the pointer
-  is guaranteed to be non-NULL, eliminating false positives like:
-    - nullPointerArithmeticOutOfMemory
-    - nullPointer
-    - etc.
-
-  Usage:
-    cppcheck --library=cmocka.cfg [other options] <source files>
-
-  For more information on cppcheck library format, see:
-    https://cppcheck.sourceforge.io/manual.html#library-configuration
-->
-<def format="2">
-  <!-- Core functions -->
-  <function name="_fail">
-    <noreturn>true</noreturn>
-    <arg nr="1" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="2" direction="in"/>
-  </function>
-
-  <!-- Boolean assertions -->
-  <function name="_assert_true">
-    <arg nr="1" direction="in">
-      <valid>arg1 != 0</valid>
-    </arg>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <function name="_assert_false">
-    <arg nr="1" direction="in">
-      <valid>arg1 == 0</valid>
-    </arg>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <!-- Pointer assertions -->
-  <function name="_assert_ptr_equal_msg">
-    <arg nr="1" direction="in">
-      <valid>arg1 == arg2</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_ptr_not_equal_msg">
-    <arg nr="1" direction="in">
-      <valid>arg1 != arg2</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <!-- Integer assertions -->
-  <function name="_assert_int_equal">
-    <arg nr="1" direction="in">
-      <valid>arg1 == arg2</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <function name="_assert_int_not_equal">
-    <arg nr="1" direction="in">
-      <valid>arg1 != arg2</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <function name="_assert_uint_equal">
-    <arg nr="1" direction="in">
-      <valid>arg1 == arg2</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <function name="_assert_uint_not_equal">
-    <arg nr="1" direction="in">
-      <valid>arg1 != arg2</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <!-- Float/double assertions -->
-  <function name="_assert_float_equal">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_float_not_equal">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_double_equal">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_double_not_equal">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <!-- String assertions -->
-  <function name="_assert_string_equal">
-    <arg nr="1" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <function name="_assert_string_not_equal">
-    <arg nr="1" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in"/>
-  </function>
-
-  <!-- Memory assertions -->
-  <function name="_assert_memory_equal">
-    <arg nr="1" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_memory_not_equal">
-    <arg nr="1" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <!-- Range assertions -->
-  <function name="_assert_int_in_range">
-    <arg nr="1" direction="in">
-      <valid>arg2 &lt;= arg1 &amp;&amp; arg1 &lt;= arg3</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_int_not_in_range">
-    <arg nr="1" direction="in">
-      <valid>arg1 &lt; arg2 || arg3 &lt; arg1</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_uint_in_range">
-    <arg nr="1" direction="in">
-      <valid>arg2 &lt;= arg1 &amp;&amp; arg1 &lt;= arg3</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_uint_not_in_range">
-    <arg nr="1" direction="in">
-      <valid>arg1 &lt; arg2 || arg3 &lt; arg1</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <function name="_assert_float_in_range">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in"/>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in"/>
-  </function>
-
-  <function name="_assert_float_not_in_range">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in"/>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in"/>
-  </function>
-
-  <!-- Set assertions -->
-  <function name="_assert_int_in_set">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in"/>
-  </function>
-
-  <function name="_assert_int_not_in_set">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in"/>
-  </function>
-
-  <function name="_assert_uint_in_set">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in"/>
-  </function>
-
-  <function name="_assert_uint_not_in_set">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in"/>
-  </function>
-
-  <function name="_assert_not_in_set">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in"/>
-  </function>
-
-  <function name="_assert_float_in_set">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in"/>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="7" direction="in"/>
-  </function>
-
-  <function name="_assert_float_not_in_set">
-    <arg nr="1" direction="in"/>
-    <arg nr="2" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="3" direction="in"/>
-    <arg nr="4" direction="in"/>
-    <arg nr="5" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="6" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="7" direction="in"/>
-  </function>
-
-  <!-- Return code assertion -->
-  <function name="_assert_return_code">
-    <arg nr="1" direction="in">
-      <valid>0 &lt;= arg1</valid>
-    </arg>
-    <arg nr="2" direction="in"/>
-    <arg nr="3" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="4" direction="in">
-      <not-null/>
-    </arg>
-    <arg nr="5" direction="in"/>
-  </function>
-
-  <!-- Macro definitions -->
-  <!-- Boolean macros -->
-  <define name="assert_true(c)" value="_assert_true(cast_to_uintmax_type(c), #c, __FILE__, __LINE__)"/>
-  <define name="assert_false(c)" value="_assert_false(cast_to_uintmax_type(c), #c, __FILE__, __LINE__)"/>
-
-  <!-- Pointer macros -->
-  <define name="assert_non_null(c)" value="assert_ptr_not_equal((c), NULL)"/>
-  <define name="assert_non_null_msg(c, msg)" value="assert_ptr_not_equal_msg((c), NULL, (msg))"/>
-  <define name="assert_null(c)" value="assert_ptr_equal((c), NULL)"/>
-  <define name="assert_null_msg(c, msg)" value="assert_ptr_equal_msg((c), NULL, (msg))"/>
-  <define name="assert_ptr_equal(a, b)" value="assert_ptr_equal_msg((a), (b), NULL)"/>
-  <define name="assert_ptr_equal_msg(a, b, msg)" value="_assert_ptr_equal_msg((const void*)(a), (const void*)(b), __FILE__, __LINE__, (msg))"/>
-  <define name="assert_ptr_not_equal(a, b)" value="_assert_ptr_not_equal_msg((const void*)(a), (const void*)(b), __FILE__, __LINE__, NULL)"/>
-  <define name="assert_ptr_not_equal_msg(a, b, msg)" value="_assert_ptr_not_equal_msg((const void*)(a), (const void*)(b), __FILE__, __LINE__, (msg))"/>
-
-  <!-- Integer macros -->
-  <define name="assert_int_equal(a, b)" value="_assert_int_equal(cast_to_intmax_type(a), cast_to_intmax_type(b), __FILE__, __LINE__)"/>
-  <define name="assert_int_not_equal(a, b)" value="_assert_int_not_equal(cast_to_intmax_type(a), cast_to_intmax_type(b), __FILE__, __LINE__)"/>
-  <define name="assert_uint_equal(a, b)" value="_assert_uint_equal(cast_to_uintmax_type(a), cast_to_uintmax_type(b), __FILE__, __LINE__)"/>
-  <define name="assert_uint_not_equal(a, b)" value="_assert_uint_not_equal(cast_to_uintmax_type(a), cast_to_uintmax_type(b), __FILE__, __LINE__)"/>
-
-  <!-- Float/double macros -->
-  <define name="assert_float_equal(a, b, epsilon)" value="_assert_float_equal((float)(a), (float)(b), (float)(epsilon), __FILE__, __LINE__)"/>
-  <define name="assert_float_not_equal(a, b, epsilon)" value="_assert_float_not_equal((float)(a), (float)(b), (float)(epsilon), __FILE__, __LINE__)"/>
-  <define name="assert_double_equal(a, b, epsilon)" value="_assert_double_equal((double)(a), (double)(b), (double)(epsilon), __FILE__, __LINE__)"/>
-  <define name="assert_double_not_equal(a, b, epsilon)" value="_assert_double_not_equal((double)(a), (double)(b), (double)(epsilon), __FILE__, __LINE__)"/>
-
-  <!-- String macros -->
-  <define name="assert_string_equal(a, b)" value="_assert_string_equal((const char*)(a), (const char*)(b), __FILE__, __LINE__)"/>
-  <define name="assert_string_not_equal(a, b)" value="_assert_string_not_equal((const char*)(a), (const char*)(b), __FILE__, __LINE__)"/>
-
-  <!-- Memory macros -->
-  <define name="assert_memory_equal(a, b, size)" value="_assert_memory_equal((const void*)(a), (const void*)(b), size, __FILE__, __LINE__)"/>
-  <define name="assert_memory_not_equal(a, b, size)" value="_assert_memory_not_equal((const void*)(a), (const void*)(b), size, __FILE__, __LINE__)"/>
-
-  <!-- Range macros -->
-  <define name="assert_int_in_range(value, minimum, maximum)" value="_assert_int_in_range(cast_to_intmax_type(value), cast_to_intmax_type(minimum), cast_to_intmax_type(maximum), __FILE__, __LINE__)"/>
-  <define name="assert_int_not_in_range(value, minimum, maximum)" value="_assert_int_not_in_range(cast_to_intmax_type(value), cast_to_intmax_type(minimum), cast_to_intmax_type(maximum), __FILE__, __LINE__)"/>
-  <define name="assert_uint_in_range(value, minimum, maximum)" value="_assert_uint_in_range(cast_to_uintmax_type(value), cast_to_uintmax_type(minimum), cast_to_uintmax_type(maximum), __FILE__, __LINE__)"/>
-  <define name="assert_uint_not_in_range(value, minimum, maximum)" value="_assert_uint_not_in_range(cast_to_uintmax_type(value), cast_to_uintmax_type(minimum), cast_to_uintmax_type(maximum), __FILE__, __LINE__)"/>
-  <define name="assert_in_range(value, minimum, maximum)" value="assert_uint_in_range(value, minimum, maximum)"/>
-  <define name="assert_not_in_range(value, minimum, maximum)" value="assert_uint_not_in_range(value, minimum, maximum)"/>
-  <define name="assert_float_in_range(value, minimum, maximum, epsilon)" value="_assert_float_in_range((double)(value), (double)(minimum), (double)(maximum), (double)(epsilon), __FILE__, __LINE__)"/>
-  <define name="assert_float_not_in_range(value, minimum, maximum, epsilon)" value="_assert_float_not_in_range((double)(value), (double)(minimum), (double)(maximum), (double)(epsilon), __FILE__, __LINE__)"/>
-
-  <!-- Set macros -->
-  <define name="assert_in_set(value, values, number_of_values)" value="_assert_not_in_set(cast_to_uintmax_type(value), (uintmax_t*)(values), number_of_values, __FILE__, __LINE__, 0)"/>
-  <define name="assert_not_in_set(value, values, number_of_values)" value="_assert_not_in_set(cast_to_uintmax_type(value), (uintmax_t*)(values), number_of_values, __FILE__, __LINE__, 1)"/>
-  <define name="assert_int_in_set(value, values, number_of_values)" value="_assert_int_in_set(cast_to_intmax_type(value), (intmax_t*)(values), number_of_values, __FILE__, __LINE__, 0)"/>
-  <define name="assert_int_not_in_set(value, values, number_of_values)" value="_assert_int_not_in_set(cast_to_intmax_type(value), (intmax_t*)(values), number_of_values, __FILE__, __LINE__, 1)"/>
-  <define name="assert_uint_in_set(value, values, number_of_values)" value="_assert_uint_in_set(cast_to_uintmax_type(value), (uintmax_t*)(values), number_of_values, __FILE__, __LINE__, 0)"/>
-  <define name="assert_uint_not_in_set(value, values, number_of_values)" value="_assert_uint_not_in_set(cast_to_uintmax_type(value), (uintmax_t*)(values), number_of_values, __FILE__, __LINE__, 1)"/>
-  <define name="assert_float_in_set(value, values, number_of_values, epsilon)" value="_assert_float_in_set((double)(value), (double*)(values), number_of_values, (double)(epsilon), __FILE__, __LINE__, 0)"/>
-  <define name="assert_float_not_in_set(value, values, number_of_values, epsilon)" value="_assert_float_not_in_set((double)(value), (double*)(values), number_of_values, (double)(epsilon), __FILE__, __LINE__, 1)"/>
-
-  <!-- Return code macro -->
-  <define name="assert_return_code(rc, error)" value="_assert_return_code(cast_to_intmax_type(rc), (int32_t)(error), #rc, __FILE__, __LINE__)"/>
-</def>
--- a/.gitlab-ci/git-check-signoff-trailer.sh
+++ b/.gitlab-ci/git-check-signoff-trailer.sh
@@ -1,36 +0,0 @@
-#!/bin/bash
-
-if [ $# != 1 ]; then
-    echo "Usage: $0 UPSTREAM_COMMIT_SHA"
-    exit 1
-fi
-
-failed=0
-
-if [ -z "$CI_COMMIT_SHA" ]; then
-    echo "CI_COMMIT_SHA is not set"
-    exit 1
-fi
-
-CI_COMMIT_RANGE="$1..$CI_COMMIT_SHA"
-
-red='\033[0;31m'
-blue='\033[0;34m'
-
-echo -e "${blue}Checking commit range: $CI_COMMIT_RANGE"
-echo
-echo
-
-for commit in $(git rev-list "$CI_COMMIT_RANGE"); do
-    git show -s --format=%B "$commit" | grep "^Signed-off-by: " >/dev/null 2>&1
-    ret=$?
-    if [ $ret -eq 1 ]; then
-        echo -e "${red}  >>> Missing Signed-off-by trailer in commit $commit"
-        failed=$(("$failed" + 1))
-    fi
-done
-
-echo
-echo
-
-exit $failed
--- a/.gitlab-ci/local-ci.sh
+++ b/.gitlab-ci/local-ci.sh
@@ -1,116 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-RED="\033[1;31m"
-GREEN="\033[1;32m"
-YELLOW="\033[1;33m"
-BLUE="\033[1;34m"
-RESET="\033[0m"
-
-export GCL_IGNORE_PREDEFINED_VARS=CI_REGISTRY
-
-BASE_SHA=$(git merge-base HEAD origin/master 2>/dev/null || git rev-parse HEAD~1)
-
-COMMON_ARGS=(
-  --variable "CI_MERGE_REQUEST_DIFF_BASE_SHA=$BASE_SHA"
-  --variable "CI_REGISTRY=registry.gitlab.com"
-  --json-schema-validation=false
-)
-
-check_requirements() {
-  for cmd in docker git gitlab-ci-local; do
-    if ! command -v "$cmd" >/dev/null 2>&1; then
-      echo -e "${RED}Missing dependency: $cmd${RESET}"
-      exit 1
-    fi
-    echo -e "${GREEN}Found: $cmd${RESET}"
-  done
-
-  if ! docker info >/dev/null 2>&1; then
-    echo -e "${RED}Docker daemon is not running or permission denied${RESET}"
-    exit 1
-  fi
-}
-
-list_jobs() {
-  gitlab-ci-local --list --json-schema-validation=false | awk 'NR>1 {print $1}'
-}
-
-run_job() {
-  JOB="$1"
-  echo -e "${YELLOW}Running CI job: $JOB${RESET}"
-  gitlab-ci-local "$JOB" "${COMMON_ARGS[@]}"
-}
-
-cleanup_images() {
-  echo -e "${BLUE}Removing libssh CI images only...${RESET}"
-  docker images --format "{{.Repository}}:{{.Tag}} {{.ID}}" \
-    | grep "$CI_REGISTRY/$BUILD_IMAGES_PROJECT" \
-    | awk '{print $2}' \
-    | xargs -r docker rmi -f
-}
-
-usage() {
-  echo
-  echo -e "${BLUE}Usage:${RESET}"
-  echo "  $0 --list"
-  echo "  $0 --run <job-name>"
-  echo "  $0 --all"
-  echo "  $0 --run <job-name> --clean"
-  echo "  $0 --all --clean"
-  echo
-  exit 1
-}
-
-check_requirements
-
-CLEAN=0
-MODE=""
-JOB=""
-
-while [[ $# -gt 0 ]]; do
-  case "$1" in
-    --list)
-      MODE="list"
-      shift
-      ;;
-    --run)
-      MODE="run"
-      JOB="$2"
-      shift 2
-      ;;
-    --all)
-      MODE="all"
-      shift
-      ;;
-    --clean)
-      CLEAN=1
-      shift
-      ;;
-    *)
-      usage
-      ;;
-  esac
-done
-
-case "$MODE" in
-  list)
-    list_jobs
-    ;;
-  run)
-    [[ -z "$JOB" ]] && usage
-    run_job "$JOB"
-    [[ "$CLEAN" -eq 1 ]] && cleanup_images
-    ;;
-  all)
-    for job in $(list_jobs); do
-      run_job "$job"
-      [[ "$CLEAN" -eq 1 ]] && cleanup_images
-    done
-    ;;
-  *)
-    usage
-    ;;
-esac
-
-echo -e "${GREEN}Done.${RESET}"
--- a/.gitlab-ci/shellcheck.sh
+++ b/.gitlab-ci/shellcheck.sh
@@ -1,56 +0,0 @@
-#!/bin/bash
-# Simplified and de-github-ed version of
-# https://github.com/ludeeus/action-shellcheck/blob/master/action.yaml
-
-statuscode=0
-
-declare -a filepaths
-shebangregex="^#! */[^ ]*/(env *)?[abk]*sh"
-set -f # temporarily disable globbing so that globs in inputs aren't expanded
-
-while IFS= read -r -d '' file; do
-  filepaths+=("$file")
-done < <(find . \
-    -type f \
-    '(' \
-    -name '*.bash' \
-    -o -name '.bashrc' \
-    -o -name 'bashrc' \
-    -o -name '.bash_aliases' \
-    -o -name '.bash_completion' \
-    -o -name '.bash_login' \
-    -o -name '.bash_logout' \
-    -o -name '.bash_profile' \
-    -o -name 'bash_profile' \
-    -o -name '*.ksh' \
-    -o -name 'suid_profile' \
-    -o -name '*.zsh' \
-    -o -name '.zlogin' \
-    -o -name 'zlogin' \
-    -o -name '.zlogout' \
-    -o -name 'zlogout' \
-    -o -name '.zprofile' \
-    -o -name 'zprofile' \
-    -o -name '.zsenv' \
-    -o -name 'zsenv' \
-    -o -name '.zshrc' \
-    -o -name 'zshrc' \
-    -o -name '*.sh' \
-    -o -path '*/.profile' \
-    -o -path '*/profile' \
-    -o -name '*.shlib' \
-    ')' \
-    -print0)
-
-while IFS= read -r -d '' file; do
-    head -n1 "$file" | grep -Eqs "$shebangregex" || continue
-    filepaths+=("$file")
-done < <(find . \
-    -type f ! -name '*.*' -perm /111 \
-    -print0)
-
-shellcheck "${filepaths[@]}" || statuscode=$?
-
-set +f # re-enable globbing
-
-exit "$statuscode"
--- a/.gitlab/merge_request_templates/default.md
+++ b/.gitlab/merge_request_templates/default.md
@@ -1,16 +0,0 @@
-Add a description of the new feature/bug fix. Reference any relevant bugs.
-
-## Checklist
- * [ ] Commits have `Signed-off-by:` with name/author being identical to the commit author
- * [ ] Code modified for feature
- * [ ] Test suite updated with functionality tests
- * [ ] Test suite updated with negative tests
- * [ ] Documentation updated
- * [ ] The project pipelines timeout is [extended](https://docs.gitlab.com/ee/ci/pipelines/settings.html#set-a-limit-for-how-long-jobs-can-run) at least to 2 hours.
-
-## Reviewer's checklist:
- * [ ] Any issues marked for closing are addressed
- * [ ] There is a test suite reasonably covering new functionality or modifications
- * [ ] Function naming, parameters, return values, types, etc., are consistent and according to [CONTRIBUTING.md](https://gitlab.com/libssh/libssh-mirror/-/blob/master/CONTRIBUTING.md)
- * [ ] This feature/change has adequate documentation added
- * [ ] No obvious mistakes in the code
--- a/.gitleaks.toml
+++ b/.gitleaks.toml
@@ -1,10 +0,0 @@
-#
-# GitLeaks Repo Specific Configuration
-#
-# This allowlist is used to help Red Hat ignore false positives during its code
-# scans.
-
-[allowlist]
-  paths = [
-    '''tests/*''',
-  ]
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,7 @@
-cmake_minimum_required(VERSION 3.14.0)
+cmake_minimum_required(VERSION 3.3.0)
+cmake_policy(SET CMP0048 NEW)

-# Specify search path for CMake modules to be loaded by include()
+# Specify search path for CMake modules to be loaded by include() 
 # and find_package()
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")

@@ -9,7 +10,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)

-project(libssh VERSION 0.11.00 LANGUAGES C)
+project(libssh VERSION 0.9.6 LANGUAGES C)

 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -21,7 +22,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.10.0")
+set(LIBRARY_VERSION "4.8.7")
 set(LIBRARY_SOVERSION "4")

 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
@@ -41,8 +42,6 @@ macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source buil
 # Copy library files to a lib sub-directory
 set(CMAKE_LIBRARY_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/lib")

-set(LIBSSSH_PC_REQUIRES_PRIVATE "")
-
 # search for libraries
 if (WITH_ZLIB)
    find_package(ZLIB REQUIRED)
@@ -50,12 +49,32 @@ endif (WITH_ZLIB)

 if (WITH_GCRYPT)
  find_package(GCrypt 1.5.0 REQUIRED)
-  message(WARNING "libgcrypt cryptographic backend is deprecated and will be removed in future releases.")
+  if (NOT GCRYPT_FOUND)
+    message(FATAL_ERROR "Could not find GCrypt")
+  endif (NOT GCRYPT_FOUND)
 elseif(WITH_MBEDTLS)
    find_package(MbedTLS REQUIRED)
-else()
-  find_package(OpenSSL 1.1.1 REQUIRED)
-endif()
+    if (NOT MBEDTLS_FOUND)
+      message(FATAL_ERROR "Could not find mbedTLS")
+    endif (NOT MBEDTLS_FOUND)
+else (WITH_GCRYPT)
+  find_package(OpenSSL)
+  if (OPENSSL_FOUND)
+    # On CMake < 3.16, OPENSSL_CRYPTO_LIBRARIES is usually a synonym for OPENSSL_CRYPTO_LIBRARY, but is not defined
+    # when building on Windows outside of Cygwin. We provide the synonym here, if FindOpenSSL didn't define it already.
+    if (NOT DEFINED OPENSSL_CRYPTO_LIBRARIES)
+      set(OPENSSL_CRYPTO_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+    endif (NOT DEFINED OPENSSL_CRYPTO_LIBRARIES)
+  else (OPENSSL_FOUND)
+    find_package(GCrypt)
+    if (NOT GCRYPT_FOUND)
+      find_package(MbedTLS)
+      if (NOT MBEDTLS_FOUND)
+        message(FATAL_ERROR "Could not find OpenSSL, GCrypt or mbedTLS")
+      endif (NOT MBEDTLS_FOUND)
+    endif (NOT GCRYPT_FOUND)
+  endif (OPENSSL_FOUND)
+endif(WITH_GCRYPT)

 if (UNIT_TESTING)
    find_package(CMocka REQUIRED)
@@ -68,7 +87,6 @@ find_package(Threads)

 if (WITH_GSSAPI)
    find_package(GSSAPI)
-    list(APPEND LIBSSH_PC_REQUIRES_PRIVATE ${GSSAPI_PC_REQUIRES})
 endif (WITH_GSSAPI)

 if (WITH_NACL)
@@ -78,19 +96,13 @@ if (WITH_NACL)
    endif (NOT NACL_FOUND)
 endif (WITH_NACL)

-if (WITH_FIDO2)
-    find_package(libfido2)
-    if (LIBFIDO2_FOUND)
-        set(HAVE_LIBFIDO2 ON)
-    else (LIBFIDO2_FOUND)
-        set(HAVE_LIBFIDO2 OFF)
-        message(WARNING "libfido2 was not found. Internal support for interacting with FIDO2/U2F devices using the USB HID protocol will not be available.")
-    endif (LIBFIDO2_FOUND)
-endif (WITH_FIDO2)
+if (BSD OR SOLARIS OR OSX)
+    find_package(Argp)
+endif (BSD OR SOLARIS OR OSX)

 # Disable symbol versioning in non UNIX platforms
 if (UNIX)
-    find_package(ABIMap 0.4.0)
+    find_package(ABIMap 0.3.1)
 else (UNIX)
    set(WITH_SYMBOL_VERSIONING OFF)
 endif (UNIX)
@@ -99,18 +111,14 @@ endif (UNIX)
 include(ConfigureChecks.cmake)
 configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h)

-if (NOT HAVE_ARGP_PARSE)
-  find_package(Argp)
-endif (NOT HAVE_ARGP_PARSE)
-
 # check subdirectories
 add_subdirectory(doc)
 add_subdirectory(include)
 add_subdirectory(src)

 # pkg-config file
-if (UNIX OR MINGW)
-configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc @ONLY)
+if (UNIX)
+configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc)
 install(
  FILES
    ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc
@@ -119,7 +127,7 @@ install(
  COMPONENT
    pkgconfig
 )
-endif (UNIX OR MINGW)
+endif (UNIX)

 # CMake config files
 include(CMakePackageConfigHelpers)
@@ -181,10 +189,6 @@ if (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
            set(ALLOW_ABI_BREAK "BREAK_ABI")
        endif()

-        if (WITH_FINAL)
-            set(FINAL "FINAL")
-        endif()
-
        # Target we can depend on in 'make dist'
        set(_SYMBOL_TARGET "${PROJECT_NAME}.map")

@@ -197,7 +201,7 @@ if (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
                          RELEASE_NAME_VERSION ${PROJECT_NAME}_${LIBRARY_VERSION}
                          CURRENT_MAP ${MAP_PATH}
                          COPY_TO ${MAP_PATH}
-                          ${FINAL}
+                          FINAL
                          ${ALLOW_ABI_BREAK})

        # Write the current version to the source
@@ -205,36 +209,16 @@ if (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)
    endif(UPDATE_ABI)
 endif (WITH_SYMBOL_VERSIONING AND ABIMAP_FOUND)

-# Coverage
-if (WITH_COVERAGE)
-    ENABLE_LANGUAGE(CXX)
-    include(CodeCoverage)
-    setup_target_for_coverage_lcov(
-        NAME "coverage"
-        EXECUTABLE make test
-        DEPENDENCIES ssh tests)
-    set(GCOVR_ADDITIONAL_ARGS --xml-pretty --exclude-unreachable-branches --print-summary --gcov-ignore-parse-errors)
-    setup_target_for_coverage_gcovr_xml(
-        NAME "coverage_xml"
-        EXECUTABLE make test
-        DEPENDENCIES ssh tests)
-endif (WITH_COVERAGE)
-
 add_custom_target(dist COMMAND ${CMAKE_MAKE_PROGRAM} package_source DEPENDS ${_SYMBOL_TARGET} VERBATIM)

-get_directory_property(hasParent PARENT_DIRECTORY)
-if(NOT(hasParent))
-  # Link compile database for clangd if we are the master project
-  execute_process(COMMAND ${CMAKE_COMMAND} -E create_symlink
-    "${CMAKE_BINARY_DIR}/compile_commands.json"
-    "${CMAKE_SOURCE_DIR}/compile_commands.json")
-endif()
+# Link compile database for clangd
+execute_process(COMMAND ${CMAKE_COMMAND} -E create_symlink
+                "${CMAKE_BINARY_DIR}/compile_commands.json"
+                "${CMAKE_SOURCE_DIR}/compile_commands.json")

 message(STATUS "********************************************")
 message(STATUS "********** ${PROJECT_NAME} build options : **********")

-message(STATUS "Build type: ${CMAKE_BUILD_TYPE}")
-message(STATUS "Coverage: ${WITH_COVERAGE}")
 message(STATUS "zlib support: ${WITH_ZLIB}")
 message(STATUS "libgcrypt support: ${WITH_GCRYPT}")
 message(STATUS "libmbedTLS support: ${WITH_MBEDTLS}")
@@ -243,19 +227,11 @@ message(STATUS "SFTP support: ${WITH_SFTP}")
 message(STATUS "Server support : ${WITH_SERVER}")
 message(STATUS "GSSAPI support : ${WITH_GSSAPI}")
 message(STATUS "GEX support : ${WITH_GEX}")
-message(STATUS "Support insecure none cipher and MAC : ${WITH_INSECURE_NONE}")
-message(STATUS "Support exec : ${WITH_EXEC}")
 message(STATUS "Pcap debugging support : ${WITH_PCAP}")
 message(STATUS "Build shared library: ${BUILD_SHARED_LIBS}")
 message(STATUS "Unit testing: ${UNIT_TESTING}")
 message(STATUS "Client code testing: ${CLIENT_TESTING}")
-message(STATUS "Blowfish cipher support: ${HAVE_BLOWFISH}")
-message(STATUS "PKCS #11 URI support: ${WITH_PKCS11_URI}")
-message(STATUS "With PKCS #11 provider support: ${WITH_PKCS11_PROVIDER}")
-message(STATUS "With FIDO2/U2F support: ${WITH_FIDO2}")
-if (WITH_FIDO2)
-    message(STATUS "With libfido2 (internal usb-hid support): ${HAVE_LIBFIDO2}")
-endif (WITH_FIDO2)
+message(STATUS "Blowfish cipher support: ${WITH_BLOWFISH_CIPHER}")
 set(_SERVER_TESTING OFF)
 if (WITH_SERVER)
    set(_SERVER_TESTING ${SERVER_TESTING})
@@ -270,15 +246,9 @@ message(STATUS "Benchmarks: ${WITH_BENCHMARKS}")
 message(STATUS "Symbol versioning: ${WITH_SYMBOL_VERSIONING}")
 message(STATUS "Allow ABI break: ${WITH_ABI_BREAK}")
 message(STATUS "Release is final: ${WITH_FINAL}")
-if (WITH_HERMETIC_USR)
-    message(STATUS "User global client config: ${USR_GLOBAL_CLIENT_CONFIG}")
-endif ()
 message(STATUS "Global client config: ${GLOBAL_CLIENT_CONFIG}")
 if (WITH_SERVER)
-    if (WITH_HERMETIC_USR)
-        message(STATUS "User global bind config: ${USR_GLOBAL_BIND_CONFIG}")
-    endif ()
-    message(STATUS "Global bind config: ${GLOBAL_BIND_CONFIG}")
+message(STATUS "Global bind config: ${GLOBAL_BIND_CONFIG}")
 endif()
 message(STATUS "********************************************")

--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,600 +0,0 @@
-# How to contribute a patch to libssh
-
-Please checkout the libssh source code using git.
-
-For contributions we prefer Merge Requests on Gitlab:
-
-https://gitlab.com/libssh/libssh-mirror/
-
-This way you get continuous integration which runs the complete libssh
-testsuite for you.
-
-For larger code changes, breaking the changes up into a set of simple
-patches, each of which does a single thing, are much easier to review.
-Patch sets like that will most likely have an easier time being merged
-into the libssh code than large single patches that make lots of
-changes in one large diff.
-
-Also bugfixes and new features should be covered by tests. We use the cmocka
-and cwrap framework for our testing and you can simply run it locally by
-calling `make test`.
-
-## Ownership of the contributed code
-
-libssh is a project with distributed copyright ownership, which means
-we prefer the copyright on parts of libssh to be held by individuals
-rather than corporations if possible. There are historical legal
-reasons for this, but one of the best ways to explain it is that it's
-much easier to work with individuals who have ownership than corporate
-legal departments if we ever need to make reasonable compromises with
-people using and working with libssh.
-
-We track the ownership of every part of libssh via https://git.libssh.org,
-our source code control system, so we know the provenance of every piece
-of code that is committed to libssh.
-
-So if possible, if you're doing libssh changes on behalf of a company
-who normally owns all the work you do please get them to assign
-personal copyright ownership of your changes to you as an individual,
-that makes things very easy for us to work with and avoids bringing
-corporate legal departments into the picture.
-
-If you can't do this we can still accept patches from you owned by
-your employer under a standard employment contract with corporate
-copyright ownership. It just requires a simple set-up process first.
-
-We use a process very similar to the way things are done in the Linux
-Kernel community, so it should be very easy to get a sign off from
-your corporate legal department. The only changes we've made are to
-accommodate the license we use, which is LGPLv2 (or later) whereas the
-Linux kernel uses GPLv2.
-
-The process is called signing.
-
-## How to sign your work
-
-Once you have permission to contribute to libssh from your employer, simply
-email a copy of the following text from your corporate email address to:
-
-contributing@libssh.org
-
-
-```
-libssh Developer's Certificate of Origin. Version 1.0
-
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the appropriate
-    version of the GNU General Public License; or
-
-(b) The contribution is based upon previous work that, to the best of
-    my knowledge, is covered under an appropriate open source license
-    and I have the right under that license to submit that work with
-    modifications, whether created in whole or in part by me, under
-    the GNU General Public License, in the appropriate version; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a) or (b) and I have not modified it.
-
-(d) I understand and agree that this project and the contribution are
-    public and that a record of the contribution (including all
-    metadata and personal information I submit with it, including my
-    sign-off) is maintained indefinitely and may be redistributed
-    consistent with the libssh Team's policies and the requirements of
-    the GNU GPL where they are relevant.
-
-(e) I am granting this work to this project under the terms of the
-    GNU Lesser General Public License as published by the
-    Free Software Foundation; either version 2.1 of
-    the License, or (at the option of the project) any later version.
-
-    https://www.gnu.org/licenses/lgpl-2.1.html
-```
-
-We will maintain a copy of that email as a record that you have the
-rights to contribute code to libssh under the required licenses whilst
-working for the company where the email came from.
-
-Then when sending in a patch via the normal mechanisms described
-above, add a line that states:
-
-    Signed-off-by: Random J Developer <random@developer.example.org>
-
-using your real name and the email address you sent the original email
-you used to send the libssh Developer's Certificate of Origin to us
-(sorry, no pseudonyms or anonymous contributions.)
-
-That's it! Such code can then quite happily contain changes that have
-copyright messages such as:
-
-    (c) Example Corporation.
-
-and can be merged into the libssh codebase in the same way as patches
-from any other individual. You don't need to send in a copy of the
-libssh Developer's Certificate of Origin for each patch, or inside each
-patch. Just the sign-off message is all that is required once we've
-received the initial email.
-
-## Continuous Integration
-
-Contributing patches through Merge Request workflow on Gitlab allows us to run
-various checks on various configuration as part of Gitlab CI. Unfortunately,
-some pipelines are slower (as they involve building dependencies) so the default
-timeout of 1 hour needs to be extended at least to 2 hours. This can be done in
-project settings of your libssh fork:
-
-https://docs.gitlab.com/ee/ci/pipelines/settings.html#set-a-limit-for-how-long-jobs-can-run
-
-Otherwise you will encounter errors like these, usually on visualstudio builds:
-
-```
-ERROR: Job failed: execution took longer than 1h0m0s seconds
-The script exceeded the maximum execution time set for the job
-```
-
-Note, that the built dependencies are cached so after successful build in your
-namespace, the rebuilds should be much faster.
-
-## Running GitLab CI locally (optional helper)
-
-For contributors working on CI, build system changes, or adding new CI jobs, it can be useful to run GitLab CI pipelines locally before pushing.
-
-libssh provides a small helper script based on `gitlab-ci-local` that can:
-
- List all jobs defined in `.gitlab-ci.yml`
- Run a specific job or the full pipeline locally
- Automatically pick up new jobs when they are added to the CI configuration
- Optionally clean up CI Docker images after execution
-
-### Requirements
-
- Docker (daemon running)
- git
- gitlab-ci-local  
-  https://github.com/firecow/gitlab-ci-local
-
-### Usage
-
-```bash
-./.gitlab-ci/local-ci.sh --list
-./.gitlab-ci/local-ci.sh --run fedora/libressl/x86_64
-./.gitlab-ci/local-ci.sh --all
-./.gitlab-ci/local-ci.sh --run fedora/libressl/x86_64 --clean
-```
-
-# Coding conventions in the libssh tree
-
-## Quick Start
-
-Coding style guidelines are about reducing the number of unnecessary
-reformatting patches and making things easier for developers to work together.
-
-You don't have to like them or even agree with them, but once put in place we
-all have to abide by them (or vote to change them).  However, coding style
-should never outweigh coding itself and so the guidelines described here are
-hopefully easy enough to follow as they are very common and supported by tools
-and editors.
-
-The basic style for C code, is the Linux kernel coding style (See
-Documentation/CodingStyle in the kernel source tree). This closely matches what
-libssh developers use already anyways, with a few exceptions as mentioned
-below.
-
-But to save you the trouble of reading the Linux kernel style guide, here
-are the highlights.
-
-* Maximum Line Width is 80 Characters
-  The reason is not about people with low-res screens but rather sticking
-  to 80 columns prevents you from easily nesting more than one level of
-  if statements or other code blocks.
-
-* Use 4 Spaces to Indent
-
-* No Trailing Whitespace
-  Clean up your files before committing.
-
-* Follow the K&R guidelines.  We won't go through all of them here. Do you
-  have a copy of "The C Programming Language" anyways right?
-
-
-## Editor Hints
-
-### Emacs
-
-Add the follow to your $HOME/.emacs file:
-
-    (add-hook 'c-mode-hook
-      (lambda ()
-          (c-set-style "linux")
-          (c-toggle-auto-state)))
-
-
-## Neovim/VIM
-
-For the basic vi editor included with all variants of \*nix, add the
-following to ~/.config/nvim/init.rc or ~/.vimrc:
-
-    set ts=4 sw=4 et cindent
-
-You can use the Vim gitmodline plugin to store this in the git config:
-
-https://git.cryptomilk.org/projects/vim-gitmodeline.git/
-
-For Vim, the following settings in $HOME/.vimrc will also deal with
-displaying trailing whitespace:
-
-    if has("syntax") && (&t_Co > 2 || has("gui_running"))
-        syntax on
-        function! ActivateInvisibleCharIndicator()
-            syntax match TrailingSpace "[ \t]\+$" display containedin=ALL
-            highlight TrailingSpace ctermbg=Red
-        endf
-        autocmd BufNewFile,BufRead * call ActivateInvisibleCharIndicator()
-    endif
-    " Show tabs, trailing whitespace, and continued lines visually
-    set list listchars=tab:»·,trail:·,extends:…
-
-    " highlight overly long lines same as TODOs.
-    set textwidth=80
-    autocmd BufNewFile,BufRead *.c,*.h exec 'match Todo /\%>' . &textwidth . 'v.\+/'
-
-
-## FAQ & Statement Reference
-
-### Comments
-
-Comments should always use the standard C syntax.  C++ style comments are not
-currently allowed.
-
-The lines before a comment should be empty. If the comment directly belongs to
-the following code, there should be no empty line after the comment, except if
-the comment contains a summary of multiple following code blocks.
-
-This is good:
-
-    ...
-    int i;
-
-    /*
-     * This is a multi line comment,
-     * which explains the logical steps we have to do:
-     *
-     * 1. We need to set i=5, because...
-     * 2. We need to call complex_fn1
-     */
-
-    /* This is a one line comment about i = 5. */
-    i = 5;
-
-    /*
-     * This is a multi line comment,
-     * explaining the call to complex_fn1()
-     */
-    ret = complex_fn1();
-    if (ret != 0) {
-    ...
-
-    /**
-     * @brief This is a doxygen comment.
-     *
-     * This is a more detailed explanation of
-     * this simple function.
-     *
-     * @param[in]   param1     The parameter value of the function.
-     *
-     * @param[out]  result1    The result value of the function.
-     *
-     * @return              0 on success and -1 on error.
-     */
-    int example(int param1, int *result1);
-
-This is bad:
-
-    ...
-    int i;
-    /*
-     * This is a multi line comment,
-     * which explains the logical steps we have to do:
-     *
-     * 1. We need to set i=5, because...
-     * 2. We need to call complex_fn1
-     */
-    /* This is a one line comment about i = 5. */
-    i = 5;
-    /*
-     * This is a multi line comment,
-     * explaining the call to complex_fn1()
-     */
-    ret = complex_fn1();
-    if (ret != 0) {
-    ...
-
-    /*This is a one line comment.*/
-
-    /* This is a multi line comment,
-       with some more words...*/
-
-    /*
-     * This is a multi line comment,
-     * with some more words...*/
-
-### Indentation & Whitespace & 80 columns
-
-To avoid confusion, indentations have to be 4 spaces. Do not use tabs!.  When
-wrapping parameters for function calls, align the parameter list with the first
-parameter on the previous line.  For example,
-
-    var1 = foo(arg1,
-               arg2,
-               arg3);
-
-The previous example is intended to illustrate alignment of function
-parameters across lines and not as encourage for gratuitous line
-splitting.  Never split a line before columns 70 - 79 unless you
-have a really good reason.  Be smart about formatting.
-
-
-### If, switch, & Code blocks
-
-Always follow an 'if' keyword with a space but don't include additional
-spaces following or preceding the parentheses in the conditional.
-This is good:
-
-    if (x == 1)
-
-This is bad:
-
-    if ( x == 1 )
-
-or
-
-    if (x==1)
-
-Yes we have a lot of code that uses the second and third form and we are trying
-to clean it up without being overly intrusive.
-
-Note that this is a rule about parentheses following keywords and not
-functions.  Don't insert a space between the name and left parentheses when
-invoking functions.
-
-Braces for code blocks used by for, if, switch, while, do..while, etc.  should
-begin on the same line as the statement keyword and end on a line of their own.
-You should always include braces, even if the block only contains one
-statement.  **NOTE**: Functions are different and the beginning left brace should
-be located in the first column on the next line.
-
-If the beginning statement has to be broken across lines due to length, the
-beginning brace should be on a line of its own.
-
-The exception to the ending rule is when the closing brace is followed by
-another language keyword such as else or the closing while in a do..while loop.
-
-Good examples:
-
-    if (x == 1) {
-        printf("good\n");
-    }
-
-    for (x = 1; x < 10; x++) {
-        print("%d\n", x);
-    }
-
-    for (really_really_really_really_long_var_name = 0;
-         really_really_really_really_long_var_name < 10;
-         really_really_really_really_long_var_name++)
-    {
-        print("%d\n", really_really_really_really_long_var_name);
-    }
-
-    do {
-        printf("also good\n");
-    } while (1);
-
-Bad examples:
-
-    while (1)
-    {
-        print("I'm in a loop!\n"); }
-
-    for (x=1;
-         x<10;
-         x++)
-    {
-        print("no good\n");
-    }
-
-    if (i < 10)
-        print("I should be in braces.\n");
-
-
-### Goto
-
-While many people have been academically taught that "goto"s are fundamentally
-evil, they can greatly enhance readability and reduce memory leaks when used as
-the single exit point from a function. But in no libssh world what so ever is a
-goto outside of a function or block of code a good idea.
-
-Good Examples:
-
-    int function foo(int y)
-    {
-        int *z = NULL;
-        int rc = 0;
-
-        if (y < 10) {
-            z = malloc(sizeof(int)*y);
-            if (z == NULL) {
-                rc = 1;
-                goto done;
-            }
-        }
-
-        print("Allocated %d elements.\n", y);
-
-    done:
-        if (z != NULL) {
-            free(z);
-        }
-
-        return rc;
-    }
-
-### Initialize pointers
-
-All pointer variables **MUST** be initialized to `NULL`. History has
-demonstrated that uninitialized pointer variables have lead to various
-bugs and security issues.
-
-Pointers **MUST** be initialized even if the assignment directly follows
-the declaration, like pointer2 in the example below, because the
-instructions sequence may change over time.
-
-Good Example:
-
-    char *pointer1 = NULL;
-    char *pointer2 = NULL;
-
-    pointer2 = some_func2();
-
-    ...
-
-    pointer1 = some_func1();
-
-### Typedefs
-
-libssh tries to avoid `typedef struct { .. } x_t;` so we do always try to use
-`struct x { .. };`. We know there are still such typedefs in the code, but for
-new code, please don't do that anymore.
-
-### Make use of helper variables
-
-Please try to avoid passing function calls as function parameters in new code.
-This makes the code much easier to read and it's also easier to use the "step"
-command within gdb.
-
-Good Example:
-
-    char *name;
-
-    name = get_some_name();
-    if (name == NULL) {
-        ...
-    }
-
-    rc = some_function_my_name(name);
-    ...
-
-
-Bad Example:
-
-    rc = some_function_my_name(get_some_name());
-    ...
-
-Please try to avoid passing function return values to if- or while-conditions.
-The reason for this is better handling of code under a debugger.
-
-Good example:
-
-    x = malloc(sizeof(short) * 10);
-    if (x == NULL) {
-        fprintf(stderr, "Unable to alloc memory!\n");
-    }
-
-Bad example:
-
-    if ((x = malloc(sizeof(short)*10)) == NULL ) {
-        fprintf(stderr, "Unable to alloc memory!\n");
-    }
-
-There are exceptions to this rule. One example is walking a data structure in
-an iterator style:
-
-    while ((opt = poptGetNextOpt(pc)) != -1) {
-        ... do something with opt ...
-    }
-
-But in general, please try to avoid this pattern.
-
-
-### Control-Flow changing macros
-
-Macros like `STATUS_NOT_OK_RETURN` that change control flow (return/goto/etc)
-from within the macro are considered bad, because they look like function calls
-that never change control flow. Please do not introduce them.
-
-### Switch/case indentation
-
-The `case` should not be indented to avoid wasting too much horizontal space.
-When the case block contains local variables that need to be wrapped in braces,
-they should not be indented again either.
-
-Good example:
-
-    switch (x) {
-    case 0:
-        do_stuff();
-        break;
-    case 1: {
-        int y;
-        do_stuff();
-        break;
-    }
-    default:
-        do_other_stuff();
-        break;
-    }
-
-Bad example:
-
-    switch (x) {
-        case 0:
-            do_stuff();
-            break;
-        case 1:
-            {
-                int y;
-                do_stuff();
-                break;
-            }
-        default:
-            do_other_stuff();
-            break;
-    }
-
-## ABI Versioning and Symbol Management
-
-To maintain [ABI](https://en.wikipedia.org/wiki/Application_binary_interface) stability
-and ensure backward compatibility, libssh uses **symbol versioning** to track and manage
-exported functions and variables. This allows libssh to introduce new symbols or modify
-existing functions in an ABI-compatible way.
-
-When introducing a new symbol:
-
-1. Use the `LIBSSH_API` macro to mark the symbol as part of the public API.
-2. If you have [abimap](https://github.com/ansasaki/abimap) installed, the new symbols are
-automatically generated in the `src/libssh_dev.map` file in the **build** directory and used automatically for building the updated library. But, depending on the version of `abimap` under use, you may face linker errors like: `unable to find version dependency LIBSSH_4_9_0`. In this case, you need to manually replace the existing `src/libssh.map` file with the generated `libssh_dev.map` file to update the symbol versioning.
-3. If you do not have abimap installed, the modified/added symbols must manually be added to the
-`src/libssh.map` file. The symbols must be added in the following format (assuming that 4_10_0 is the latest released version):
-
-```
-LIBSSH_AFTER_4_10_0
-{
-    global:
-        new_function;
-        new_variable;
-} LIBSSH_4_10_0;
-```
-4. After following either of the above steps, the library can be successfully built and
-tested without any linker errors.
-
-5. When submitting the patch, make sure that any new symbols have been added to `libssh.map` as described in step 3, so that the new additions may not be excluded from the next release due to human error.
-
-Also, to maintain ABI compatibility, existing symbols must not be removed. Instead, they can
-be marked as deprecated using the `LIBSSH_DEPRECATED` macro. This allows the symbol to be
-removed in a future release without breaking the ABI.
-
-Have fun and happy libssh hacking!
-
-The libssh Team
--- a/CPackConfig.cmake
+++ b/CPackConfig.cmake
@@ -10,7 +10,7 @@ set(CPACK_PACKAGE_VERSION ${PROJECT_VERSION})

 # SOURCE GENERATOR
 set(CPACK_SOURCE_GENERATOR "TXZ")
-set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]bare/;/[.]git/;/[.]git;/[.]clangd/;/[.]cache/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
+set(CPACK_SOURCE_IGNORE_FILES "~$;[.]swp$;/[.]git/;/[.]clangd/;.gitignore;/build*;/obj*;tags;cscope.*;compile_commands.json;.*\.patch")
 set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}")

 ### NSIS INSTALLER
--- a/251
+++ b/251
@@ -1,151 +1,5 @@
-CHANGELOG
-=========
-
-version 0.11.0 (released 2024-07-31)
-  * Deprecations and Removals:
-    * Dropped support for DSA
-    * Deprecated Blowfish cipher (will be removed in next release)
-    * Deprecated SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEY
-    * Removed the usage of deprecated OpenSSL APIs (Note: Minimum supported
-      OpenSSL version is 1.1.1)
-    * Disabled preauth compression (zlib) by default
-    * Support for pkcs#11 engines are deprecated, pkcs11-provider is used instead
-    * Deprecation of old async SFTP API
-    * libgcrypt cryptographic backend is deprecated
-    * Deprecation of knownhosts hashing
-  * SFTP Improvements:
-    * Added support for async SFTP IO
-    * Added support for sftp_limits() and applied capping to SFTP read/write
-      operations accordingly
-    * Added sftp_home_directory() API support for sftp extension "home-directory"
-    * Added sftp_lsetstat() API for lsetstat extensions
-    * Added sftp_expand_path() to canonicalize path using expand-path@openssh.com
-      extension
-    * Implemented stat and realpath in sftpserver
-    * Added sftp_readlink() API to support hardlink@openssh.com
-    * New extensible callback based SFTP server
-    * Introduced the posix-rename@openssh.com extension
-  * New functions and features:
-    * Added support for PKCS #11 provider for OpenSSL 3.0
-    * Added testing for GSSAPI Authentication
-    * Implemented proxy jump using libssh
-    * Recategorized loglevels to show fatal errors and alignment with OpenSSH
-      log levels
-    * Added ssh_channel_request_pty_size_modes() API to set terminal modes for
-      PTYs
-    * Added function to check username syntax
-    * Added support to check all keys in authorized_keys instead of one in
-      example server implementation
-    * Handled hostkey similar to OpenSSH
-    * Added ssh_session_socket_close() API in order to not close socket passed
-      through options on error conditions
-    * Added option SSH_BIND_OPTIONS_IMPORT_KEY_STR to read user-supplied key
-      string in ssh_bind_options_set()
-    * Improved log handling around ssh_set_callbacks
-    * Added ssh_set_error_invalid in ssh_options_set()
-    * Prevented signature blob to start with 1 bit in libgcrypt
-    * Added support to unbreak key comparison of Ed25519 keys imported from PEM
-      or OpenSSH container
-    * Added support to calculate missing CRT parameters when building RSA key
-    * Added ssh_pki_export_privkey_base64_format() and
-      ssh_pki_export_privkey_file_format() to support exporting keys in different
-      formats (PEM, OpenSSH)
-    * Added support to compare certificates and handle automatic certificate
-      authentication
-    * Added support to make compile-commands generation conditional
-    * Built fuzzers for normal testing
-    * Avoided passing other events to callbacks when called recursively
-    * Added control master and path options
-    * Refactored channel_rcv_data, check for errors and report more useful errors
-    * Added support to connect to other host addresses than just the first one
-    * Terminated the server properly when the MaxAuthTries is reached
-    * Added support for no-more-sessions@openssh.com request in both client and
-      server
-    * Added callback to support forwarded-tcpip requests
-    * Bumped minimal CMake version to 3.12
-    * Added support for MBedTLS 3.6.x
-    * Added support for +,-,^ modifiers in front of algorithm lists in options
-    * Added callbacks for channel open response, and channel request response
-    * Replaced chroot() from chroot_wrapper internal library with chroot()
-      from priv_wrapper package
-    * Added a placeholder for non-expanded identities
-    * Improved handling of channel transfer window sizes
-
-version 0.10.6 (released 2023-12-18)
- * Fix CVE-2023-6004: Command injection using proxycommand
- * Fix CVE-2023-48795: Potential downgrade attack using strict kex
- * Fix CVE-2023-6918: Missing checks for return values of MD functions
- * Fix ssh_send_issue_banner() for CMD(PowerShell)
- * Avoid passing other events to callbacks when poll is called recursively (#202)
- * Allow @ in usernames when parsing from URI composes
-
-version 0.10.5 (released 2023-05-04)
- * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing
- * Fix CVE-2023-2283: a possible authorization bypass in
-   pki_verify_data_signature under low-memory conditions.
- * Fix several memory leaks in GSSAPI handling code
- * Escape braces in ProxyCommand created from ProxyJump options for zsh
-   compatibility.
- * Fix pkg-config path relocation for MinGW
- * Improve doxygen documentation
- * Fix build with cygwin due to the glob support
- * Do not enqueue outgoing packets after sending SSH2_MSG_NEWKEYS
- * Add support for SSH_SUPPRESS_DEPRECATED
- * Avoid functions declarations without prototype to build with clang 15
- * Fix spelling issues
- * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles repetitively
- * Add support sk-* keys through configuration
- * Improve checking for Argp library
- * Log information about received extensions
- * Correctly handle rekey with delayed compression
- * Move the EC keys handling to OpenSSL 3.0 API
- * Record peer disconnect message
- * Avoid deadlock when write buffering occurs and we call poll recursively to
-   flush the output buffer
- * Disable preauthentication compression by default
- * Add CentOS 8 Stream / OpenSSL 1.1.1 to CI
- * Add accidentally removed default compile flags
- * Solve incorrect parsing of ProxyCommand option
-
-version 0.10.4 (released 2022-09-07)
-  * Fixed issues with KDF on big endian
-
-version 0.10.3 (released 2022-09-05)
-  * Fixed possible infinite loop in known hosts checking
-
-version 0.10.2 (released 2022-09-02)
-  * Fixed tilde expansion when handling include directives
-  * Fixed building the shared torture library
-  * Made rekey test more robust (fixes running on i586 build systems e.g koji)
-
-version 0.10.1 (released 2022-08-30)
-  * Fixed proxycommand support
-  * Fixed musl libc support
-
-version 0.10.0 (released 2022-08-26)
-  * Added support for OpenSSL 3.0
-  * Added support for mbedTLS 3
-  * Added support for Smart Cards  (through openssl pkcs11 engine)
-  * Added support for chacha20-poly1305@openssh.com with libgcrypt
-  * Added support ed25519 keys in PEM files
-  * Added support for sk-ecdsa and sk-ed25519 (server side)
-  * Added support for limiting RSA key sizes and not accepting small one by
-    default
-  * Added support for ssh-agent on Windows
-  * Added ssh_userauth_publickey_auto_get_current_identity() API
-  * Added ssh_vlog() API
-  * Added ssh_send_issue_banner() API
-  * Added ssh_session_set_disconnect_message() API
-  * Added new configuration options:
-    + IdentityAgent
-    + ModuliFile
-  * Provided X11 client example
-  * Disabled DSA support at build time by default (will be removed in the next
-    release)
-  * Deprecated the SCP API!
-  * Deprecated old pubkey, privatekey API
-  * Avoided some needless large stack buffers to minimize memory footprint
-  * Removed support for OpenSSL < 1.0.1
+ChangeLog
+==========

 version 0.9.6 (released 2021-08-26)
  * CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
@@ -178,7 +32,7 @@ version 0.9.4 (released 2020-04-09)
  * Fixed CVE-2020-1730 - Possible DoS in client and server when handling
    AES-CTR keys with OpenSSL
  * Added diffie-hellman-group14-sha256
-  * Fixed several possible memory leaks
+  * Fixed serveral possible memory leaks

 version 0.9.3 (released 2019-12-10)
  * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
@@ -214,7 +68,7 @@ version 0.9.1 (released 2019-10-25)
  * Fixed deprecation issues (T165)
  * Fixed known_hosts directory creation (T166)

-version 0.9.0 (released 2019-02-xx)
+version 0.9.0 (released 2019-06-28)
  * Added support for AES-GCM
  * Added improved rekeying support
  * Added performance improvements
@@ -229,6 +83,71 @@ version 0.9.0 (released 2019-02-xx)
  * Improved documentation
  * Improved OpenSSL API usage for KEX, DH, and signatures

+version 0.8.7 (released 2019-02-25)
+  * Fixed handling extension flags in the server implementation
+  * Fixed exporting ed25519 private keys
+  * Fixed corner cases for rsa-sha2 signatures
+  * Fixed some issues with connector
+
+version 0.8.6 (released 2018-12-24)
+  * Fixed compilation issues with different OpenSSL versions
+  * Fixed StrictHostKeyChecking in new knownhosts API
+  * Fixed ssh_send_keepalive() with packet filter
+  * Fixed possible crash with knownhosts options
+  * Fixed issus with rekeying
+  * Fixed strong ECDSA keys
+  * Fixed some issues with rsa-sha2 extentions
+  * Fixed access violation in ssh_init() (static linking)
+  * Fixed ssh_channel_close() handling
+
+version 0.8.5 (released 2018-10-29)
+  * Added support to get known_hosts locations with ssh_options_get()
+  * Fixed preferred algorithm for known hosts negotiations
+  * Fixed KEX with some server implementations (e.g. Cisco)
+  * Fixed issues with MSVC
+  * Fixed keyboard-interactive auth in server mode
+    (regression from CVE-2018-10933)
+  * Fixed gssapi auth in server mode (regression from CVE-2018-10933)
+  * Fixed socket fd handling with proxy command
+  * Fixed a memory leak with OpenSSL
+
+version 0.8.4 (released 2018-10-16)
+  * Fixed CVE-2018-10933
+  * Fixed building without globbing support
+  * Fixed possible memory leaks
+  * Avoid SIGPIPE on sockets
+
+version 0.8.3 (released 2018-09-21)
+  * Added support for rsa-sha2
+  * Added support to parse private keys in openssh container format
+    (other than ed25519)
+  * Added support for diffie-hellman-group18-sha512 and
+    diffie-hellman-group16-sha512
+  * Added ssh_get_fingerprint_hash()
+  * Added ssh_pki_export_privkey_base64()
+  * Added support for Match keyword in config file
+  * Improved performance and reduced memory footprint for sftp
+  * Fixed ecdsa publickey auth
+  * Fixed reading a closed channel
+  * Added support to announce posix-rename@openssh.com and
+    hardlink@openssh.com in the sftp server
+
+version 0.8.2 (released 2018-08-30)
+  * Added sha256 fingerprints for pubkeys
+  * Improved compiler flag detection
+  * Fixed race condition in reading sftp messages
+  * Fixed doxygen generation and added modern style
+  * Fixed library initialization on Windows
+  * Fixed __bounded__ attribute detection
+  * Fixed a bug in the options parser
+  * Fixed documentation for new knwon_hosts API
+
+version 0.8.1 (released 2018-08-13)
+  * Fixed version number in the header
+  * Fixed version number in pkg-config and cmake config
+  * Fixed library initialization
+  * Fixed attribute detection
+
 version 0.8.0 (released 2018-08-10)
  * Removed support for deprecated SSHv1 protocol
  * Added new connector API for clients
@@ -329,7 +248,7 @@ version 0.6.1 (released 2014-02-08)
  * Fixed DSA signature extraction.
  * Fixed some memory leaks.
  * Fixed read of non-connected socket.
-  * Fixed thread detection.
+  * Fixed thread dectection.

 version 0.6.0 (released 2014-01-08)
  * Added new publicy key API.
@@ -354,7 +273,7 @@ version 0.6.0 (released 2014-01-08)
 version 0.5.5 (released 2013-07-26)
  * BUG 103: Fix ProxyCommand parsing.
  * Fix setting -D_FORTIFY_SOURCE=2.
-  * Fix pollset error return if empty.
+  * Fix pollset error return if emtpy.
  * Fix NULL pointer checks in channel functions.
  * Several bugfixes.

@@ -370,7 +289,7 @@ version 0.5.3 (released 2012-11-20)
  * BUG #84 - Fix bug in sftp_mkdir not returning on error.
  * BUG #85 - Fixed a possible channel infinite loop if the connection dropped.
  * BUG #88 - Added missing channel request_state and set it to accepted.
-  * BUG #89 - Reset error state to no error on successful SSHv1 authentication.
+  * BUG #89 - Reset error state to no error on successful SSHv1 authentiction.
  * Fixed a possible use after free in ssh_free().
  * Fixed multiple possible NULL pointer dereferences.
  * Fixed multiple memory leaks in error paths.
@@ -431,7 +350,7 @@ version 0.4.7 (released 2010-12-28)
  * Fixed a possible memory leak in ssh_get_user_home().
  * Fixed a memory leak in sftp_xstat.
  * Fixed uninitialized fd->revents member.
-  * Fixed timeout value in ssh_channel_accept().
+  * Fixed timout value in ssh_channel_accept().
  * Fixed length checks in ssh_analyze_banner().
  * Fixed a possible data overread and crash bug.
  * Fixed setting max_fd which breaks ssh_select().
@@ -454,7 +373,7 @@ version 0.4.5 (released 2010-07-13)
  * Added option to bind a client to an ip address.
  * Fixed the ssh socket polling function.
  * Fixed Windows related bugs in bsd_poll().
-  * Fixed several build warnings.
+  * Fixed serveral build warnings.

 version 0.4.4 (released 2010-06-01)
  * Fixed a bug in the expand function for escape sequences.
@@ -473,17 +392,17 @@ version 0.4.3 (released 2010-05-18)
  * Fixed sftp_chown.
  * Fixed sftp_rename on protocol version 3.
  * Fixed a blocking bug in channel_poll.
-  * Fixed config parsing which has overwritten user specified values.
+  * Fixed config parsing wich has overwritten user specified values.
  * Fixed hashed [host]:port format in knownhosts
  * Fixed Windows build.
-  * Fixed doublefree happening after a negotiation error.
+  * Fixed doublefree happening after a negociation error.
  * Fixed aes*-ctr with <= OpenSSL 0.9.7b.
  * Fixed some documentation.
  * Fixed exec example which has broken read usage.
  * Fixed broken algorithm choice for server.
  * Fixed a typo that we don't export all symbols.
  * Removed the unneeded dependency to doxygen.
-  * Build examples only on the Linux platform.
+  * Build examples only on the Linux plattform.

 version 0.4.2 (released 2010-03-15)
  * Added owner and group information in sftp attributes.
@@ -505,7 +424,7 @@ version 0.4.1 (released 2010-02-13)
  * Added an example for exec.
  * Added private key type detection feature in privatekey_from_file().
  * Fixed zlib compression fallback.
-  * Fixed kex bug that client preference should be priority
+  * Fixed kex bug that client preference should be prioritary
  * Fixed known_hosts file set by the user.
  * Fixed a memleak in channel_accept().
  * Fixed underflow when leave_function() are unbalanced
@@ -563,6 +482,14 @@ version 0.3.2 (released 2009-08-05)
  * Fixed compilation on Solaris.
  * Fixed SSHv1 compilation.

+version 0.3.1 (released 2009-07-14)
+  * Added return code SSH_SERVER_FILE_NOT_FOUND.
+  * Fixed compilation of SSHv1.
+  * Fixed several memory leaks.
+  * Fixed possible infinite loops.
+  * Fixed a possible crash bug.
+  * Fixed build warnings.
+  * Fixed cmake on BSD.
 version 0.3.1 (released 2009-07-14)
  * Added return code SSH_SERVER_FILE_NOT_FOUND.
  * Fixed compilation of SSHv1.
@@ -612,7 +539,7 @@ version 0.2 (released 2007-11-29)
 version 0.11-dev
  * Server implementation development.
  * Small bug corrected when connecting to sun ssh servers.
-  * Channel weirdness corrected (writing huge data packets)
+  * Channel wierdness corrected (writing huge data packets)
  * Channel_read_nonblocking added
  * Channel bug where stderr wasn't correctly read fixed.
  * Added sftp_file_set_nonblocking(), which is nonblocking SFTP IO
@@ -643,7 +570,7 @@ version 0.11-dev
  * Keyboard-interactive authentication working.

 version 0.1 (released 2004-03-05)
-  * Beginning of sftp subsystem implementation.
+  * Begining of sftp subsystem implementation.
  * Some cleanup into channels implementation
  * Now every channel functions is called by its CHANNEL handler.
  * Added channel_poll() and channel_read().
@@ -664,7 +591,7 @@ version 0.0.4 (released 2003-10-10)
  * Added a wrapper.c file. The goal is to provide a similar API to every
    cryptographic functions. bignums and sha/md5 are wrapped now.
  * More work than it first looks.
-  * Support for other crypto libs planned (lighter libs)
+  * Support for other crypto libs planed (lighter libs)
  * Fixed stupid select() bug.
  * Libssh now compiles and links with openssl 0.9.6
  * RSA pubkey authentication code now works !
--- a/CompilerChecks.cmake
+++ b/CompilerChecks.cmake
@@ -16,6 +16,7 @@ if (UNIX)
        endif()
    endif()

+    add_c_compiler_flag("-std=gnu99" SUPPORTED_COMPILER_FLAGS)
    add_c_compiler_flag("-Wpedantic" SUPPORTED_COMPILER_FLAGS)
    add_c_compiler_flag("-Wall" SUPPORTED_COMPILER_FLAGS)
    add_c_compiler_flag("-Wshadow" SUPPORTED_COMPILER_FLAGS)
@@ -42,13 +43,6 @@ if (UNIX)
    add_c_compiler_flag("-Wno-format-zero-length" SUPPORTED_COMPILER_FLAGS)
    add_c_compiler_flag("-Wmissing-field-initializers" SUPPORTED_COMPILER_FLAGS)
    add_c_compiler_flag("-Wsign-compare" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Wold-style-definition" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Werror=old-style-definition" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Wimplicit-int" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Werror=implicit-int" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Wint-conversion" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Werror=int-conversion" SUPPORTED_COMPILER_FLAGS)
-    add_c_compiler_flag("-Werror=unused-variable" SUPPORTED_COMPILER_FLAGS)

    check_c_compiler_flag("-Wformat" REQUIRED_FLAGS_WFORMAT)
    if (REQUIRED_FLAGS_WFORMAT)
@@ -76,7 +70,7 @@ if (UNIX)
    check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
    if (WITH_STACK_PROTECTOR_STRONG)
        list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
-        # This is needed as Solaris has a separate libssp
+        # This is needed as Solaris has a seperate libssp
        if (SOLARIS)
            list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector-strong")
        endif()
@@ -84,21 +78,16 @@ if (UNIX)
        check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
        if (WITH_STACK_PROTECTOR)
            list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
-            # This is needed as Solaris has a separate libssp
+            # This is needed as Solaris has a seperate libssp
            if (SOLARIS)
                list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector")
            endif()
        endif()
    endif (WITH_STACK_PROTECTOR_STRONG)

-    if (NOT WINDOWS AND NOT CYGWIN)
-        # apple m* chips do not support this option
-        if (NOT ${CMAKE_SYSTEM_PROCESSOR} STREQUAL arm64)
-            check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION)
-            if (WITH_STACK_CLASH_PROTECTION)
-                list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection")
-            endif()
-        endif()
+    check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION)
+    if (WITH_STACK_CLASH_PROTECTION)
+        list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection")
    endif()

    if (PICKY_DEVELOPER)
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -44,8 +44,6 @@ int main(void){ return 0; }
 endif(CMAKE_COMPILER_IS_GNUCC AND NOT MINGW AND NOT OS2)

 # HEADER FILES
-check_function_exists(argp_parse HAVE_ARGP_PARSE)
-
 set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${ARGP_INCLUDE_DIR})
 check_include_file(argp.h HAVE_ARGP_H)
 unset(CMAKE_REQUIRED_INCLUDES)
@@ -64,7 +62,6 @@ check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
 check_include_file(byteswap.h HAVE_BYTESWAP_H)
 check_include_file(glob.h HAVE_GLOB_H)
 check_include_file(valgrind/valgrind.h HAVE_VALGRIND_VALGRIND_H)
-check_include_file(ifaddrs.h HAVE_IFADDRS_H)

 if (WIN32)
  check_include_file(io.h HAVE_IO_H)
@@ -78,37 +75,89 @@ endif (WIN32)

 if (OPENSSL_FOUND)
    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES OpenSSL::Crypto)
-
    check_include_file(openssl/des.h HAVE_OPENSSL_DES_H)
    if (NOT HAVE_OPENSSL_DES_H)
        message(FATAL_ERROR "Could not detect openssl/des.h")
    endif()

+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
    check_include_file(openssl/aes.h HAVE_OPENSSL_AES_H)
    if (NOT HAVE_OPENSSL_AES_H)
        message(FATAL_ERROR "Could not detect openssl/aes.h")
    endif()

    if (WITH_BLOWFISH_CIPHER)
-        check_include_file(openssl/blowfish.h HAVE_BLOWFISH)
+        set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+        check_include_file(openssl/blowfish.h HAVE_OPENSSL_BLOWFISH_H)
    endif()

+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
    check_include_file(openssl/ecdh.h HAVE_OPENSSL_ECDH_H)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
    check_include_file(openssl/ec.h HAVE_OPENSSL_EC_H)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
    check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H)

-    check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
-    check_function_exists(EVP_KDF_CTX_new HAVE_OPENSSL_EVP_KDF_CTX_NEW)
-    check_function_exists(FIPS_mode HAVE_OPENSSL_FIPS_MODE)
-    check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
-    check_function_exists(EVP_chacha20 HAVE_OPENSSL_EVP_CHACHA20)
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_aes_128_ctr HAVE_OPENSSL_EVP_AES_CTR)

-    # Check for ML-KEM availability (OpenSSL 3.5+)
-    if (OPENSSL_VERSION VERSION_GREATER_EQUAL "3.5.0")
-        set(HAVE_OPENSSL_MLKEM 1)
-        set(HAVE_MLKEM1024 1)
-    endif ()
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_aes_128_cbc HAVE_OPENSSL_EVP_AES_CBC)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_aes_128_gcm HAVE_OPENSSL_EVP_AES_GCM)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_CIPHER_CTX_new HAVE_OPENSSL_EVP_CIPHER_CTX_NEW)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(FIPS_mode HAVE_OPENSSL_FIPS_MODE)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_DigestSign HAVE_OPENSSL_EVP_DIGESTSIGN)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_function_exists(EVP_DigestVerify HAVE_OPENSSL_EVP_DIGESTVERIFY)
+
+    check_function_exists(OPENSSL_ia32cap_loc HAVE_OPENSSL_IA32CAP_LOC)
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_symbol_exists(EVP_PKEY_ED25519 "openssl/evp.h" FOUND_OPENSSL_ED25519)
+
+    if (HAVE_OPENSSL_EVP_DIGESTSIGN AND HAVE_OPENSSL_EVP_DIGESTVERIFY AND
+        FOUND_OPENSSL_ED25519)
+        set(HAVE_OPENSSL_ED25519 1)
+    endif()
+
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
+    check_symbol_exists(EVP_PKEY_X25519 "openssl/evp.h" HAVE_OPENSSL_X25519)

    unset(CMAKE_REQUIRED_INCLUDES)
    unset(CMAKE_REQUIRED_LIBRARIES)
@@ -126,13 +175,12 @@ if (NOT WITH_GCRYPT AND NOT WITH_MBEDTLS)
    if (HAVE_OPENSSL_ECC)
        set(HAVE_ECC 1)
    endif (HAVE_OPENSSL_ECC)
-
-    if (HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID OR HAVE_OPENSSL_EVP_KDF_CTX_NEW)
-        set(HAVE_OPENSSL_EVP_KDF_CTX 1)
-    endif (HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID OR HAVE_OPENSSL_EVP_KDF_CTX_NEW)
-
 endif ()

+if (NOT WITH_MBEDTLS)
+    set(HAVE_DSA 1)
+endif (NOT WITH_MBEDTLS)
+
 # FUNCTIONS

 check_function_exists(isblank HAVE_ISBLANK)
@@ -140,7 +188,6 @@ check_function_exists(strncpy HAVE_STRNCPY)
 check_function_exists(strndup HAVE_STRNDUP)
 check_function_exists(strtoull HAVE_STRTOULL)
 check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
-check_function_exists(memset_explicit HAVE_MEMSET_EXPLICIT)
 check_function_exists(memset_s HAVE_MEMSET_S)

 if (HAVE_GLOB_H)
@@ -231,36 +278,11 @@ if (GCRYPT_FOUND)
        set(HAVE_GCRYPT_ECC 1)
        set(HAVE_ECC 1)
    endif (GCRYPT_VERSION VERSION_GREATER "1.4.6")
-    if (NOT GCRYPT_VERSION VERSION_LESS "1.7.0")
-        set(HAVE_GCRYPT_CHACHA_POLY 1)
-        set(HAVE_GCRYPT_CURVE25519 1)
-    endif (NOT GCRYPT_VERSION VERSION_LESS "1.7.0")
-    if (GCRYPT_VERSION VERSION_GREATER_EQUAL "1.10.1")
-        set(HAVE_GCRYPT_MLKEM 1)
-        set(HAVE_MLKEM1024 1)
-    endif ()
 endif (GCRYPT_FOUND)

 if (MBEDTLS_FOUND)
    set(HAVE_LIBMBEDCRYPTO 1)
    set(HAVE_ECC 1)
-
-    set(CMAKE_REQUIRED_INCLUDES "${MBEDTLS_INCLUDE_DIR}/mbedtls")
-    check_include_file(chacha20.h HAVE_MBEDTLS_CHACHA20_H)
-    check_include_file(poly1305.h HAVE_MBEDTLS_POLY1305_H)
-    if (MBEDTLS_VERSION VERSION_LESS "3.0.0")
-        check_symbol_exists(MBEDTLS_ECP_DP_CURVE25519_ENABLED "config.h" HAVE_MBEDTLS_CURVE25519)
-    else()
-        check_symbol_exists(MBEDTLS_ECP_DP_CURVE25519_ENABLED "mbedtls_config.h" HAVE_MBEDTLS_CURVE25519)
-    endif()
-
-
-    if (WITH_BLOWFISH_CIPHER)
-        check_include_file(blowfish.h HAVE_BLOWFISH)
-    endif()
-
-    unset(CMAKE_REQUIRED_INCLUDES)
-
 endif (MBEDTLS_FOUND)

 if (CMAKE_USE_PTHREADS_INIT)
@@ -294,7 +316,7 @@ int main(void) {
 # For detecting attributes we need to treat warnings as
 # errors
 if (UNIX OR MINGW)
-    # Get warnings for attributes
+    # Get warnings for attributs
    check_c_compiler_flag("-Wattributes" REQUIRED_FLAGS_WERROR)
    if (REQUIRED_FLAGS_WERROR)
        string(APPEND CMAKE_REQUIRED_FLAGS "-Wattributes ")
@@ -349,23 +371,6 @@ int main(void) {
    return 0;
 }" HAVE_FALLTHROUGH_ATTRIBUTE)

-check_c_source_compiles("
-#define WEAK __attribute__((weak))
-
-WEAK int sum(int a, int b)
-{
-    return a + b;
-}
-
-int main(void)
-{
-    int i = sum(2, 2);
-
-    (void)i;
-
-    return 0;
-}" HAVE_WEAK_ATTRIBUTE)
-
 if (NOT WIN32)
    check_c_source_compiles("
    #define __unused __attribute__((unused))
@@ -459,28 +464,6 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
    set(WITH_GSSAPI 0)
 endif (WITH_GSSAPI AND NOT GSSAPI_FOUND)

-if (WITH_PKCS11_URI)
-    if (WITH_GCRYPT)
-        message(FATAL_ERROR "PKCS #11 is not supported for gcrypt.")
-        set(WITH_PKCS11_URI 0)
-    elseif (WITH_MBEDTLS)
-        message(FATAL_ERROR "PKCS #11 is not supported for mbedcrypto")
-        set(WITH_PKCS11_URI 0)
-    elseif (OPENSSL_FOUND AND OPENSSL_VERSION VERSION_GREATER_EQUAL "3.0.0")
-        find_library(PKCS11_PROVIDER
-            NAMES
-                pkcs11.so
-            PATH_SUFFIXES
-                ossl-modules
-        )
-        if (NOT PKCS11_PROVIDER)
-            set(WITH_PKCS11_PROVIDER 0)
-            message(WARNING "Could not find pkcs11 provider! Falling back to engines")
-            message(WARNING "The support for engines is deprecated in OpenSSL and will be removed from libssh in the future releases.")
-        endif (NOT PKCS11_PROVIDER)
-    endif ()
-endif()
-
 # ENDIAN
 if (NOT WIN32)
    test_big_endian(WORDS_BIGENDIAN)
--- a/DefineOptions.cmake
+++ b/DefineOptions.cmake
@@ -2,33 +2,26 @@ option(WITH_GSSAPI "Build with GSSAPI support" ON)
 option(WITH_ZLIB "Build with ZLIB support" ON)
 option(WITH_SFTP "Build with SFTP support" ON)
 option(WITH_SERVER "Build with SSH server support" ON)
-option(WITH_DEBUG_CRYPTO "Build with crypto debug output" OFF)
+option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
 option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
 option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
-option(WITH_GCRYPT "Compile against libgcrypt (deprecated)" OFF)
+option(WITH_GCRYPT "Compile against libgcrypt" OFF)
 option(WITH_MBEDTLS "Compile against libmbedtls" OFF)
 option(WITH_BLOWFISH_CIPHER "Compile with blowfish support" OFF)
 option(WITH_PCAP "Compile with Pcap generation support" ON)
 option(WITH_INTERNAL_DOC "Compile doxygen internal documentation" OFF)
 option(BUILD_SHARED_LIBS "Build shared libraries" ON)
-option(WITH_PKCS11_URI "Build with PKCS#11 URI support" OFF)
-option(WITH_PKCS11_PROVIDER "Use the PKCS#11 provider for accessing pkcs11 objects" OFF)
-option(WITH_FIDO2 "Build with FIDO2/U2F support" OFF)
 option(UNIT_TESTING "Build with unit tests" OFF)
 option(CLIENT_TESTING "Build with client tests; requires openssh" OFF)
 option(SERVER_TESTING "Build with server tests; requires openssh and dropbear" OFF)
-option(GSSAPI_TESTING "Build with GSSAPI tests; requires krb5-server,krb5-libs and krb5-workstation" OFF)
-option(WITH_BENCHMARKS "Build benchmarks tools; enables unit testing and client tests" OFF)
+option(WITH_BENCHMARKS "Build benchmarks tools" OFF)
 option(WITH_EXAMPLES "Build examples" ON)
 option(WITH_NACL "Build with libnacl (curve25519)" ON)
 option(WITH_SYMBOL_VERSIONING "Build with symbol versioning" ON)
 option(WITH_ABI_BREAK "Allow ABI break" OFF)
 option(WITH_GEX "Enable DH Group exchange mechanisms" ON)
-option(WITH_INSECURE_NONE "Enable insecure none cipher and MAC algorithms (not suitable for production!)" OFF)
-option(WITH_EXEC "Enable libssh to execute arbitrary commands from configuration files or options (match exec, proxy commands and OpenSSH-based proxy-jumps)." ON)
-option(FUZZ_TESTING "Build with fuzzer for the server and client (automatically enables none cipher!)" OFF)
+option(FUZZ_TESTING "Build with fuzzer for the server" OFF)
 option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
-option(WITH_HERMETIC_USR "Build with support for hermetic /usr/" OFF)

 if (WITH_ZLIB)
    set(WITH_LIBZ ON)
@@ -41,7 +34,7 @@ if (WITH_BENCHMARKS)
  set(CLIENT_TESTING ON)
 endif()

-if (UNIT_TESTING OR CLIENT_TESTING OR SERVER_TESTING OR GSSAPI_TESTING)
+if (UNIT_TESTING OR CLIENT_TESTING OR SERVER_TESTING)
  set(BUILD_STATIC_LIB ON)
 endif()

@@ -60,16 +53,3 @@ endif (NOT GLOBAL_BIND_CONFIG)
 if (NOT GLOBAL_CLIENT_CONFIG)
  set(GLOBAL_CLIENT_CONFIG "/etc/ssh/ssh_config")
 endif (NOT GLOBAL_CLIENT_CONFIG)
-
-if (WITH_HERMETIC_USR)
-  set(USR_GLOBAL_BIND_CONFIG "/usr${GLOBAL_BIND_CONFIG}")
-  set(USR_GLOBAL_CLIENT_CONFIG "/usr${GLOBAL_CLIENT_CONFIG}")
-endif (WITH_HERMETIC_USR)
-
-if (FUZZ_TESTING)
-  set(WITH_INSECURE_NONE ON)
-endif (FUZZ_TESTING)
-
-if (WIN32)
-    set(WITH_EXEC 0)
-endif(WIN32)
--- a/19
+++ b/19
@@ -7,13 +7,11 @@
 In order to build libssh, you need to install several components:

 - A C compiler
- [CMake](https://www.cmake.org) >= 3.12.0
+- [CMake](https://www.cmake.org) >= 2.6.0.
+- [openssl](https://www.openssl.org) >= 0.9.8
+or
+- [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.4
 - [libz](https://www.zlib.net) >= 1.2
- [openssl](https://www.openssl.org) >= 1.1.1
-or
- [gcrypt](https://www.gnu.org/directory/Security/libgcrypt.html) >= 1.5
-or
- [Mbed TLS](https://www.trustedfirmware.org/projects/mbed-tls/)

 optional:
 - [cmocka](https://cmocka.org/) >= 1.1.0
@@ -21,7 +19,6 @@ optional:
 - [nss_wrapper](https://cwrap.org/) >= 1.1.2
 - [uid_wrapper](https://cwrap.org/) >= 1.2.0
 - [pam_wrapper](https://cwrap.org/) >= 1.0.1
- [priv_wrapper](https://cwrap.org/) >= 1.0.0

 Note that these version numbers are version we know works correctly. If you
 build and run libssh successfully with an older version, please let us know.
@@ -38,16 +35,14 @@ First, you need to configure the compilation, using CMake. Go inside the
 `build` dir. Create it if it doesn't exist.

 GNU/Linux, MacOS X, MSYS/MinGW:
-    cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug ..
+
+    cmake -DUNIT_TESTING=ON -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug ..
    make

-On Windows you should choose a makefile generator with -G or use
+On Windows you should choose a makefile gernerator with -G or use

    cmake-gui.exe ..

-To enable building tests use -DUNIT_TESTING=ON. For this, the
-[cmocka](https://cmocka.org) dependency is required.
-
 To enable additional client tests against a local OpenSSH server, add the
 compile option -DCLIENT_TESTING=ON. These tests require an OpenSSH
 server package and some wrapper libraries (see optional requirements) to
--- a/2
+++ b/2
@@ -36,7 +36,7 @@ https://www.libssh.org
 4* Contributing
 -_-_-_-_-_-_-_-_-_

-Please read the file 'CONTRIBUTING.md' next to this README file. It explains
+Please read the file 'SubmittingPatches' next to this README file. It explains
 our copyright policy and how you should send patches for upstream inclusion.

 Have fun and happy libssh hacking!
--- a/README.CodingStyle
+++ b/README.CodingStyle
@@ -0,0 +1,375 @@
+Coding conventions in the libssh tree
+======================================
+
+===========
+Quick Start
+===========
+
+Coding style guidelines are about reducing the number of unnecessary
+reformatting patches and making things easier for developers to work together.
+
+You don't have to like them or even agree with them, but once put in place we
+all have to abide by them (or vote to change them).  However, coding style
+should never outweigh coding itself and so the guidelines described here are
+hopefully easy enough to follow as they are very common and supported by tools
+and editors.
+
+The basic style for C code, is the Linux kernel coding style (See
+Documentation/CodingStyle in the kernel source tree). This closely matches what
+libssh developers use already anyways, with a few exceptions as mentioned
+below.
+
+But to save you the trouble of reading the Linux kernel style guide, here
+are the highlights.
+
+* Maximum Line Width is 80 Characters
+  The reason is not about people with low-res screens but rather sticking
+  to 80 columns prevents you from easily nesting more than one level of
+  if statements or other code blocks.
+
+* Use 4 Spaces to Indent
+
+* No Trailing Whitespace
+  Clean up your files before committing.
+
+* Follow the K&R guidelines.  We won't go through all of them here. Do you
+  have a copy of "The C Programming Language" anyways right?
+
+
+=============
+Editor Hints
+=============
+
+Emacs
+------
+Add the follow to your $HOME/.emacs file:
+
+  (add-hook 'c-mode-hook
+    (lambda ()
+        (c-set-style "linux")
+        (c-toggle-auto-state)))
+
+
+Vim
+----
+
+For the basic vi editor included with all variants of \*nix, add the
+following to $HOME/.vimrc:
+
+    set ts=4 sw=4 et cindent
+
+You can use the Vim gitmodline plugin to store this in the git config:
+
+    https://git.cryptomilk.org/projects/vim-gitmodeline.git/
+
+For Vim, the following settings in $HOME/.vimrc will also deal with
+displaying trailing whitespace:
+
+    if has("syntax") && (&t_Co > 2 || has("gui_running"))
+        syntax on
+        function! ActivateInvisibleCharIndicator()
+            syntax match TrailingSpace "[ \t]\+$" display containedin=ALL
+            highlight TrailingSpace ctermbg=Red
+        endf
+        autocmd BufNewFile,BufRead * call ActivateInvisibleCharIndicator()
+    endif
+    " Show tabs, trailing whitespace, and continued lines visually
+    set list listchars=tab:»·,trail:·,extends:…
+
+    " highlight overly long lines same as TODOs.
+    set textwidth=80
+    autocmd BufNewFile,BufRead *.c,*.h exec 'match Todo /\%>' . &textwidth . 'v.\+/'
+
+
+==========================
+FAQ & Statement Reference
+==========================
+
+Comments
+---------
+
+Comments should always use the standard C syntax.  C++ style comments are not
+currently allowed.
+
+The lines before a comment should be empty. If the comment directly belongs to
+the following code, there should be no empty line after the comment, except if
+the comment contains a summary of multiple following code blocks.
+
+This is good:
+
+    ...
+    int i;
+
+    /*
+     * This is a multi line comment,
+     * which explains the logical steps we have to do:
+     *
+     * 1. We need to set i=5, because...
+     * 2. We need to call complex_fn1
+     */
+
+    /* This is a one line comment about i = 5. */
+    i = 5;
+
+    /*
+     * This is a multi line comment,
+     * explaining the call to complex_fn1()
+     */
+    ret = complex_fn1();
+    if (ret != 0) {
+    ...
+
+    /**
+     * @brief This is a doxygen comment.
+     *
+     * This is a more detailed explanation of
+     * this simple function.
+     *
+     * @param[in]   param1     The parameter value of the function.
+     *
+     * @param[out]  result1    The result value of the function.
+     *
+     * @return              0 on success and -1 on error.
+     */
+    int example(int param1, int *result1);
+
+This is bad:
+
+    ...
+    int i;
+    /*
+     * This is a multi line comment,
+     * which explains the logical steps we have to do:
+     *
+     * 1. We need to set i=5, because...
+     * 2. We need to call complex_fn1
+     */
+    /* This is a one line comment about i = 5. */
+    i = 5;
+    /*
+     * This is a multi line comment,
+     * explaining the call to complex_fn1()
+     */
+    ret = complex_fn1();
+    if (ret != 0) {
+    ...
+
+    /*This is a one line comment.*/
+
+    /* This is a multi line comment,
+       with some more words...*/
+
+    /*
+     * This is a multi line comment,
+     * with some more words...*/
+
+Indention & Whitespace & 80 columns
+------------------------------------
+
+To avoid confusion, indentations have to be 4 spaces. Do not use tabs!.  When
+wrapping parameters for function calls, align the parameter list with the first
+parameter on the previous line.  For example,
+
+    var1 = foo(arg1,
+               arg2,
+               arg3);
+
+The previous example is intended to illustrate alignment of function
+parameters across lines and not as encourage for gratuitous line
+splitting.  Never split a line before columns 70 - 79 unless you
+have a really good reason.  Be smart about formatting.
+
+
+If, switch, & Code blocks
+--------------------------
+
+Always follow an 'if' keyword with a space but don't include additional
+spaces following or preceding the parentheses in the conditional.
+This is good:
+
+    if (x == 1)
+
+This is bad:
+
+    if ( x == 1 )
+
+or
+
+    if (x==1)
+
+Yes we have a lot of code that uses the second and third form and we are trying
+to clean it up without being overly intrusive.
+
+Note that this is a rule about parentheses following keywords and not
+functions.  Don't insert a space between the name and left parentheses when
+invoking functions.
+
+Braces for code blocks used by for, if, switch, while, do..while, etc.  should
+begin on the same line as the statement keyword and end on a line of their own.
+You should always include braces, even if the block only contains one
+statement.  NOTE: Functions are different and the beginning left brace should
+be located in the first column on the next line.
+
+If the beginning statement has to be broken across lines due to length, the
+beginning brace should be on a line of its own.
+
+The exception to the ending rule is when the closing brace is followed by
+another language keyword such as else or the closing while in a do..while loop.
+
+Good examples:
+
+    if (x == 1) {
+        printf("good\n");
+    }
+
+    for (x = 1; x < 10; x++) {
+        print("%d\n", x);
+    }
+
+    for (really_really_really_really_long_var_name = 0;
+         really_really_really_really_long_var_name < 10;
+         really_really_really_really_long_var_name++)
+    {
+        print("%d\n", really_really_really_really_long_var_name);
+    }
+
+    do {
+        printf("also good\n");
+    } while (1);
+
+Bad examples:
+
+    while (1)
+    {
+        print("I'm in a loop!\n"); }
+
+    for (x=1;
+         x<10;
+         x++)
+    {
+        print("no good\n");
+    }
+
+    if (i < 10)
+        print("I should be in braces.\n");
+
+
+Goto
+-----
+
+While many people have been academically taught that "goto"s are fundamentally
+evil, they can greatly enhance readability and reduce memory leaks when used as
+the single exit point from a function. But in no libssh world what so ever is a
+goto outside of a function or block of code a good idea.
+
+Good Examples:
+
+    int function foo(int y)
+    {
+        int *z = NULL;
+        int rc = 0;
+
+        if (y < 10) {
+            z = malloc(sizeof(int)*y);
+            if (z == NULL) {
+                rc = 1;
+                goto done;
+            }
+        }
+
+        print("Allocated %d elements.\n", y);
+
+    done:
+        if (z != NULL) {
+            free(z);
+        }
+
+        return rc;
+    }
+
+Initialize pointers
+-------------------
+
+All pointer variables MUST be initialized to NULL. History has
+demonstrated that uninitialized pointer variables have lead to various
+bugs and security issues.
+
+Pointers MUST be initialized even if the assignment directly follows
+the declaration, like pointer2 in the example below, because the
+instructions sequence may change over time.
+
+Good Example:
+
+    char *pointer1 = NULL;
+    char *pointer2 = NULL;
+
+    pointer2 = some_func2();
+
+    ...
+
+    pointer1 = some_func1();
+
+Typedefs
+---------
+
+libssh tries to avoid "typedef struct { .. } x_t;" so we do always try to use
+"struct x { .. };". We know there are still such typedefs in the code, but for
+new code, please don't do that anymore.
+
+Make use of helper variables
+-----------------------------
+
+Please try to avoid passing function calls as function parameters in new code.
+This makes the code much easier to read and it's also easier to use the "step"
+command within gdb.
+
+Good Example:
+
+    char *name;
+
+    name = get_some_name();
+    if (name == NULL) {
+        ...
+    }
+
+    rc = some_function_my_name(name);
+    ...
+
+
+Bad Example:
+
+    rc = some_function_my_name(get_some_name());
+    ...
+
+Please try to avoid passing function return values to if- or while-conditions.
+The reason for this is better handling of code under a debugger.
+
+Good example:
+
+    x = malloc(sizeof(short) * 10);
+    if (x == NULL) {
+        fprintf(stderr, "Unable to alloc memory!\n");
+    }
+
+Bad example:
+
+    if ((x = malloc(sizeof(short)*10)) == NULL ) {
+        fprintf(stderr, "Unable to alloc memory!\n");
+    }
+
+There are exceptions to this rule. One example is walking a data structure in
+an iterator style:
+
+    while ((opt = poptGetNextOpt(pc)) != -1) {
+        ... do something with opt ...
+    }
+
+But in general, please try to avoid this pattern.
+
+
+Control-Flow changing macros
+-----------------------------
+
+Macros like STATUS_NOT_OK_RETURN that change control flow (return/goto/etc)
+from within the macro are considered bad, because they look like function calls
+that never change control flow. Please do not introduce them.
--- a/README.md
+++ b/README.md
@@ -1,5 +1,4 @@
 [![pipeline status](https://gitlab.com/libssh/libssh-mirror/badges/master/pipeline.svg)](https://gitlab.com/libssh/libssh-mirror/commits/master)
-[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libssh)

 ```
  _   _   _                          _
@@ -37,7 +36,7 @@ https://www.libssh.org

 # Contributing

-Please read the file 'CONTRIBUTING.md' next to this README file. It explains
+Please read the file 'SubmittingPatches' next to this README file. It explains
 our copyright policy and how you should send patches for upstream inclusion.

 Have fun and happy libssh hacking!
--- a/118
+++ b/118
@@ -0,0 +1,118 @@
+How to contribute a patch to libssh
+====================================
+
+Please checkout the libssh source code using git. Change the code and then
+use  "git format-patch" to create a patch. The patch should be signed (see
+below) and send it to libssh@libssh.org, or attach it to a bug report at
+https://red.libssh.org/
+
+For larger code changes, breaking the changes up into a set of simple
+patches, each of which does a single thing, are much easier to review.
+Patch sets like that will most likely have an easier time being merged
+into the libssh code than large single patches that make lots of
+changes in one large diff.
+
+Ownership of the contributed code
+==================================
+
+libssh is a project with distributed copyright ownership, which means
+we prefer the copyright on parts of libssh to be held by individuals
+rather than corporations if possible. There are historical legal
+reasons for this, but one of the best ways to explain it is that it's
+much easier to work with individuals who have ownership than corporate
+legal departments if we ever need to make reasonable compromises with
+people using and working with libssh.
+
+We track the ownership of every part of libssh via https://git.libssh.org,
+our source code control system, so we know the provenance of every piece
+of code that is committed to libssh.
+
+So if possible, if you're doing libssh changes on behalf of a company
+who normally owns all the work you do please get them to assign
+personal copyright ownership of your changes to you as an individual,
+that makes things very easy for us to work with and avoids bringing
+corporate legal departments into the picture.
+
+If you can't do this we can still accept patches from you owned by
+your employer under a standard employment contract with corporate
+copyright ownership. It just requires a simple set-up process first.
+
+We use a process very similar to the way things are done in the Linux
+Kernel community, so it should be very easy to get a sign off from
+your corporate legal department. The only changes we've made are to
+accommodate the license we use, which is LGPLv2 (or later) whereas the
+Linux kernel uses GPLv2.
+
+The process is called signing.
+
+How to sign your work
+----------------------
+
+Once you have permission to contribute to libssh from your employer, simply
+email a copy of the following text from your corporate email address to:
+
+contributing@libssh.org
+
+
+
+libssh Developer's Certificate of Origin. Version 1.0
+
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the appropriate
+    version of the GNU General Public License; or
+
+(b) The contribution is based upon previous work that, to the best of
+    my knowledge, is covered under an appropriate open source license
+    and I have the right under that license to submit that work with
+    modifications, whether created in whole or in part by me, under
+    the GNU General Public License, in the appropriate version; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a) or (b) and I have not modified it.
+
+(d) I understand and agree that this project and the contribution are
+    public and that a record of the contribution (including all
+    metadata and personal information I submit with it, including my
+    sign-off) is maintained indefinitely and may be redistributed
+    consistent with the libssh Team's policies and the requirements of
+    the GNU GPL where they are relevant.
+
+(e) I am granting this work to this project under the terms of the
+    GNU Lesser General Public License as published by the
+    Free Software Foundation; either version 2.1 of
+    the License, or (at the option of the project) any later version.
+
+    https://www.gnu.org/licenses/lgpl-2.1.html
+
+
+We will maintain a copy of that email as a record that you have the
+rights to contribute code to libssh under the required licenses whilst
+working for the company where the email came from.
+
+Then when sending in a patch via the normal mechanisms described
+above, add a line that states:
+
+   Signed-off-by: Random J Developer <random@developer.example.org>
+
+using your real name and the email address you sent the original email
+you used to send the libssh Developer's Certificate of Origin to us
+(sorry, no pseudonyms or anonymous contributions.)
+
+That's it! Such code can then quite happily contain changes that have
+copyright messages such as:
+
+   (c) Example Corporation.
+
+and can be merged into the libssh codebase in the same way as patches
+from any other individual. You don't need to send in a copy of the
+libssh Developer's Certificate of Origin for each patch, or inside each
+patch. Just the sign-off message is all that is required once we've
+received the initial email.
+
+Have fun and happy libssh hacking !
+
+The libssh Team
+
--- a/cmake/Modules/AddCMockaTest.cmake
+++ b/cmake/Modules/AddCMockaTest.cmake
@@ -116,10 +116,5 @@ function(ADD_CMOCKA_TEST _TARGET_NAME)
    add_test(${_TARGET_NAME}
        ${TARGET_SYSTEM_EMULATOR} ${_TARGET_NAME}
    )
-    if (WITH_COVERAGE)
-        ENABLE_LANGUAGE(CXX)
-        include(CodeCoverage)
-        append_coverage_compiler_flags_to_target(${_TARGET_NAME})
-    endif (WITH_COVERAGE)

 endfunction (ADD_CMOCKA_TEST)
--- a/cmake/Modules/CodeCoverage.cmake
+++ b/cmake/Modules/CodeCoverage.cmake
@@ -1,750 +0,0 @@
-# Copyright (c) 2012 - 2017, Lars Bilke
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without modification,
-# are permitted provided that the following conditions are met:
-#
-# 1. Redistributions of source code must retain the above copyright notice, this
-#    list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright notice,
-#    this list of conditions and the following disclaimer in the documentation
-#    and/or other materials provided with the distribution.
-#
-# 3. Neither the name of the copyright holder nor the names of its contributors
-#    may be used to endorse or promote products derived from this software without
-#    specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-# CHANGES:
-#
-# 2012-01-31, Lars Bilke
-# - Enable Code Coverage
-#
-# 2013-09-17, Joakim Söderberg
-# - Added support for Clang.
-# - Some additional usage instructions.
-#
-# 2016-02-03, Lars Bilke
-# - Refactored functions to use named parameters
-#
-# 2017-06-02, Lars Bilke
-# - Merged with modified version from github.com/ufz/ogs
-#
-# 2019-05-06, Anatolii Kurotych
-# - Remove unnecessary --coverage flag
-#
-# 2019-12-13, FeRD (Frank Dana)
-# - Deprecate COVERAGE_LCOVR_EXCLUDES and COVERAGE_GCOVR_EXCLUDES lists in favor
-#   of tool-agnostic COVERAGE_EXCLUDES variable, or EXCLUDE setup arguments.
-# - CMake 3.4+: All excludes can be specified relative to BASE_DIRECTORY
-# - All setup functions: accept BASE_DIRECTORY, EXCLUDE list
-# - Set lcov basedir with -b argument
-# - Add automatic --demangle-cpp in lcovr, if 'c++filt' is available (can be
-#   overridden with NO_DEMANGLE option in setup_target_for_coverage_lcovr().)
-# - Delete output dir, .info file on 'make clean'
-# - Remove Python detection, since version mismatches will break gcovr
-# - Minor cleanup (lowercase function names, update examples...)
-#
-# 2019-12-19, FeRD (Frank Dana)
-# - Rename Lcov outputs, make filtered file canonical, fix cleanup for targets
-#
-# 2020-01-19, Bob Apthorpe
-# - Added gfortran support
-#
-# 2020-02-17, FeRD (Frank Dana)
-# - Make all add_custom_target()s VERBATIM to auto-escape wildcard characters
-#   in EXCLUDEs, and remove manual escaping from gcovr targets
-#
-# 2021-01-19, Robin Mueller
-# - Add CODE_COVERAGE_VERBOSE option which will allow to print out commands which are run
-# - Added the option for users to set the GCOVR_ADDITIONAL_ARGS variable to supply additional
-#   flags to the gcovr command
-#
-# 2020-05-04, Mihchael Davis
-#     - Add -fprofile-abs-path to make gcno files contain absolute paths
-#     - Fix BASE_DIRECTORY not working when defined
-#     - Change BYPRODUCT from folder to index.html to stop ninja from complaining about double defines
-#
-# 2021-05-10, Martin Stump
-#     - Check if the generator is multi-config before warning about non-Debug builds
-#
-# 2022-02-22, Marko Wehle
-#     - Change gcovr output from -o <filename> for --xml <filename> and --html <filename> output respectively.
-#       This will allow for Multiple Output Formats at the same time by making use of GCOVR_ADDITIONAL_ARGS, e.g. GCOVR_ADDITIONAL_ARGS "--txt".
-#
-# 2022-09-28, Sebastian Mueller
-#     - fix append_coverage_compiler_flags_to_target to correctly add flags
-#     - replace "-fprofile-arcs -ftest-coverage" with "--coverage" (equivalent)
-#
-# USAGE:
-#
-# 1. Copy this file into your cmake modules path.
-#
-# 2. Add the following line to your CMakeLists.txt (best inside an if-condition
-#    using a CMake option() to enable it just optionally):
-#      include(CodeCoverage)
-#
-# 3. Append necessary compiler flags for all supported source files:
-#      append_coverage_compiler_flags()
-#    Or for specific target:
-#      append_coverage_compiler_flags_to_target(YOUR_TARGET_NAME)
-#
-# 3.a (OPTIONAL) Set appropriate optimization flags, e.g. -O0, -O1 or -Og
-#
-# 4. If you need to exclude additional directories from the report, specify them
-#    using full paths in the COVERAGE_EXCLUDES variable before calling
-#    setup_target_for_coverage_*().
-#    Example:
-#      set(COVERAGE_EXCLUDES
-#          '${PROJECT_SOURCE_DIR}/src/dir1/*'
-#          '/path/to/my/src/dir2/*')
-#    Or, use the EXCLUDE argument to setup_target_for_coverage_*().
-#    Example:
-#      setup_target_for_coverage_lcov(
-#          NAME coverage
-#          EXECUTABLE testrunner
-#          EXCLUDE "${PROJECT_SOURCE_DIR}/src/dir1/*" "/path/to/my/src/dir2/*")
-#
-# 4.a NOTE: With CMake 3.4+, COVERAGE_EXCLUDES or EXCLUDE can also be set
-#     relative to the BASE_DIRECTORY (default: PROJECT_SOURCE_DIR)
-#     Example:
-#       set(COVERAGE_EXCLUDES "dir1/*")
-#       setup_target_for_coverage_gcovr_html(
-#           NAME coverage
-#           EXECUTABLE testrunner
-#           BASE_DIRECTORY "${PROJECT_SOURCE_DIR}/src"
-#           EXCLUDE "dir2/*")
-#
-# 5. Use the functions described below to create a custom make target which
-#    runs your test executable and produces a code coverage report.
-#
-# 6. Build a Debug build:
-#      cmake -DCMAKE_BUILD_TYPE=Debug ..
-#      make
-#      make my_coverage_target
-#
-
-include(CMakeParseArguments)
-
-option(CODE_COVERAGE_VERBOSE "Verbose information" FALSE)
-
-# Check prereqs
-find_program( GCOV_PATH gcov )
-find_program( LCOV_PATH  NAMES lcov lcov.bat lcov.exe lcov.perl)
-find_program( FASTCOV_PATH NAMES fastcov fastcov.py )
-find_program( GENHTML_PATH NAMES genhtml genhtml.perl genhtml.bat )
-find_program( GCOVR_PATH gcovr PATHS ${CMAKE_SOURCE_DIR}/scripts/test)
-find_program( CPPFILT_PATH NAMES c++filt )
-
-if(NOT GCOV_PATH)
-    message(FATAL_ERROR "gcov not found! Aborting...")
-endif() # NOT GCOV_PATH
-
-# Check supported compiler (Clang, GNU and Flang)
-get_property(LANGUAGES GLOBAL PROPERTY ENABLED_LANGUAGES)
-foreach(LANG ${LANGUAGES})
-  if("${CMAKE_${LANG}_COMPILER_ID}" MATCHES "(Apple)?[Cc]lang")
-    if("${CMAKE_${LANG}_COMPILER_VERSION}" VERSION_LESS 3)
-      message(FATAL_ERROR "Clang version must be 3.0.0 or greater! Aborting...")
-    endif()
-  elseif(NOT "${CMAKE_${LANG}_COMPILER_ID}" MATCHES "GNU"
-         AND NOT "${CMAKE_${LANG}_COMPILER_ID}" MATCHES "(LLVM)?[Ff]lang")
-    message(FATAL_ERROR "Compiler is not GNU or Flang! Aborting...")
-  endif()
-endforeach()
-
-set(COVERAGE_COMPILER_FLAGS "-g --coverage -fprofile-update=atomic"
-    CACHE INTERNAL "")
-
-if(CMAKE_CXX_COMPILER_ID MATCHES "(GNU|Clang)")
-    include(CheckCXXCompilerFlag)
-    check_cxx_compiler_flag(-fprofile-abs-path HAVE_cxx_fprofile_abs_path)
-    if(HAVE_cxx_fprofile_abs_path)
-        set(COVERAGE_CXX_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} -fprofile-abs-path")
-    endif()
-endif()
-if(CMAKE_C_COMPILER_ID MATCHES "(GNU|Clang)")
-    include(CheckCCompilerFlag)
-    check_c_compiler_flag(-fprofile-abs-path HAVE_c_fprofile_abs_path)
-    if(HAVE_c_fprofile_abs_path)
-        set(COVERAGE_C_COMPILER_FLAGS "${COVERAGE_COMPILER_FLAGS} -fprofile-abs-path")
-    endif()
-endif()
-
-set(CMAKE_Fortran_FLAGS_COVERAGE
-    ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the Fortran compiler during coverage builds."
-    FORCE )
-set(CMAKE_CXX_FLAGS_COVERAGE
-    ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C++ compiler during coverage builds."
-    FORCE )
-set(CMAKE_C_FLAGS_COVERAGE
-    ${COVERAGE_COMPILER_FLAGS}
-    CACHE STRING "Flags used by the C compiler during coverage builds."
-    FORCE )
-set(CMAKE_EXE_LINKER_FLAGS_COVERAGE
-    ""
-    CACHE STRING "Flags used for linking binaries during coverage builds."
-    FORCE )
-set(CMAKE_SHARED_LINKER_FLAGS_COVERAGE
-    ""
-    CACHE STRING "Flags used by the shared libraries linker during coverage builds."
-    FORCE )
-mark_as_advanced(
-    CMAKE_Fortran_FLAGS_COVERAGE
-    CMAKE_CXX_FLAGS_COVERAGE
-    CMAKE_C_FLAGS_COVERAGE
-    CMAKE_EXE_LINKER_FLAGS_COVERAGE
-    CMAKE_SHARED_LINKER_FLAGS_COVERAGE )
-
-get_property(GENERATOR_IS_MULTI_CONFIG GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
-if(NOT (CMAKE_BUILD_TYPE STREQUAL "Debug" OR GENERATOR_IS_MULTI_CONFIG))
-    message(WARNING "Code coverage results with an optimised (non-Debug) build may be misleading")
-endif() # NOT (CMAKE_BUILD_TYPE STREQUAL "Debug" OR GENERATOR_IS_MULTI_CONFIG)
-
-if(CMAKE_C_COMPILER_ID STREQUAL "GNU" OR CMAKE_Fortran_COMPILER_ID STREQUAL "GNU")
-    link_libraries(gcov)
-endif()
-
-# Defines a target for running and collection code coverage information
-# Builds dependencies, runs the given executable and outputs reports.
-# NOTE! The executable should always have a ZERO as exit code otherwise
-# the coverage generation will not complete.
-#
-# setup_target_for_coverage_lcov(
-#     NAME testrunner_coverage                    # New target name
-#     EXECUTABLE testrunner -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
-#     DEPENDENCIES testrunner                     # Dependencies to build first
-#     BASE_DIRECTORY "../"                        # Base directory for report
-#                                                 #  (defaults to PROJECT_SOURCE_DIR)
-#     EXCLUDE "src/dir1/*" "src/dir2/*"           # Patterns to exclude (can be relative
-#                                                 #  to BASE_DIRECTORY, with CMake 3.4+)
-#     NO_DEMANGLE                                 # Don't demangle C++ symbols
-#                                                 #  even if c++filt is found
-# )
-function(setup_target_for_coverage_lcov)
-
-    set(options NO_DEMANGLE SONARQUBE)
-    set(oneValueArgs BASE_DIRECTORY NAME)
-    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES LCOV_ARGS GENHTML_ARGS)
-    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
-
-    if(NOT LCOV_PATH)
-        message(FATAL_ERROR "lcov not found! Aborting...")
-    endif() # NOT LCOV_PATH
-
-    if(NOT GENHTML_PATH)
-        message(FATAL_ERROR "genhtml not found! Aborting...")
-    endif() # NOT GENHTML_PATH
-
-    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
-    if(DEFINED Coverage_BASE_DIRECTORY)
-        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
-    else()
-        set(BASEDIR ${PROJECT_SOURCE_DIR})
-    endif()
-
-    # Collect excludes (CMake 3.4+: Also compute absolute paths)
-    set(LCOV_EXCLUDES "")
-    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_LCOV_EXCLUDES})
-        if(CMAKE_VERSION VERSION_GREATER 3.4)
-            get_filename_component(EXCLUDE ${EXCLUDE} ABSOLUTE BASE_DIR ${BASEDIR})
-        endif()
-        list(APPEND LCOV_EXCLUDES "${EXCLUDE}")
-    endforeach()
-    list(REMOVE_DUPLICATES LCOV_EXCLUDES)
-
-    # Conditional arguments
-    if(CPPFILT_PATH AND NOT ${Coverage_NO_DEMANGLE})
-      set(GENHTML_EXTRA_ARGS "--demangle-cpp")
-    endif()
-
-    # Setting up commands which will be run to generate coverage data.
-    # Cleanup lcov
-    set(LCOV_CLEAN_CMD
-        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} -directory .
-        -b ${BASEDIR} --zerocounters
-    )
-    # Create baseline to make sure untouched files show up in the report
-    set(LCOV_BASELINE_CMD
-        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} -c -i -d . -b
-        ${BASEDIR} -o ${Coverage_NAME}.base
-    )
-    # Run tests
-    set(LCOV_EXEC_TESTS_CMD
-        ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS}
-    )
-    # Capturing lcov counters and generating report
-    set(LCOV_CAPTURE_CMD
-        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} --directory . -b
-        ${BASEDIR} --capture --output-file ${Coverage_NAME}.capture
-    )
-    # add baseline counters
-    set(LCOV_BASELINE_COUNT_CMD
-        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} -a ${Coverage_NAME}.base
-        -a ${Coverage_NAME}.capture --output-file ${Coverage_NAME}.total
-    )
-    # filter collected data to final coverage report
-    set(LCOV_FILTER_CMD
-        ${LCOV_PATH} ${Coverage_LCOV_ARGS} --gcov-tool ${GCOV_PATH} --remove
-        ${Coverage_NAME}.total ${LCOV_EXCLUDES} --output-file ${Coverage_NAME}.info
-    )
-    # Generate HTML output
-    set(LCOV_GEN_HTML_CMD
-        ${GENHTML_PATH} ${GENHTML_EXTRA_ARGS} ${Coverage_GENHTML_ARGS} -o
-        ${Coverage_NAME} ${Coverage_NAME}.info
-    )
-    if(${Coverage_SONARQUBE})
-        # Generate SonarQube output
-        set(GCOVR_XML_CMD
-            ${GCOVR_PATH} --sonarqube ${Coverage_NAME}_sonarqube.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
-            ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
-        )
-        set(GCOVR_XML_CMD_COMMAND
-            COMMAND ${GCOVR_XML_CMD}
-        )
-        set(GCOVR_XML_CMD_BYPRODUCTS ${Coverage_NAME}_sonarqube.xml)
-        set(GCOVR_XML_CMD_COMMENT COMMENT "SonarQube code coverage info report saved in ${Coverage_NAME}_sonarqube.xml.")
-    endif()
-
-
-    if(CODE_COVERAGE_VERBOSE)
-        message(STATUS "Executed command report")
-        message(STATUS "Command to clean up lcov: ")
-        string(REPLACE ";" " " LCOV_CLEAN_CMD_SPACED "${LCOV_CLEAN_CMD}")
-        message(STATUS "${LCOV_CLEAN_CMD_SPACED}")
-
-        message(STATUS "Command to create baseline: ")
-        string(REPLACE ";" " " LCOV_BASELINE_CMD_SPACED "${LCOV_BASELINE_CMD}")
-        message(STATUS "${LCOV_BASELINE_CMD_SPACED}")
-
-        message(STATUS "Command to run the tests: ")
-        string(REPLACE ";" " " LCOV_EXEC_TESTS_CMD_SPACED "${LCOV_EXEC_TESTS_CMD}")
-        message(STATUS "${LCOV_EXEC_TESTS_CMD_SPACED}")
-
-        message(STATUS "Command to capture counters and generate report: ")
-        string(REPLACE ";" " " LCOV_CAPTURE_CMD_SPACED "${LCOV_CAPTURE_CMD}")
-        message(STATUS "${LCOV_CAPTURE_CMD_SPACED}")
-
-        message(STATUS "Command to add baseline counters: ")
-        string(REPLACE ";" " " LCOV_BASELINE_COUNT_CMD_SPACED "${LCOV_BASELINE_COUNT_CMD}")
-        message(STATUS "${LCOV_BASELINE_COUNT_CMD_SPACED}")
-
-        message(STATUS "Command to filter collected data: ")
-        string(REPLACE ";" " " LCOV_FILTER_CMD_SPACED "${LCOV_FILTER_CMD}")
-        message(STATUS "${LCOV_FILTER_CMD_SPACED}")
-
-        message(STATUS "Command to generate lcov HTML output: ")
-        string(REPLACE ";" " " LCOV_GEN_HTML_CMD_SPACED "${LCOV_GEN_HTML_CMD}")
-        message(STATUS "${LCOV_GEN_HTML_CMD_SPACED}")
-
-        if(${Coverage_SONARQUBE})
-            message(STATUS "Command to generate SonarQube XML output: ")
-            string(REPLACE ";" " " GCOVR_XML_CMD_SPACED "${GCOVR_XML_CMD}")
-            message(STATUS "${GCOVR_XML_CMD_SPACED}")
-        endif()
-    endif()
-
-    # Setup target
-    add_custom_target(${Coverage_NAME}
-        COMMAND ${LCOV_CLEAN_CMD}
-        COMMAND ${LCOV_BASELINE_CMD}
-        COMMAND ${LCOV_EXEC_TESTS_CMD}
-        COMMAND ${LCOV_CAPTURE_CMD}
-        COMMAND ${LCOV_BASELINE_COUNT_CMD}
-        COMMAND ${LCOV_FILTER_CMD}
-        COMMAND ${LCOV_GEN_HTML_CMD}
-        ${GCOVR_XML_CMD_COMMAND}
-
-        # Set output files as GENERATED (will be removed on 'make clean')
-        BYPRODUCTS
-            ${Coverage_NAME}.base
-            ${Coverage_NAME}.capture
-            ${Coverage_NAME}.total
-            ${Coverage_NAME}.info
-            ${GCOVR_XML_CMD_BYPRODUCTS}
-            ${Coverage_NAME}/index.html
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        VERBATIM # Protect arguments to commands
-        COMMENT "Resetting code coverage counters to zero.\nProcessing code coverage counters and generating report."
-    )
-
-    # Show where to find the lcov info report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Lcov code coverage info report saved in ${Coverage_NAME}.info."
-        ${GCOVR_XML_CMD_COMMENT}
-    )
-
-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
-    )
-
-endfunction() # setup_target_for_coverage_lcov
-
-# Defines a target for running and collection code coverage information
-# Builds dependencies, runs the given executable and outputs reports.
-# NOTE! The executable should always have a ZERO as exit code otherwise
-# the coverage generation will not complete.
-#
-# setup_target_for_coverage_gcovr_xml(
-#     NAME ctest_coverage                    # New target name
-#     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
-#     DEPENDENCIES executable_target         # Dependencies to build first
-#     BASE_DIRECTORY "../"                   # Base directory for report
-#                                            #  (defaults to PROJECT_SOURCE_DIR)
-#     EXCLUDE "src/dir1/*" "src/dir2/*"      # Patterns to exclude (can be relative
-#                                            #  to BASE_DIRECTORY, with CMake 3.4+)
-# )
-# The user can set the variable GCOVR_ADDITIONAL_ARGS to supply additional flags to the
-# GCVOR command.
-function(setup_target_for_coverage_gcovr_xml)
-
-    set(options NONE)
-    set(oneValueArgs BASE_DIRECTORY NAME)
-    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
-    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
-
-    if(NOT GCOVR_PATH)
-        message(FATAL_ERROR "gcovr not found! Aborting...")
-    endif() # NOT GCOVR_PATH
-
-    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
-    if(DEFINED Coverage_BASE_DIRECTORY)
-        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
-    else()
-        set(BASEDIR ${PROJECT_SOURCE_DIR})
-    endif()
-
-    # Collect excludes (CMake 3.4+: Also compute absolute paths)
-    set(GCOVR_EXCLUDES "")
-    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_GCOVR_EXCLUDES})
-        if(CMAKE_VERSION VERSION_GREATER 3.4)
-            get_filename_component(EXCLUDE ${EXCLUDE} ABSOLUTE BASE_DIR ${BASEDIR})
-        endif()
-        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
-    endforeach()
-    list(REMOVE_DUPLICATES GCOVR_EXCLUDES)
-
-    # Combine excludes to several -e arguments
-    set(GCOVR_EXCLUDE_ARGS "")
-    foreach(EXCLUDE ${GCOVR_EXCLUDES})
-        list(APPEND GCOVR_EXCLUDE_ARGS "-e")
-        list(APPEND GCOVR_EXCLUDE_ARGS "${EXCLUDE}")
-    endforeach()
-
-    # Set up commands which will be run to generate coverage data
-    # Run tests
-    set(GCOVR_XML_EXEC_TESTS_CMD
-        ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS}
-    )
-    # Running gcovr
-    set(GCOVR_XML_CMD
-        ${GCOVR_PATH} --xml ${Coverage_NAME}.xml -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
-        ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
-    )
-
-    if(CODE_COVERAGE_VERBOSE)
-        message(STATUS "Executed command report")
-
-        message(STATUS "Command to run tests: ")
-        string(REPLACE ";" " " GCOVR_XML_EXEC_TESTS_CMD_SPACED "${GCOVR_XML_EXEC_TESTS_CMD}")
-        message(STATUS "${GCOVR_XML_EXEC_TESTS_CMD_SPACED}")
-
-        message(STATUS "Command to generate gcovr XML coverage data: ")
-        string(REPLACE ";" " " GCOVR_XML_CMD_SPACED "${GCOVR_XML_CMD}")
-        message(STATUS "${GCOVR_XML_CMD_SPACED}")
-    endif()
-
-    add_custom_target(${Coverage_NAME}
-        COMMAND ${GCOVR_XML_EXEC_TESTS_CMD}
-        COMMAND ${GCOVR_XML_CMD}
-
-        BYPRODUCTS ${Coverage_NAME}.xml
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        VERBATIM # Protect arguments to commands
-        COMMENT "Running gcovr to produce Cobertura code coverage report."
-    )
-
-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Cobertura code coverage report saved in ${Coverage_NAME}.xml."
-    )
-endfunction() # setup_target_for_coverage_gcovr_xml
-
-# Defines a target for running and collection code coverage information
-# Builds dependencies, runs the given executable and outputs reports.
-# NOTE! The executable should always have a ZERO as exit code otherwise
-# the coverage generation will not complete.
-#
-# setup_target_for_coverage_gcovr_html(
-#     NAME ctest_coverage                    # New target name
-#     EXECUTABLE ctest -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
-#     DEPENDENCIES executable_target         # Dependencies to build first
-#     BASE_DIRECTORY "../"                   # Base directory for report
-#                                            #  (defaults to PROJECT_SOURCE_DIR)
-#     EXCLUDE "src/dir1/*" "src/dir2/*"      # Patterns to exclude (can be relative
-#                                            #  to BASE_DIRECTORY, with CMake 3.4+)
-# )
-# The user can set the variable GCOVR_ADDITIONAL_ARGS to supply additional flags to the
-# GCVOR command.
-function(setup_target_for_coverage_gcovr_html)
-
-    set(options NONE)
-    set(oneValueArgs BASE_DIRECTORY NAME)
-    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES)
-    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
-
-    if(NOT GCOVR_PATH)
-        message(FATAL_ERROR "gcovr not found! Aborting...")
-    endif() # NOT GCOVR_PATH
-
-    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
-    if(DEFINED Coverage_BASE_DIRECTORY)
-        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
-    else()
-        set(BASEDIR ${PROJECT_SOURCE_DIR})
-    endif()
-
-    # Collect excludes (CMake 3.4+: Also compute absolute paths)
-    set(GCOVR_EXCLUDES "")
-    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_GCOVR_EXCLUDES})
-        if(CMAKE_VERSION VERSION_GREATER 3.4)
-            get_filename_component(EXCLUDE ${EXCLUDE} ABSOLUTE BASE_DIR ${BASEDIR})
-        endif()
-        list(APPEND GCOVR_EXCLUDES "${EXCLUDE}")
-    endforeach()
-    list(REMOVE_DUPLICATES GCOVR_EXCLUDES)
-
-    # Combine excludes to several -e arguments
-    set(GCOVR_EXCLUDE_ARGS "")
-    foreach(EXCLUDE ${GCOVR_EXCLUDES})
-        list(APPEND GCOVR_EXCLUDE_ARGS "-e")
-        list(APPEND GCOVR_EXCLUDE_ARGS "${EXCLUDE}")
-    endforeach()
-
-    # Set up commands which will be run to generate coverage data
-    # Run tests
-    set(GCOVR_HTML_EXEC_TESTS_CMD
-        ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS}
-    )
-    # Create folder
-    set(GCOVR_HTML_FOLDER_CMD
-        ${CMAKE_COMMAND} -E make_directory ${PROJECT_BINARY_DIR}/${Coverage_NAME}
-    )
-    # Running gcovr
-    set(GCOVR_HTML_CMD
-        ${GCOVR_PATH} --html ${Coverage_NAME}/index.html --html-details -r ${BASEDIR} ${GCOVR_ADDITIONAL_ARGS}
-        ${GCOVR_EXCLUDE_ARGS} --object-directory=${PROJECT_BINARY_DIR}
-    )
-
-    if(CODE_COVERAGE_VERBOSE)
-        message(STATUS "Executed command report")
-
-        message(STATUS "Command to run tests: ")
-        string(REPLACE ";" " " GCOVR_HTML_EXEC_TESTS_CMD_SPACED "${GCOVR_HTML_EXEC_TESTS_CMD}")
-        message(STATUS "${GCOVR_HTML_EXEC_TESTS_CMD_SPACED}")
-
-        message(STATUS "Command to create a folder: ")
-        string(REPLACE ";" " " GCOVR_HTML_FOLDER_CMD_SPACED "${GCOVR_HTML_FOLDER_CMD}")
-        message(STATUS "${GCOVR_HTML_FOLDER_CMD_SPACED}")
-
-        message(STATUS "Command to generate gcovr HTML coverage data: ")
-        string(REPLACE ";" " " GCOVR_HTML_CMD_SPACED "${GCOVR_HTML_CMD}")
-        message(STATUS "${GCOVR_HTML_CMD_SPACED}")
-    endif()
-
-    add_custom_target(${Coverage_NAME}
-        COMMAND ${GCOVR_HTML_EXEC_TESTS_CMD}
-        COMMAND ${GCOVR_HTML_FOLDER_CMD}
-        COMMAND ${GCOVR_HTML_CMD}
-
-        BYPRODUCTS ${PROJECT_BINARY_DIR}/${Coverage_NAME}/index.html  # report directory
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        VERBATIM # Protect arguments to commands
-        COMMENT "Running gcovr to produce HTML code coverage report."
-    )
-
-    # Show info where to find the report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ;
-        COMMENT "Open ./${Coverage_NAME}/index.html in your browser to view the coverage report."
-    )
-
-endfunction() # setup_target_for_coverage_gcovr_html
-
-# Defines a target for running and collection code coverage information
-# Builds dependencies, runs the given executable and outputs reports.
-# NOTE! The executable should always have a ZERO as exit code otherwise
-# the coverage generation will not complete.
-#
-# setup_target_for_coverage_fastcov(
-#     NAME testrunner_coverage                    # New target name
-#     EXECUTABLE testrunner -j ${PROCESSOR_COUNT} # Executable in PROJECT_BINARY_DIR
-#     DEPENDENCIES testrunner                     # Dependencies to build first
-#     BASE_DIRECTORY "../"                        # Base directory for report
-#                                                 #  (defaults to PROJECT_SOURCE_DIR)
-#     EXCLUDE "src/dir1/" "src/dir2/"             # Patterns to exclude.
-#     NO_DEMANGLE                                 # Don't demangle C++ symbols
-#                                                 #  even if c++filt is found
-#     SKIP_HTML                                   # Don't create html report
-#     POST_CMD perl -i -pe s!${PROJECT_SOURCE_DIR}/!!g ctest_coverage.json  # E.g. for stripping source dir from file paths
-# )
-function(setup_target_for_coverage_fastcov)
-
-    set(options NO_DEMANGLE SKIP_HTML)
-    set(oneValueArgs BASE_DIRECTORY NAME)
-    set(multiValueArgs EXCLUDE EXECUTABLE EXECUTABLE_ARGS DEPENDENCIES FASTCOV_ARGS GENHTML_ARGS POST_CMD)
-    cmake_parse_arguments(Coverage "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
-
-    if(NOT FASTCOV_PATH)
-        message(FATAL_ERROR "fastcov not found! Aborting...")
-    endif()
-
-    if(NOT Coverage_SKIP_HTML AND NOT GENHTML_PATH)
-        message(FATAL_ERROR "genhtml not found! Aborting...")
-    endif()
-
-    # Set base directory (as absolute path), or default to PROJECT_SOURCE_DIR
-    if(Coverage_BASE_DIRECTORY)
-        get_filename_component(BASEDIR ${Coverage_BASE_DIRECTORY} ABSOLUTE)
-    else()
-        set(BASEDIR ${PROJECT_SOURCE_DIR})
-    endif()
-
-    # Collect excludes (Patterns, not paths, for fastcov)
-    set(FASTCOV_EXCLUDES "")
-    foreach(EXCLUDE ${Coverage_EXCLUDE} ${COVERAGE_EXCLUDES} ${COVERAGE_FASTCOV_EXCLUDES})
-        list(APPEND FASTCOV_EXCLUDES "${EXCLUDE}")
-    endforeach()
-    list(REMOVE_DUPLICATES FASTCOV_EXCLUDES)
-
-    # Conditional arguments
-    if(CPPFILT_PATH AND NOT ${Coverage_NO_DEMANGLE})
-        set(GENHTML_EXTRA_ARGS "--demangle-cpp")
-    endif()
-
-    # Set up commands which will be run to generate coverage data
-    set(FASTCOV_EXEC_TESTS_CMD ${Coverage_EXECUTABLE} ${Coverage_EXECUTABLE_ARGS})
-
-    set(FASTCOV_CAPTURE_CMD ${FASTCOV_PATH} ${Coverage_FASTCOV_ARGS} --gcov ${GCOV_PATH}
-        --search-directory ${BASEDIR}
-        --process-gcno
-        --output ${Coverage_NAME}.json
-        --exclude ${FASTCOV_EXCLUDES}
-    )
-
-    set(FASTCOV_CONVERT_CMD ${FASTCOV_PATH}
-        -C ${Coverage_NAME}.json --lcov --output ${Coverage_NAME}.info
-    )
-
-    if(Coverage_SKIP_HTML)
-        set(FASTCOV_HTML_CMD ";")
-    else()
-        set(FASTCOV_HTML_CMD ${GENHTML_PATH} ${GENHTML_EXTRA_ARGS} ${Coverage_GENHTML_ARGS}
-            -o ${Coverage_NAME} ${Coverage_NAME}.info
-        )
-    endif()
-
-    set(FASTCOV_POST_CMD ";")
-    if(Coverage_POST_CMD)
-        set(FASTCOV_POST_CMD ${Coverage_POST_CMD})
-    endif()
-
-    if(CODE_COVERAGE_VERBOSE)
-        message(STATUS "Code coverage commands for target ${Coverage_NAME} (fastcov):")
-
-        message("   Running tests:")
-        string(REPLACE ";" " " FASTCOV_EXEC_TESTS_CMD_SPACED "${FASTCOV_EXEC_TESTS_CMD}")
-        message("     ${FASTCOV_EXEC_TESTS_CMD_SPACED}")
-
-        message("   Capturing fastcov counters and generating report:")
-        string(REPLACE ";" " " FASTCOV_CAPTURE_CMD_SPACED "${FASTCOV_CAPTURE_CMD}")
-        message("     ${FASTCOV_CAPTURE_CMD_SPACED}")
-
-        message("   Converting fastcov .json to lcov .info:")
-        string(REPLACE ";" " " FASTCOV_CONVERT_CMD_SPACED "${FASTCOV_CONVERT_CMD}")
-        message("     ${FASTCOV_CONVERT_CMD_SPACED}")
-
-        if(NOT Coverage_SKIP_HTML)
-            message("   Generating HTML report: ")
-            string(REPLACE ";" " " FASTCOV_HTML_CMD_SPACED "${FASTCOV_HTML_CMD}")
-            message("     ${FASTCOV_HTML_CMD_SPACED}")
-        endif()
-        if(Coverage_POST_CMD)
-            message("   Running post command: ")
-            string(REPLACE ";" " " FASTCOV_POST_CMD_SPACED "${FASTCOV_POST_CMD}")
-            message("     ${FASTCOV_POST_CMD_SPACED}")
-        endif()
-    endif()
-
-    # Setup target
-    add_custom_target(${Coverage_NAME}
-
-        # Cleanup fastcov
-        COMMAND ${FASTCOV_PATH} ${Coverage_FASTCOV_ARGS} --gcov ${GCOV_PATH}
-            --search-directory ${BASEDIR}
-            --zerocounters
-
-        COMMAND ${FASTCOV_EXEC_TESTS_CMD}
-        COMMAND ${FASTCOV_CAPTURE_CMD}
-        COMMAND ${FASTCOV_CONVERT_CMD}
-        COMMAND ${FASTCOV_HTML_CMD}
-        COMMAND ${FASTCOV_POST_CMD}
-
-        # Set output files as GENERATED (will be removed on 'make clean')
-        BYPRODUCTS
-             ${Coverage_NAME}.info
-             ${Coverage_NAME}.json
-             ${Coverage_NAME}/index.html  # report directory
-
-        WORKING_DIRECTORY ${PROJECT_BINARY_DIR}
-        DEPENDS ${Coverage_DEPENDENCIES}
-        VERBATIM # Protect arguments to commands
-        COMMENT "Resetting code coverage counters to zero. Processing code coverage counters and generating report."
-    )
-
-    set(INFO_MSG "fastcov code coverage info report saved in ${Coverage_NAME}.info and ${Coverage_NAME}.json.")
-    if(NOT Coverage_SKIP_HTML)
-        string(APPEND INFO_MSG " Open ${PROJECT_BINARY_DIR}/${Coverage_NAME}/index.html in your browser to view the coverage report.")
-    endif()
-    # Show where to find the fastcov info report
-    add_custom_command(TARGET ${Coverage_NAME} POST_BUILD
-        COMMAND ${CMAKE_COMMAND} -E echo ${INFO_MSG}
-    )
-
-endfunction() # setup_target_for_coverage_fastcov
-
-function(append_coverage_compiler_flags)
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
-    set(CMAKE_Fortran_FLAGS "${CMAKE_Fortran_FLAGS} ${COVERAGE_COMPILER_FLAGS}" PARENT_SCOPE)
-    message(STATUS "Appending code coverage compiler flags: ${COVERAGE_COMPILER_FLAGS}")
-endfunction() # append_coverage_compiler_flags
-
-# Setup coverage for specific library
-function(append_coverage_compiler_flags_to_target name)
-    separate_arguments(_flag_list NATIVE_COMMAND "${COVERAGE_COMPILER_FLAGS}")
-    target_compile_options(${name} PRIVATE ${_flag_list})
-    if(CMAKE_C_COMPILER_ID STREQUAL "GNU" OR CMAKE_CXX_COMPILER_ID STREQUAL "GNU" OR CMAKE_Fortran_COMPILER_ID STREQUAL "GNU")
-        target_link_libraries(${name} PRIVATE gcov)
-    endif()
-endfunction()
--- a/cmake/Modules/DefineCMakeDefaults.cmake
+++ b/cmake/Modules/DefineCMakeDefaults.cmake
@@ -6,7 +6,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON)

 # Put the include dirs which are in the source or build tree
 # before all other include dirs, so the headers in the sources
-# are preferred over the already installed ones
+# are prefered over the already installed ones
 # since cmake 2.4.1
 set(CMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE ON)

--- a/cmake/Modules/DefineCompilerFlags.cmake
+++ b/cmake/Modules/DefineCompilerFlags.cmake
@@ -36,9 +36,9 @@ if (UNIX AND NOT WIN32)
        CACHE STRING "Flags used by the linker during MEMORYSANITIZER builds.")

    # Activate with: -DCMAKE_BUILD_TYPE=UndefinedSanitizer
-    set(CMAKE_C_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover=undefined,integer"
+    set(CMAKE_C_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
        CACHE STRING "Flags used by the C compiler during UNDEFINEDSANITIZER builds.")
-    set(CMAKE_CXX_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover=undefined,integer"
+    set(CMAKE_CXX_FLAGS_UNDEFINEDSANITIZER "-g -O1 -fsanitize=undefined -fsanitize=null -fsanitize=alignment -fno-sanitize-recover"
        CACHE STRING "Flags used by the CXX compiler during UNDEFINEDSANITIZER builds.")
    set(CMAKE_SHARED_LINKER_FLAGS_UNDEFINEDSANITIZER "-fsanitize=undefined"
        CACHE STRING "Flags used by the linker during the creation of shared libraries during UNDEFINEDSANITIZER builds.")
--- a/cmake/Modules/ExtractSymbols.cmake
+++ b/cmake/Modules/ExtractSymbols.cmake
@@ -50,28 +50,15 @@ file(READ ${HEADERS_LIST_FILE} HEADERS_LIST)

 set(symbols)
 foreach(header ${HEADERS_LIST})
-    file(READ ${header} header_content)

    # Filter only lines containing the FILTER_PATTERN
-    # separated from the function name with one optional newline
-    string(REGEX MATCHALL
-      "${FILTER_PATTERN}[^(\n]*\n?[^(\n]*[(]"
-      contain_filter
-      "${header_content}"
-    )
-
-    # Remove the optional newline now
-    string(REGEX REPLACE
-      "(.+)\n?(.*)"
-      "\\1\\2"
-      oneline
-      "${contain_filter}"
+    file(STRINGS ${header} contain_filter
+      REGEX "^.*${FILTER_PATTERN}.*[(]"
    )

    # Remove function-like macros
-    # and anything with two underscores that sounds suspicious
-    foreach(line ${oneline})
-        if (NOT ${line} MATCHES ".*(#[ ]*define|__)")
+    foreach(line ${contain_filter})
+        if (NOT ${line} MATCHES ".*#[ ]*define")
            list(APPEND not_macro ${line})
        endif()
    endforeach()
--- a/cmake/Modules/FindABIMap.cmake
+++ b/cmake/Modules/FindABIMap.cmake
@@ -220,12 +220,13 @@

 # Search for python which is required
 if (ABIMap_FIND_REQURIED)
-    find_package(Python REQUIRED)
+    find_package(PythonInterp REQUIRED)
 else()
-    find_package(Python)
+    find_package(PythonInterp)
 endif()

-if (TARGET Python::Interpreter)
+
+if (PYTHONINTERP_FOUND)
    # Search for abimap tool used to generate the map files
    find_program(ABIMAP_EXECUTABLE NAMES abimap DOC "path to the abimap executable")
    mark_as_advanced(ABIMAP_EXECUTABLE)
--- a/cmake/Modules/FindArgp.cmake
+++ b/cmake/Modules/FindArgp.cmake
@@ -1,8 +1,4 @@
 # - Try to find ARGP
-#
-# The argp can be either shipped as part of libc (ex. glibc) or as a separate
-# library that requires additional linking (ex. Windows, Mac, musl libc, ...)
-#
 # Once done this will define
 #
 #  ARGP_ROOT_DIR - Set this variable to the root installation of ARGP
@@ -64,7 +60,7 @@ if (ARGP_LIBRARY)
 endif (ARGP_LIBRARY)

 include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(Argp DEFAULT_MSG ARGP_LIBRARIES ARGP_INCLUDE_DIR)
+find_package_handle_standard_args(ARGP DEFAULT_MSG ARGP_LIBRARIES ARGP_INCLUDE_DIR)

 # show the ARGP_INCLUDE_DIR and ARGP_LIBRARIES variables only in the advanced view
 mark_as_advanced(ARGP_INCLUDE_DIR ARGP_LIBRARIES)
--- a/cmake/Modules/FindGCrypt.cmake
+++ b/cmake/Modules/FindGCrypt.cmake
@@ -39,15 +39,6 @@ find_path(GCRYPT_INCLUDE_DIR
        include
 )

-find_path(GCRYPT_ERROR_INCLUDE_DIR
-    NAMES
-        gpg-error.h
-    HINTS
-        ${_GCRYPT_ROOT_HINTS_AND_PATHS}
-    PATH_SUFFIXES
-        include
-)
-
 find_library(GCRYPT_LIBRARY
    NAMES
        gcrypt
@@ -65,10 +56,8 @@ find_library(GCRYPT_ERROR_LIBRARY
        libgpg-error6-0
    HINTS
        ${_GCRYPT_ROOT_HINTS_AND_PATHS}
-    PATH_SUFFIXES
-        lib        
 )
-set(GCRYPT_LIBRARIES ${GCRYPT_ERROR_LIBRARY} ${GCRYPT_LIBRARY})
+set(GCRYPT_LIBRARIES ${GCRYPT_LIBRARY}  ${GCRYPT_ERROR_LIBRARY})

 if (GCRYPT_INCLUDE_DIR)
    file(STRINGS "${GCRYPT_INCLUDE_DIR}/gcrypt.h" _gcrypt_version_str REGEX "^#define GCRYPT_VERSION \"[0-9]+\\.[0-9]+\\.[0-9]")
@@ -94,25 +83,5 @@ else (GCRYPT_VERSION)
        GCRYPT_LIBRARIES)
 endif (GCRYPT_VERSION)

-# show the GCRYPT_INCLUDE_DIRS, GCRYPT_LIBRARIES and GCRYPT_ERROR_INCLUDE_DIR variables only in the advanced view
-mark_as_advanced(GCRYPT_INCLUDE_DIR GCRYPT_ERROR_INCLUDE_DIR GCRYPT_LIBRARIES)
-
-if(GCRYPT_FOUND)
-  if(NOT TARGET libgcrypt::libgcrypt)
-      add_library(libgcrypt::libgcrypt UNKNOWN IMPORTED)
-      set_target_properties(libgcrypt::libgcrypt PROPERTIES
-                            INTERFACE_INCLUDE_DIRECTORIES "${GCRYPT_INCLUDE_DIR}"
-                            INTERFACE_LINK_LIBRARIES libgcrypt::libgcrypt
-                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-                            IMPORTED_LOCATION "${GCRYPT_LIBRARY}")
-  endif()
-  
-  if(NOT TARGET libgpg-error::libgpg-error)
-      add_library(libgpg-error::libgpg-error UNKNOWN IMPORTED)
-      set_target_properties(libgpg-error::libgpg-error PROPERTIES
-                            INTERFACE_INCLUDE_DIRECTORIES "${GCRYPT_ERROR_INCLUDE_DIR}"
-                            INTERFACE_LINK_LIBRARIES libgpg-error::libgpg-error
-                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-                            IMPORTED_LOCATION "${GCRYPT_ERROR_LIBRARY}")
-  endif()
-endif()
+# show the GCRYPT_INCLUDE_DIRS and GCRYPT_LIBRARIES variables only in the advanced view
+mark_as_advanced(GCRYPT_INCLUDE_DIR GCRYPT_LIBRARIES)
--- a/cmake/Modules/FindGSSAPI.cmake
+++ b/cmake/Modules/FindGSSAPI.cmake
@@ -5,14 +5,12 @@
 #  GSSAPI_ROOT_DIR - Set this variable to the root installation of GSSAPI
 #
 # Read-Only variables:
-#  GSSAPI_FLAVOR_MIT - set to TRUE if MIT Kerberos has been found
+#  GSSAPI_FLAVOR_MIT - set to TURE if MIT Kerberos has been found
 #  GSSAPI_FLAVOR_HEIMDAL - set to TRUE if Heimdal Keberos has been found
 #  GSSAPI_FOUND - system has GSSAPI
 #  GSSAPI_INCLUDE_DIR - the GSSAPI include directory
 #  GSSAPI_LIBRARIES - Link these to use GSSAPI
 #  GSSAPI_DEFINITIONS - Compiler switches required for using GSSAPI
-#  GSSAPI_PC_REQUIRES - pkg-config module name if found, needed for
-#                       Requires.private for static linking
 #
 #=============================================================================
 #  Copyright (c) 2013 Andreas Schneider <asn@cryptomilk.org>
@@ -26,23 +24,12 @@
 #=============================================================================
 #

-set(_mit_modname "mit-krb5-gssapi")
-set(_heimdal_modname "heimdal-gssapi")
-
-if(NOT _GSSAPI_ROOT_HINTS AND NOT _GSSAPI_ROOT_PATHS)
-    find_package(PkgConfig QUIET)
-    if (PKG_CONFIG_FOUND)
-        pkg_search_module(_GSSAPI ${_mit_modname} ${_heimdal_modname})
-    endif()
-endif()
-
 find_path(GSSAPI_ROOT_DIR
    NAMES
        include/gssapi.h
        include/gssapi/gssapi.h
    HINTS
        ${_GSSAPI_ROOT_HINTS}
-        "${_GSSAPI_INCLUDEDIR}"
    PATHS
        ${_GSSAPI_ROOT_PATHS}
 )
@@ -330,15 +317,9 @@ endif (GSSAPI_FLAVOR_HEIMDAL)
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(GSSAPI DEFAULT_MSG GSSAPI_LIBRARIES GSSAPI_INCLUDE_DIR)

-if(GSSAPI_FOUND)
-    if(_GSSAPI_FOUND) # via pkg-config
-        if (GSSAPI_FLAVOR_MIT)
-            set(GSSAPI_PC_REQUIRES ${_mit_modname})
-        elseif (GSSAPI_FLAVOR_HEIMDAL)
-            set(GSSAPI_PC_REQUIRES ${_heimdal_modname})
-        endif()
-    endif()
-endif()
+if (GSSAPI_INCLUDE_DIRS AND GSSAPI_LIBRARIES)
+    set(GSSAPI_FOUND TRUE)
+endif (GSSAPI_INCLUDE_DIRS AND GSSAPI_LIBRARIES)

-# show the GSSAPI_INCLUDE_DIR and GSSAPI_LIBRARIES variables only in the advanced view
-mark_as_advanced(GSSAPI_INCLUDE_DIR GSSAPI_LIBRARIES)
+# show the GSSAPI_INCLUDE_DIRS and GSSAPI_LIBRARIES variables only in the advanced view
+mark_as_advanced(GSSAPI_INCLUDE_DIRS GSSAPI_LIBRARIES)
--- a/cmake/Modules/FindMbedTLS.cmake
+++ b/cmake/Modules/FindMbedTLS.cmake
@@ -34,7 +34,7 @@ set(_MBEDTLS_ROOT_HINTS_AND_PATHS

 find_path(MBEDTLS_INCLUDE_DIR
    NAMES
-        mbedtls/ssl.h
+        mbedtls/config.h
    HINTS
        ${_MBEDTLS_ROOT_HINTS_AND_PATHS}
    PATH_SUFFIXES
@@ -72,23 +72,13 @@ find_library(MBEDTLS_X509_LIBRARY
 set(MBEDTLS_LIBRARIES ${MBEDTLS_SSL_LIBRARY} ${MBEDTLS_CRYPTO_LIBRARY}
        ${MBEDTLS_X509_LIBRARY})

-# mbedtls 2.8
 if (MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h")
    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _mbedtls_version_str REGEX
            "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")

-    string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+\\.[0-9]+\\.[0-9]+).*$"
+    string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+.[0-9]+.[0-9]+).*"
            "\\1" MBEDTLS_VERSION "${_mbedtls_version_str}")
-endif()
-
-# mbedtls 3.6
-if (NOT MBEDTLS_VERSION AND MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h")
-    file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h" _mbedtls_version_str REGEX
-            "^#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"[0-9]+.[0-9]+.[0-9]+\"")
-
-    string(REGEX REPLACE "^.*MBEDTLS_VERSION_STRING.*([0-9]+\\.[0-9]+\\.[0-9]+).*$"
-            "\\1" MBEDTLS_VERSION "${_mbedtls_version_str}")
-endif()
+endif ()

 include(FindPackageHandleStandardArgs)
 if (MBEDTLS_VERSION)
@@ -103,8 +93,8 @@ if (MBEDTLS_VERSION)
            in the system variable MBEDTLS_ROOT_DIR"
    )
 else (MBEDTLS_VERSION)
-    find_package_handle_standard_args(MbedTLS
-        "Could NOT find mbedTLS, try to set the path to mbedTLS root folder in
+    find_package_handle_standard_args(MBedTLS
+        "Could NOT find mbedTLS, try to set the path to mbedLS root folder in
        the system variable MBEDTLS_ROOT_DIR"
        MBEDTLS_INCLUDE_DIR
        MBEDTLS_LIBRARIES)
@@ -112,32 +102,3 @@ endif (MBEDTLS_VERSION)

 # show the MBEDTLS_INCLUDE_DIRS and MBEDTLS_LIBRARIES variables only in the advanced view
 mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARIES)
-
-if(MBEDTLS_FOUND)
-  if(NOT TARGET MbedTLS::mbedcrypto)
-      add_library(MbedTLS::mbedcrypto UNKNOWN IMPORTED)
-      set_target_properties(MbedTLS::mbedcrypto PROPERTIES
-                            INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIR}"
-                            INTERFACE_LINK_LIBRARIES MbedTLS::mbedcrypto
-                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-                            IMPORTED_LOCATION "${MBEDTLS_CRYPTO_LIBRARY}")
-  endif()
-
-  if(NOT TARGET MbedTLS::mbedx509)
-      add_library(MbedTLS::mbedx509 UNKNOWN IMPORTED)
-      set_target_properties(MbedTLS::mbedx509 PROPERTIES
-                            INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIR}"
-                            INTERFACE_LINK_LIBRARIES MbedTLS::mbedx509
-                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-                            IMPORTED_LOCATION "${MBEDTLS_X509_LIBRARY}")
-  endif()
-
-  if(NOT TARGET MbedTLS::mbedtls)
-      add_library(MbedTLS::mbedtls UNKNOWN IMPORTED)
-      set_target_properties(MbedTLS::mbedtls PROPERTIES
-                            INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INCLUDE_DIR}"
-                            INTERFACE_LINK_LIBRARIES MbedTLS::mbedtls
-                            IMPORTED_LINK_INTERFACE_LANGUAGES "C"
-                            IMPORTED_LOCATION "${MBEDTLS_LIBRARY}")
-  endif()
-endif()
--- a/cmake/Modules/Findlibfido2.cmake
+++ b/cmake/Modules/Findlibfido2.cmake
@@ -1,63 +0,0 @@
-# - Try to find libfido2
-# Once done this will define
-#
-#  LIBFIDO2_ROOT_DIR - Set this variable to the root installation of libfido2
-#
-# Read-Only variables:
-#  LIBFIDO2_FOUND - system has libfido2
-#  LIBFIDO2_INCLUDE_DIR - the libfido2 include directory
-#  LIBFIDO2_LIBRARIES - Link these to use libfido2
-#
-# The libfido2 library provides support for communicating
-# with FIDO2/U2F devices over USB/NFC.
-#
-#  Copyright (c) 2025 Praneeth Sarode <praneethsarode@gmail.com>
-#
-#  Redistribution and use is allowed according to the terms of the New
-#  BSD license.
-#  For details see the accompanying COPYING-CMAKE-SCRIPTS file.
-#
-
-
-set(_LIBFIDO2_ROOT_HINTS
-    $ENV{LIBFIDO2_ROOT_DIR}
-    ${LIBFIDO2_ROOT_DIR}
-)
-
-set(_LIBFIDO2_ROOT_PATHS
-    "$ENV{PROGRAMFILES}/libfido2"
-)
-
-set(_LIBFIDO2_ROOT_HINTS_AND_PATHS
-    HINTS ${_LIBFIDO2_ROOT_HINTS}
-    PATHS ${_LIBFIDO2_ROOT_PATHS}
-)
-
-find_path(LIBFIDO2_INCLUDE_DIR
-    NAMES
-        fido.h
-    HINTS
-        ${_LIBFIDO2_ROOT_HINTS_AND_PATHS}
-    PATH_SUFFIXES
-        include
-)
-
-find_library(LIBFIDO2_LIBRARY
-    NAMES
-        fido2
-    HINTS
-        ${_LIBFIDO2_ROOT_HINTS_AND_PATHS}
-    PATH_SUFFIXES
-        lib
-        lib64
-)
-
-set(LIBFIDO2_LIBRARIES
-    ${LIBFIDO2_LIBRARY}
-)
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(libfido2 DEFAULT_MSG LIBFIDO2_LIBRARIES LIBFIDO2_INCLUDE_DIR)
-
-# show the LIBFIDO2_INCLUDE_DIR and LIBFIDO2_LIBRARIES variables only in the advanced view
-mark_as_advanced(LIBFIDO2_INCLUDE_DIR LIBFIDO2_LIBRARIES)
--- a/cmake/Modules/Findsofthsm.cmake
+++ b/cmake/Modules/Findsofthsm.cmake
@@ -1,36 +0,0 @@
-# - Try to find softhsm
-# Once done this will define
-#
-#  SOFTHSM_FOUND - system has softhsm
-#  SOFTHSM_LIBRARIES - Link these to use softhsm
-#
-#=============================================================================
-#  Copyright (c) 2019 Sahana Prasad <sahana@redhat.com>
-#
-#  Distributed under the OSI-approved BSD License (the "License");
-#  see accompanying file Copyright.txt for details.
-#
-#  This software is distributed WITHOUT ANY WARRANTY; without even the
-#  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-#  See the License for more information.
-#=============================================================================
-#
-
-
-find_library(SOFTHSM2_LIBRARY
-    NAMES
-        softhsm2
-)
-
-if (SOFTHSM2_LIBRARY)
-    set(SOFTHSM_LIBRARIES
-        ${SOFTHSM_LIBRARIES}
-        ${SOFTHSM2_LIBRARY}
-    )
-endif (SOFTHSM2_LIBRARY)
-
-include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(softhsm DEFAULT_MSG SOFTHSM_LIBRARIES)
-
-# show the SOFTHSM_INCLUDE_DIR and SOFTHSM_LIBRARIES variables only in the advanced view
-mark_as_advanced(SOFTHSM_LIBRARIES)
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -9,11 +9,9 @@
 #cmakedefine SOURCEDIR "${SOURCEDIR}"

 /* Global bind configuration file path */
-#cmakedefine USR_GLOBAL_BIND_CONFIG "${USR_GLOBAL_BIND_CONFIG}"
 #cmakedefine GLOBAL_BIND_CONFIG "${GLOBAL_BIND_CONFIG}"

 /* Global client configuration file path */
-#cmakedefine USR_GLOBAL_CLIENT_CONFIG "${USR_GLOBAL_CLIENT_CONFIG}"
 #cmakedefine GLOBAL_CLIENT_CONFIG "${GLOBAL_CLIENT_CONFIG}"

 /************************** HEADER FILES *************************/
@@ -60,15 +58,15 @@
 /* Define to 1 if you have the <stdint.h> header file. */
 #cmakedefine HAVE_STDINT_H 1

-/* Define to 1 if you have the <ifaddrs.h> header file. */
-#cmakedefine HAVE_IFADDRS_H 1
-
 /* Define to 1 if you have the <openssl/aes.h> header file. */
 #cmakedefine HAVE_OPENSSL_AES_H 1

 /* Define to 1 if you have the <wspiapi.h> header file. */
 #cmakedefine HAVE_WSPIAPI_H 1

+/* Define to 1 if you have the <openssl/blowfish.h> header file. */
+#cmakedefine HAVE_OPENSSL_BLOWFISH_H 1
+
 /* Define to 1 if you have the <openssl/des.h> header file. */
 #cmakedefine HAVE_OPENSSL_DES_H 1

@@ -84,38 +82,62 @@
 /* Define to 1 if you have the <pthread.h> header file. */
 #cmakedefine HAVE_PTHREAD_H 1

-/* Define to 1 if you have elliptic curve cryptography in openssl */
+/* Define to 1 if you have eliptic curve cryptography in openssl */
 #cmakedefine HAVE_OPENSSL_ECC 1

-/* Define to 1 if mbedTLS supports curve25519 */
-#cmakedefine HAVE_MBEDTLS_CURVE25519 1
-
-/* Define to 1 if you have elliptic curve cryptography in gcrypt */
+/* Define to 1 if you have eliptic curve cryptography in gcrypt */
 #cmakedefine HAVE_GCRYPT_ECC 1

-/* Define to 1 if you have elliptic curve cryptography */
+/* Define to 1 if you have eliptic curve cryptography */
 #cmakedefine HAVE_ECC 1

-/* Define to 1 if you have gl_flags as a glob_t struct member */
+/* Define to 1 if you have DSA */
+#cmakedefine HAVE_DSA 1
+
+/* Define to 1 if you have gl_flags as a glob_t sturct member */
 #cmakedefine HAVE_GLOB_GL_FLAGS_MEMBER 1

-/* Define to 1 if you have gcrypt with ChaCha20/Poly1305 support */
-#cmakedefine HAVE_GCRYPT_CHACHA_POLY 1
+/* Define to 1 if you have OpenSSL with Ed25519 support */
+#cmakedefine HAVE_OPENSSL_ED25519 1

-/* Define to 1 if you have gcrypt with curve25519 support */
-#cmakedefine HAVE_GCRYPT_CURVE25519
+/* Define to 1 if you have OpenSSL with X25519 support */
+#cmakedefine HAVE_OPENSSL_X25519 1

 /*************************** FUNCTIONS ***************************/

-/* Define to 1 if you have the `EVP_chacha20' function. */
-#cmakedefine HAVE_OPENSSL_EVP_CHACHA20 1
+/* Define to 1 if you have the `EVP_aes128_ctr' function. */
+#cmakedefine HAVE_OPENSSL_EVP_AES_CTR 1

-/* Define to 1 if you have the `EVP_KDF_CTX_new_id' or `EVP_KDF_CTX_new` function. */
-#cmakedefine HAVE_OPENSSL_EVP_KDF_CTX 1
+/* Define to 1 if you have the `EVP_aes128_cbc' function. */
+#cmakedefine HAVE_OPENSSL_EVP_AES_CBC 1
+
+/* Define to 1 if you have the `EVP_aes128_gcm' function. */
+#cmakedefine HAVE_OPENSSL_EVP_AES_GCM 1
+
+/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
+#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
+
+/* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
+#cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
+
+/* Define to 1 if you have the `EVP_CIPHER_CTX_new' function. */
+#cmakedefine HAVE_OPENSSL_EVP_CIPHER_CTX_NEW 1
+
+/* Define to 1 if you have the `EVP_KDF_CTX_new_id' function. */
+#cmakedefine HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID 1

 /* Define to 1 if you have the `FIPS_mode' function. */
 #cmakedefine HAVE_OPENSSL_FIPS_MODE 1

+/* Define to 1 if you have the `EVP_DigestSign' function. */
+#cmakedefine HAVE_OPENSSL_EVP_DIGESTSIGN 1
+
+/* Define to 1 if you have the `EVP_DigestVerify' function. */
+#cmakedefine HAVE_OPENSSL_EVP_DIGESTVERIFY 1
+
+/* Define to 1 if you have the `OPENSSL_ia32cap_loc' function. */
+#cmakedefine HAVE_OPENSSL_IA32CAP_LOC 1
+
 /* Define to 1 if you have the `snprintf' function. */
 #cmakedefine HAVE_SNPRINTF 1

@@ -179,9 +201,6 @@
 /* Define to 1 if you have the `explicit_bzero' function. */
 #cmakedefine HAVE_EXPLICIT_BZERO 1

-/* Define to 1 if you have the `memset_explicit' function. */
-#cmakedefine HAVE_MEMSET_EXPLICIT 1
-
 /* Define to 1 if you have the `memset_s' function. */
 #cmakedefine HAVE_MEMSET_S 1

@@ -191,18 +210,6 @@
 /* Define to 1 if you have the `cmocka_set_test_filter' function. */
 #cmakedefine HAVE_CMOCKA_SET_TEST_FILTER 1

-/* Define to 1 if we have support for blowfish */
-#cmakedefine HAVE_BLOWFISH 1
-
-/* Define to 1 if we have support for ML-KEM in libgcrypt */
-#cmakedefine HAVE_GCRYPT_MLKEM 1
-
-/* Define to 1 if we have support for ML-KEM in OpenSSL */
-#cmakedefine HAVE_OPENSSL_MLKEM 1
-
-/* Define to 1 if we have support for ML-KEM1024 in either backend */
-#cmakedefine HAVE_MLKEM1024 1
-
 /*************************** LIBRARIES ***************************/

 /* Define to 1 if you have the `crypto' library (-lcrypto). */
@@ -220,10 +227,6 @@
 /* Define to 1 if you have the `cmocka' library (-lcmocka). */
 #cmakedefine HAVE_CMOCKA 1

-/* Define to 1 if you have the `libfido2' library (-lfido2).
- * This is required for interacting with FIDO2/U2F devices over USB-HID. */
-#cmakedefine HAVE_LIBFIDO2 1
-
 /**************************** OPTIONS ****************************/

 #cmakedefine HAVE_GCC_THREAD_LOCAL_STORAGE 1
@@ -231,7 +234,6 @@

 #cmakedefine HAVE_FALLTHROUGH_ATTRIBUTE 1
 #cmakedefine HAVE_UNUSED_ATTRIBUTE 1
-#cmakedefine HAVE_WEAK_ATTRIBUTE 1

 #cmakedefine HAVE_CONSTRUCTOR_ATTRIBUTE 1
 #cmakedefine HAVE_DESTRUCTOR_ATTRIBUTE 1
@@ -258,14 +260,6 @@
 /* Define to 1 if you want to enable DH group exchange algorithms */
 #cmakedefine WITH_GEX 1

-/* Define to 1 if you want to enable insecure none cipher and MAC */
-#cmakedefine WITH_INSECURE_NONE 1
-
-/* Define to 1 if you want to allow libssh to execute arbitrary commands from
- * configuration files or options (match exec, proxy commands and OpenSSH-based
- * proxy-jumps). */
-#cmakedefine WITH_EXEC 1
-
 /* Define to 1 if you want to enable blowfish cipher support */
 #cmakedefine WITH_BLOWFISH_CIPHER 1

@@ -284,15 +278,6 @@
 /* Define to 1 if you want to enable NaCl support */
 #cmakedefine WITH_NACL 1

-/* Define to 1 if you want to enable PKCS #11 URI support */
-#cmakedefine WITH_PKCS11_URI 1
-
-/* Define to 1 if we want to build a support for PKCS #11 provider. */
-#cmakedefine WITH_PKCS11_PROVIDER 1
-
-/* Define to 1 if you want to enable FIDO2/U2F support */
-#cmakedefine WITH_FIDO2 1
-
 /*************************** ENDIAN *****************************/

 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -1,247 +1,49 @@
 #
 # Build the documentation
 #
-# To build the documentation with a local doxygen-awesome-css directory:
-#
-#   cmake -S . -B obj \
-#         -DDOXYGEN_AWESOME_CSS_DIR=/path/to/doxygen-awesome-css
-#   cmake --build obj --target docs
-#
-# The tarball can be downloaded from:
-#   https://github.com/jothepro/doxygen-awesome-css/archive/refs/tags/v2.4.1.tar.gz
-#
+if (${CMAKE_VERSION} VERSION_GREATER "3.8.99")
+
 find_package(Doxygen)

 if (DOXYGEN_FOUND)
-    set(DOXYGEN_AWESOME_CSS_PROJECT
-        "https://github.com/jothepro/doxygen-awesome-css")
-    set(DOXYGEN_AWESOME_CSS_VERSION "2.4.1")
-    set(DOXYGEN_AWESOME_CSS_URL
-        "${DOXYGEN_AWESOME_CSS_PROJECT}/archive/refs/tags/v${DOXYGEN_AWESOME_CSS_VERSION}.tar.gz"
-    )
-
-    # Allow specifying a local doxygen-awesome-css directory (useful for
-    # packaging)
-    if (NOT DEFINED DOXYGEN_AWESOME_CSS_DIR)
-        # Custom target to download doxygen-awesome-css at build time
-        add_custom_target(
-            doxygen-awesome-css
-            COMMAND
-                ${CMAKE_COMMAND} -DURL=${DOXYGEN_AWESOME_CSS_URL}
-                -DDEST_DIR=${CMAKE_CURRENT_BINARY_DIR}
-                -DVERSION=${DOXYGEN_AWESOME_CSS_VERSION} -P
-                ${CMAKE_CURRENT_SOURCE_DIR}/fetch_doxygen_awesome.cmake
-            COMMENT "Fetching doxygen-awesome-css theme")
-
-        set(AWESOME_CSS_DIR
-            "${CMAKE_CURRENT_BINARY_DIR}/doxygen-awesome-css-${DOXYGEN_AWESOME_CSS_VERSION}"
-        )
-    else ()
-        message(
-            STATUS
-                "Using doxygen-awesome-css from ${DOXYGEN_AWESOME_CSS_DIR}")
-        set(AWESOME_CSS_DIR "${DOXYGEN_AWESOME_CSS_DIR}")
-    endif ()
-
-    # Project title shown in documentation
    set(DOXYGEN_PROJECT_NAME ${PROJECT_NAME})
-    # Project version number shown in documentation
    set(DOXYGEN_PROJECT_NUMBER ${PROJECT_VERSION})
-    # Brief description shown below project name
    set(DOXYGEN_PROJECT_BRIEF "The SSH library")
-    # Project favicon (browser tab icon)
-    set(DOXYGEN_PROJECT_ICON ${CMAKE_CURRENT_SOURCE_DIR}/favicon.png)

-    # Number of spaces used for indentation in code blocks
    set(DOXYGEN_TAB_SIZE 4)
-    # Generate output optimized for C (vs C++)
    set(DOXYGEN_OPTIMIZE_OUTPUT_FOR_C YES)
-    # Enable parsing of markdown in comments
    set(DOXYGEN_MARKDOWN_SUPPORT YES)
-    # Warn about undocumented members to improve documentation quality
-    set(DOXYGEN_WARN_IF_UNDOCUMENTED YES)
-    # Do not extract private class members
-    set(DOXYGEN_EXTRACT_PRIVATE NO)
-    if (WITH_INTERNAL_DOC)
-        # Include internal documentation
-        set(DOXYGEN_INTERNAL_DOCS YES)
-    else ()
-        # Do not include internal documentation
-        set(DOXYGEN_INTERNAL_DOCS NO)
-    endif( WITH_INTERNAL_DOC)
-    # Disable built-in clipboard (using doxygen-awesome extension instead)
-    set(DOXYGEN_HTML_COPY_CLIPBOARD NO)
-    # Disable page outline panel (using interactive TOC extension instead)
-    set(DOXYGEN_PAGE_OUTLINE_PANEL NO)
+    set(DOXYGEN_FULL_PATH_NAMES NO)

-    # Required configuration for doxygen-awesome-css theme Generate treeview
-    # sidebar for navigation
-    set(DOXYGEN_GENERATE_TREEVIEW YES)
-    # Enable default index pages
-    set(DOXYGEN_DISABLE_INDEX NO)
-    # Use top navigation bar instead of full sidebar (required for theme
-    # compatibility)
-    set(DOXYGEN_FULL_SIDEBAR NO)
-    # Use light color style (required for Doxygen >= 1.9.5)
-    set(DOXYGEN_HTML_COLORSTYLE LIGHT)
+    set(DOXYGEN_PREDEFINED DOXYGEN
+                           WITH_SERVER
+                           WITH_SFTP
+                           PRINTF_ATTRIBUTE(x,y))

-    # Disable diagram generation (not relevant for C projects)
-    set(DOXYGEN_HAVE_DOT NO)
-    set(DOXYGEN_CLASS_DIAGRAMS NO)
-    set(DOXYGEN_CALL_GRAPH NO)
-    set(DOXYGEN_CALLER_GRAPH NO)
-
-    # Preprocessor defines to use when parsing code
-    set(DOXYGEN_PREDEFINED DOXYGEN WITH_SERVER WITH_SFTP
-                           PRINTF_ATTRIBUTE\(x,y\))
-
-    # Exclude patterns for files we don't want to document
-    set(DOXYGEN_EXCLUDE_PATTERNS */src/external/* fe25519.h ge25519.h sc25519.h
-                                 blf.h)
-    # Exclude internal structures from documentation
-    set(DOXYGEN_EXCLUDE_SYMBOLS_STRUCTS
-        chacha20_poly1305_keysched,
-        dh_ctx,
-        dh_ctx,
-        dh_keypair,
-        error_struct,
-        packet_struct,
-        pem_get_password_struct,
-        ssh_tokens_st,
-        sftp_attributes_struct,
-        sftp_client_message_struct,
-        sftp_dir_struct,
-        sftp_ext_struct,
-        sftp_file_struct,
-        sftp_message_struct,
-        sftp_packet_struct,
-        sftp_request_queue_struct,
-        sftp_session_struct,
-        sftp_status_message_struct,
-        ssh_agent_state_struct,
-        ssh_agent_struct,
-        ssh_auth_auto_state_struct,
-        ssh_auth_request,
-        ssh_bind_config_keyword_table_s,
-        ssh_bind_config_match_keyword_table_s,
-        ssh_bind_struct,
-        ssh_buffer_struct,
-        ssh_channel_callbacks_struct,
-        ssh_channel_read_termination_struct,
-        ssh_channel_request,
-        ssh_channel_request_open,
-        ssh_channel_struct,
-        ssh_cipher_struct,
-        ssh_common_struct,
-        ssh_config_keyword_table_s,
-        ssh_config_match_keyword_table_s,
-        ssh_connector_struct,
-        ssh_counter_struct,
-        ssh_crypto_struct,
-        ssh_event_fd_wrapper,
-        ssh_event_struct,
-        ssh_global_request,
-        ssh_gssapi_struct,
-        ssh_hmac_struct,
-        ssh_iterator,
-        ssh_kbdint_struct,
-        ssh_kex_struct,
-        ssh_key_struct,
-        ssh_knownhosts_entry,
-        ssh_list,
-        ssh_mac_ctx_struct,
-        ssh_message_struct,
-        ssh_packet_callbacks_struct,
-        ssh_packet_header,
-        ssh_poll_ctx_struct,
-        ssh_poll_handle_struct,
-        ssh_pollfd_struct,
-        ssh_private_key_struct,
-        ssh_public_key_struct,
-        ssh_scp_struct,
-        ssh_service_request,
-        ssh_session_struct,
-        ssh_signature_struct,
-        ssh_socket_struct,
-        ssh_string_struct,
-        ssh_threads_callbacks_struct,
-        ssh_timestamp)
-    set(DOXYGEN_EXCLUDE_SYMBOLS_MACRO
-        SSH_FXP*,
-        SSH_SOCKET*,
-        SERVERBANNER,
-        SOCKOPT_TYPE_ARG4,
-        SSH_FILEXFER*,
-        SSH_FXF*,
-        SSH_S_*,
-        SFTP_*,
-        NSS_BUFLEN_PASSWD,
-        CLOCK,
-        MAX_LINE_SIZE,
-        PKCS11_URI,
-        KNOWNHOSTS_MAXTYPES)
-    set(DOXYGEN_EXCLUDE_SYMBOLS_TYPEDEFS
-        sftp_attributes,
-        sftp_client_message,
-        sftp_dir,
-        sftp_ext,
-        sftp_file,
-        sftp_message,
-        sftp_packet,
-        sftp_request_queue,
-        sftp_status_message,
-        sftp_statvfs_t,
-        poll_fn,
-        ssh_callback_int,
-        ssh_callback_data,
-        ssh_callback_int_int,
-        ssh_message_callback,
-        ssh_channel_callback_int,
-        ssh_channel_callback_data,
-        ssh_callbacks,
-        ssh_gssapi_select_oid_callback,
-        ssh_gssapi_accept_sec_ctx_callback,
-        ssh_gssapi_verify_mic_callback,
-        ssh_server_callbacks,
-        ssh_socket_callbacks,
-        ssh_packet_callbacks,
-        ssh_channel_callbacks,
-        ssh_bind,
-        ssh_bind_callbacks)
-    set(DOXYGEN_EXCLUDE_SYMBOLS
-        ${DOXYGEN_EXCLUDE_SYMBOLS_STRUCTS} ${DOXYGEN_EXCLUDE_SYMBOLS_MACRO}
-        ${DOXYGEN_EXCLUDE_SYMBOLS_TYPEDEFS})
-
-    # Custom layout file to rename "Topics" to "API Reference" and simplify
-    # navigation
-    set(DOXYGEN_LAYOUT_FILE ${CMAKE_CURRENT_SOURCE_DIR}/DoxygenLayout.xml)
-    # Custom HTML header with doxygen-awesome extension initialization
-    set(DOXYGEN_HTML_HEADER ${CMAKE_CURRENT_SOURCE_DIR}/header.html)
-    # Modern CSS theme for documentation with custom libssh.org color scheme
-    set(DOXYGEN_HTML_EXTRA_STYLESHEET
-        ${AWESOME_CSS_DIR}/doxygen-awesome.css
-        ${CMAKE_CURRENT_SOURCE_DIR}/doxygen-custom.css)
-    # JavaScript extensions: dark mode toggle, copy button, paragraph links,
-    # interactive TOC
-    set(DOXYGEN_HTML_EXTRA_FILES
-        ${AWESOME_CSS_DIR}/doxygen-awesome-darkmode-toggle.js
-        ${AWESOME_CSS_DIR}/doxygen-awesome-fragment-copy-button.js
-        ${AWESOME_CSS_DIR}/doxygen-awesome-paragraph-link.js
-        ${AWESOME_CSS_DIR}/doxygen-awesome-interactive-toc.js)
+    set(DOXYGEN_EXCLUDE ${CMAKE_CURRENT_SOURCE_DIR}/that_style)
+    set(DOXYGEN_HTML_HEADER ${CMAKE_CURRENT_SOURCE_DIR}/that_style/header.html)
+    set(DOXYGEN_HTML_EXTRA_STYLESHEET ${CMAKE_CURRENT_SOURCE_DIR}/that_style/that_style.css)
+    set(DOXYGEN_HTML_EXTRA_FILES ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/nav_edge_left.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/nav_edge_right.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/nav_edge_inter.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/sync_off.png
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/sync_on.png
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/splitbar_handle.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/doc.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/mag_glass.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/folderclosed.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/img/folderopen.svg
+                                 ${CMAKE_CURRENT_SOURCE_DIR}/that_style/js/striped_bg.js)

+    # This updates the Doxyfile if we do changes here
    set(_doxyfile_template "${CMAKE_BINARY_DIR}/CMakeDoxyfile.in")
    set(_target_doxyfile "${CMAKE_CURRENT_BINARY_DIR}/Doxyfile.docs")
    configure_file("${_doxyfile_template}" "${_target_doxyfile}")

-    doxygen_add_docs(docs ${CMAKE_SOURCE_DIR}/include/libssh
-                     ${CMAKE_SOURCE_DIR}/src ${CMAKE_CURRENT_SOURCE_DIR})
+    doxygen_add_docs(docs
+                     ${CMAKE_SOURCE_DIR}/include/libssh
+                     ${CMAKE_SOURCE_DIR}/src
+                     ${CMAKE_CURRENT_SOURCE_DIR})
+endif() # DOXYGEN_FOUND

-    # Make docs depend on doxygen-awesome-css download (if not using local dir)
-    if (TARGET doxygen-awesome-css)
-        add_dependencies(docs doxygen-awesome-css)
-    endif ()
-
-    add_custom_target(
-        docs_coverage COMMAND ${CMAKE_SOURCE_DIR}/doc/doc_coverage.sh
-                              ${CMAKE_BINARY_DIR})
-endif (DOXYGEN_FOUND)
+endif() # CMAKE_VERSION
--- a/doc/DoxygenLayout.xml
+++ b/doc/DoxygenLayout.xml
@@ -1,242 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<doxygenlayout version="2.0">
-  <!-- Generated by doxygen 1.14.0 -->
-  <!-- Navigation index tabs for HTML output -->
-  <navindex>
-    <tab type="mainpage" visible="yes" title=""/>
-    <tab type="topics" visible="yes" title="API Reference" intro=""/>
-    <tab type="pages" visible="yes" title="" intro=""/>
-    <tab type="files" visible="yes" title="">
-      <tab type="filelist" visible="yes" title="" intro=""/>
-      <tab type="globals" visible="yes" title="" intro=""/>
-    </tab>
-    <tab type="structs" visible="yes" title="">
-      <tab type="structlist" visible="yes" title="" intro=""/>
-      <tab type="structindex" visible="$ALPHABETICAL_INDEX" title=""/>
-    </tab>
-  </navindex>
-
-  <!-- Layout definition for a class page -->
-  <class>
-    <briefdescription visible="yes"/>
-    <includes visible="$SHOW_HEADERFILE"/>
-    <inheritancegraph visible="yes"/>
-    <collaborationgraph visible="yes"/>
-    <memberdecl>
-      <nestedclasses visible="yes" title=""/>
-      <publictypes visible="yes" title=""/>
-      <services visible="yes" title=""/>
-      <interfaces visible="yes" title=""/>
-      <publicslots visible="yes" title=""/>
-      <signals visible="yes" title=""/>
-      <publicmethods visible="yes" title=""/>
-      <publicstaticmethods visible="yes" title=""/>
-      <publicattributes visible="yes" title=""/>
-      <publicstaticattributes visible="yes" title=""/>
-      <protectedtypes visible="yes" title=""/>
-      <protectedslots visible="yes" title=""/>
-      <protectedmethods visible="yes" title=""/>
-      <protectedstaticmethods visible="yes" title=""/>
-      <protectedattributes visible="yes" title=""/>
-      <protectedstaticattributes visible="yes" title=""/>
-      <packagetypes visible="yes" title=""/>
-      <packagemethods visible="yes" title=""/>
-      <packagestaticmethods visible="yes" title=""/>
-      <packageattributes visible="yes" title=""/>
-      <packagestaticattributes visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-      <events visible="yes" title=""/>
-      <privatetypes visible="yes" title=""/>
-      <privateslots visible="yes" title=""/>
-      <privatemethods visible="yes" title=""/>
-      <privatestaticmethods visible="yes" title=""/>
-      <privateattributes visible="yes" title=""/>
-      <privatestaticattributes visible="yes" title=""/>
-      <friends visible="yes" title=""/>
-      <related visible="yes" title="" subtitle=""/>
-      <membergroups visible="yes"/>
-    </memberdecl>
-    <detaileddescription visible="yes" title=""/>
-    <memberdef>
-      <inlineclasses visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <services visible="yes" title=""/>
-      <interfaces visible="yes" title=""/>
-      <constructors visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <related visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-      <events visible="yes" title=""/>
-    </memberdef>
-    <allmemberslink visible="yes"/>
-    <usedfiles visible="$SHOW_USED_FILES"/>
-    <authorsection visible="yes"/>
-  </class>
-
-  <!-- Layout definition for a namespace page -->
-  <namespace>
-    <briefdescription visible="yes"/>
-    <memberdecl>
-      <nestednamespaces visible="yes" title=""/>
-      <constantgroups visible="yes" title=""/>
-      <interfaces visible="yes" title=""/>
-      <classes visible="yes" title=""/>
-      <concepts visible="yes" title=""/>
-      <structs visible="yes" title=""/>
-      <exceptions visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <sequences visible="yes" title=""/>
-      <dictionaries visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-      <membergroups visible="yes"/>
-    </memberdecl>
-    <detaileddescription visible="yes" title=""/>
-    <memberdef>
-      <inlineclasses visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <sequences visible="yes" title=""/>
-      <dictionaries visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-    </memberdef>
-    <authorsection visible="yes"/>
-  </namespace>
-
-  <!-- Layout definition for a concept page -->
-  <concept>
-    <briefdescription visible="yes"/>
-    <includes visible="$SHOW_HEADERFILE"/>
-    <definition visible="yes" title=""/>
-    <detaileddescription visible="yes" title=""/>
-    <authorsection visible="yes"/>
-  </concept>
-
-  <!-- Layout definition for a file page -->
-  <file>
-    <briefdescription visible="yes"/>
-    <includes visible="$SHOW_INCLUDE_FILES"/>
-    <includegraph visible="yes"/>
-    <includedbygraph visible="yes"/>
-    <sourcelink visible="yes"/>
-    <memberdecl>
-      <interfaces visible="yes" title=""/>
-      <classes visible="yes" title=""/>
-      <structs visible="yes" title=""/>
-      <exceptions visible="yes" title=""/>
-      <namespaces visible="yes" title=""/>
-      <concepts visible="yes" title=""/>
-      <constantgroups visible="yes" title=""/>
-      <defines visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <sequences visible="yes" title=""/>
-      <dictionaries visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-      <membergroups visible="yes"/>
-    </memberdecl>
-    <detaileddescription visible="yes" title=""/>
-    <memberdef>
-      <inlineclasses visible="yes" title=""/>
-      <defines visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <sequences visible="yes" title=""/>
-      <dictionaries visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-    </memberdef>
-    <authorsection/>
-  </file>
-
-  <!-- Layout definition for a group page -->
-  <group>
-    <briefdescription visible="yes"/>
-    <groupgraph visible="yes"/>
-    <memberdecl>
-      <nestedgroups visible="yes" title=""/>
-      <modules visible="yes" title=""/>
-      <dirs visible="yes" title=""/>
-      <files visible="yes" title=""/>
-      <namespaces visible="yes" title=""/>
-      <concepts visible="yes" title=""/>
-      <classes visible="yes" title=""/>
-      <defines visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <sequences visible="yes" title=""/>
-      <dictionaries visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <enumvalues visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <signals visible="yes" title=""/>
-      <publicslots visible="yes" title=""/>
-      <protectedslots visible="yes" title=""/>
-      <privateslots visible="yes" title=""/>
-      <events visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-      <friends visible="yes" title=""/>
-      <membergroups visible="yes"/>
-    </memberdecl>
-    <detaileddescription visible="yes" title=""/>
-    <memberdef>
-      <pagedocs/>
-      <inlineclasses visible="yes" title=""/>
-      <defines visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <sequences visible="yes" title=""/>
-      <dictionaries visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <enumvalues visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <signals visible="yes" title=""/>
-      <publicslots visible="yes" title=""/>
-      <protectedslots visible="yes" title=""/>
-      <privateslots visible="yes" title=""/>
-      <events visible="yes" title=""/>
-      <properties visible="yes" title=""/>
-      <friends visible="yes" title=""/>
-    </memberdef>
-    <authorsection visible="yes"/>
-  </group>
-
-  <!-- Layout definition for a C++20 module page -->
-  <module>
-    <briefdescription visible="yes"/>
-    <exportedmodules visible="yes"/>
-    <memberdecl>
-      <concepts visible="yes" title=""/>
-      <classes visible="yes" title=""/>
-      <enums visible="yes" title=""/>
-      <typedefs visible="yes" title=""/>
-      <functions visible="yes" title=""/>
-      <variables visible="yes" title=""/>
-      <membergroups visible="yes" title=""/>
-    </memberdecl>
-    <detaileddescription visible="yes" title=""/>
-    <memberdecl>
-      <files visible="yes"/>
-    </memberdecl>
-  </module>
-
-  <!-- Layout definition for a directory page -->
-  <directory>
-    <briefdescription visible="yes"/>
-    <directorygraph visible="yes"/>
-    <memberdecl>
-      <dirs visible="yes"/>
-      <files visible="yes"/>
-    </memberdecl>
-    <detaileddescription visible="yes" title=""/>
-  </directory>
-</doxygenlayout>
--- a/doc/README.gitlab.freebsd.md
+++ b/doc/README.gitlab.freebsd.md
@@ -1,101 +0,0 @@
-# Install a FreeBSD CI instance
-
-Install the following packages:
-
-```
-pkg install -y bash git gmake cmake cmocka openssl wget pkgconf ccache bash
-```
-
-Create gitlab-runner user:
-
-```
-pw group add -n gitlab-runner
-pw user add -n gitlab-runner -g gitlab-runner -s /usr/local/bin/bash
-mkdir /home/gitlab-runner
-chown gitlab-runner:gitlab-runner /home/gitlab-runner
-```
-
-Get the gitlab-runner binary for freebsd:
-
-```
-wget -O /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-freebsd-amd64
-chmod +x /usr/local/bin/gitlab-runner
-```
-
-Create a log file and allow access:
-
-```
-touch /var/log/gitlab_runner.log && chown gitlab-runner:gitlab-runner /var/log/gitlab_runner.log
-```
-
-We need a start script to run it on boot:
-
-```
-mkdir -p /usr/local/etc/rc.d
-cat > /usr/local/etc/rc.d/gitlab_runner << EOF
-#!/usr/local/bin/bash
-# PROVIDE: gitlab_runner
-# REQUIRE: DAEMON NETWORKING
-# BEFORE:
-# KEYWORD:
-
-. /etc/rc.subr
-
-name="gitlab_runner"
-rcvar="gitlab_runner_enable"
-
-load_rc_config $name
-
-user="gitlab-runner"
-user_home="/home/gitlab-runner"
-command="/usr/local/bin/gitlab-runner run"
-pidfile="/var/run/${name}.pid"
-
-start_cmd="gitlab_runner_start"
-stop_cmd="gitlab_runner_stop"
-status_cmd="gitlab_runner_status"
-
-gitlab_runner_start()
-{
-    export USER=${user}
-    export HOME=${user_home}
-
-    if checkyesno ${rcvar}; then
-        cd ${user_home}
-        /usr/sbin/daemon -u ${user} -p ${pidfile} ${command} > /var/log/gitlab_runner.log 2>&1
-    fi
-}
-
-gitlab_runner_stop()
-{
-    if [ -f ${pidfile} ]; then
-        kill `cat ${pidfile}`
-    fi
-}
-
-gitlab_runner_status()
-{
-    if [ ! -f ${pidfile} ] || kill -0 `cat ${pidfile}`; then
-        echo "Service ${name} is not running."
-    else
-        echo "${name} appears to be running."
-    fi
-}
-
-run_rc_command $1
-EOF
-chmod +x /usr/local/etc/rc.d/gitlab_runner
-```
-
-Register your gitlab-runner with your gitlab project
-
-```
-su gitlab-runner -c 'gitlab-runner register'
-```
-
-Start the gitlab runner service:
-
-```
-sysrc -f /etc/rc.conf "gitlab_runner_enable=YES"
-service gitlab_runner start
-```
--- a/doc/authentication.dox
+++ b/doc/authentication.dox
@@ -33,9 +33,6 @@ The process of authenticating by public key to a server is the following:
   used to authenticate the user).
 - then, you retrieve the private key for this key and send a message
   proving that you know that private key.
- - when several identity files are specified, then the order of processing of
-   these files is from the last-mentioned to the first one
-   (if specified in the ~/.ssh/config, then starting from the bottom to the top).

 The function ssh_userauth_autopubkey() does this using the available keys in
 "~/.ssh/".  The return values are the following:
@@ -105,7 +102,7 @@ Here is a small example of password authentication:
@code
 int authenticate_password(ssh_session session)
 {
-  char *password = NULL;
+  char *password;
  int rc;

  password = getpass("Enter your password: ");
@@ -218,7 +215,7 @@ int authenticate_kbdint(ssh_session session)
  rc = ssh_userauth_kbdint(session, NULL, NULL);
  while (rc == SSH_AUTH_INFO)
  {
-    const char *name = NULL, *instruction = NULL;
+    const char *name, *instruction;
    int nprompts, iprompt;

    name = ssh_userauth_kbdint_getname(session);
@@ -231,7 +228,7 @@ int authenticate_kbdint(ssh_session session)
      printf("%s\n", instruction);
    for (iprompt = 0; iprompt < nprompts; iprompt++)
    {
-      const char *prompt = NULL;
+      const char *prompt;
      char echo;

      prompt = ssh_userauth_kbdint_getprompt(session, iprompt, &echo);
@@ -251,7 +248,7 @@ int authenticate_kbdint(ssh_session session)
      }
      else
      {
-        char *ptr = NULL;
+        char *ptr;

        ptr = getpass(prompt);
        if (ssh_userauth_kbdint_setanswer(session, iprompt, ptr) < 0)
@@ -354,7 +351,7 @@ The following example shows how to retrieve and dispose the issue banner:
 int display_banner(ssh_session session)
 {
  int rc;
-  char *banner = NULL;
+  char *banner;

 /*
 *** Does not work without calling ssh_userauth_none() first ***
--- a/doc/command.dox
+++ b/doc/command.dox
@@ -22,7 +22,7 @@ a SSH session that uses this channel:
@code
 int show_remote_files(ssh_session session)
 {
-  ssh_channel channel = NULL;
+  ssh_channel channel;
  int rc;

  channel = ssh_channel_new(session);
@@ -91,10 +91,4 @@ that it used:
 }
@endcode

-Warning: In a single channel, only ONE command can be executed!
-If you want to executed multiple commands, allocate separate channels for
-them or consider opening interactive shell.
-Attempting to run multiple consecutive commands in one channel will fail.
-
-
 */
--- a/doc/curve25519-sha256@libssh.org.txt
+++ b/doc/curve25519-sha256@libssh.org.txt
@@ -3,13 +3,13 @@ curve25519-sha256@libssh.org.txt        Aris Adamantiadis <aris@badcode.be>

 1. Introduction

-This document describes the key exchange method curve25519-sha256@libssh.org
+This document describes the key exchange methode curve25519-sha256@libssh.org
 for SSH version 2 protocol. It is provided as an alternative to the existing
 key exchange mechanisms based on either Diffie-Hellman or Elliptic Curve Diffie-
 Hellman [RFC5656].
 The reason is the following : During summer of 2013, revelations from ex-
 consultant at NSA Edward Snowden gave proof that NSA willingly inserts backdoors
-into software, hardware components and published standards. While it is still
+into softwares, hardware components and published standards. While it is still
 believed that the mathematics behind ECC cryptography are still sound and solid,
 some people (including Bruce Schneier [SCHNEIER]), showed their lack of confidence
 in NIST-published curves such as nistp256, nistp384, nistp521, for which constant
@@ -42,8 +42,8 @@ The following is an overview of the key exchange process:
 Client                                                            Server
 ------                                                            ------
 Generate ephemeral key pair.
-SSH_MSG_KEX_ECDH_INIT          -------->
-                                            Verify that client public key
+SSH_MSG_KEX_ECDH_INIT          -------->                      
+                                            Verify that client public key 
                                            length is 32 bytes.
                                             Generate ephemeral key pair.
                                                   Compute shared secret.
@@ -55,7 +55,7 @@ Compute shared secret.
 Generate exchange hash.
 Verify server's signature.

-*   Optional but strongly recommended as this protects against MITM attacks.
+*   Optional but strongly recommanded as this protects against MITM attacks.

 This is implemented using the same messages as described in RFC5656 chapter 4

@@ -109,7 +109,7 @@ This number is calculated using the following procedure:
     side's public key and the local private key scalar.

     The whole 32 bytes of the number X are then converted into a big integer k.
-     This conversion follows the network byte order. This step differs from
+     This conversion follows the network byte order. This step differs from 
     RFC5656.

 [RFC5656]    https://tools.ietf.org/html/rfc5656
--- a/doc/doc_coverage.sh
+++ b/doc/doc_coverage.sh
@@ -1,52 +0,0 @@
-#!/bin/bash
-################################################################################
-# .doc_coverage.sh                                                             #
-# Script to detect overall documentation coverage of libssh. The script uses   #
-# doxygen to generate the documentation then parses it's output.               #
-#                                                                              #
-# maintainer: Norbert Pocs <npocs@redhat.com>                                  #
-################################################################################
-BUILD_DIR="$1"
-DOXYFILE_PATH="$BUILD_DIR/doc/Doxyfile.docs"
-INDEX_XML_PATH="$BUILD_DIR/doc/xml/index.xml"
-# filters
-F_EXCLUDE_FILES=' wrapper.h legacy.h crypto.h priv.h chacha.h curve25519.h '
-F_UNDOC_FUNC='(function).*is not documented'
-F_FUNC='kind="function"'
-F_HEADERS='libssh_8h_|group__libssh__'
-F_CUT_BEFORE='.*<name>'
-F_CUT_AFTER='<\/name><\/member>'
-# Doxygen options
-O_QUIET='QUIET=YES'
-O_GEN_XML='GENERATE_XML=YES'
-
-# check if build dir given
-if [ $# -eq 0 ]; then
-  echo "Please provide the build directory e.g.: ./build"
-  exit 255
-fi
-
-# modify doxyfile to our needs:
-# QUIET - less output
-# GENERATE_XML - xml needed to inspect all the functions
-# (note: the options are needed to be on separate lines)
-# We want to exclude irrelevant files
-MOD_DOXYFILE=$(cat "$DOXYFILE_PATH"; echo "$O_QUIET"; echo "$O_GEN_XML")
-MOD_DOXYFILE=${MOD_DOXYFILE//EXCLUDE_PATTERNS.*=/EXCLUDE_PATTERNS=$F_EXCLUDE_FILES/g}
-
-# call doxygen to get the warning messages
-# and also generate the xml for inspection
-DOXY_WARNINGS=$(echo "$MOD_DOXYFILE" | doxygen - 2>&1)
-
-# get the number of undocumented functions
-UNDOC_FUNC=$(echo "$DOXY_WARNINGS" | grep -cE "$F_UNDOC_FUNC")
-
-# filter out the lines consisting of functions of our interest
-FUNC_LINES=$(grep "$F_FUNC" "$INDEX_XML_PATH" | grep -E "$F_HEADERS")
-# cut the irrelevant information and leave just the function names
-ALL_FUNC=$(echo "$FUNC_LINES" | sed -e "s/$F_CUT_BEFORE//g" -e "s/$F_CUT_AFTER//")
-# remove duplicates and get the number of functions
-ALL_FUNC=$(echo "$ALL_FUNC" | sort - | uniq | wc -l)
-
-# percentage of the documented functions
-awk "BEGIN {printf \"Documentation coverage is %.2f%\n\", 100 - (${UNDOC_FUNC}/${ALL_FUNC}*100)}"
--- a/doc/doxygen-custom.css
+++ b/doc/doxygen-custom.css
@@ -1,127 +0,0 @@
-/**
- * Custom color scheme for libssh documentation
- * Based on libssh.org color palette
- */
-
-html {
-    /* Primary colors - using libssh.org orange accent */
-    --primary-color: #F78C40;
-    --primary-dark-color: #f57900;
-    --primary-light-color: #fab889;
-
-    /* Accent color - neutral gray */
-    --primary-lighter-color: #5A5A5A;
-
-    /* Page colors - clean white background */
-    --page-background-color: #ffffff;
-    --page-foreground-color: #333333;
-    --page-secondary-foreground-color: #666666;
-
-    /* Links - use the warm orange color */
-    --link-color: #F78C40;
-    --link-hover-color: #f0690a;
-
-    /* Code blocks and fragments - very light background */
-    --code-background: #f9f9f9;
-    --fragment-background: #f9f9f9;
-
-    /* Borders - subtle light grey */
-    --separator-color: #e0e0e0;
-    --border-light-color: #f0f0f0;
-
-    /* Side navigation - pure white */
-    --side-nav-background: #ffffff;
-
-    /* Menu colors - warm orange accent */
-    --menu-selected-background: #F78C40;
-
-    /* Tables and boxes - lighter */
-    --tablehead-background: #fbc7a2;
-    --tablehead-foreground: #333333;
-}
-
-/* Header styling with libssh brand colors */
-#titlearea {
-    background-color: #5A5A5A;
-    background-image: linear-gradient(to right, #5A5A5A, #6a6a6a);
-    border-bottom: 3px solid #F78C40;
-}
-
-#projectname {
-    color: #ffffff !important;
-}
-
-#projectbrief {
-    color: #fab889 !important;
-}
-
-/* Top navigation tabs */
-#top {
-    background: linear-gradient(to bottom, #5A5A5A 0%, #6a6a6a 100%);
-}
-
-.tabs, .tabs2, .tabs3 {
-    background-image: none;
-    background-color: transparent;
-}
-
-.tablist li {
-    background: rgba(255, 255, 255, 0.1);
-    border-right: 1px solid rgba(255, 255, 255, 0.2);
-}
-
-.tablist li:hover {
-    background: rgba(255, 255, 255, 0.2);
-}
-
-.tablist li.current {
-    background: #F78C40;
-    border-bottom: 3px solid #f57900;
-}
-
-/* Tab text colors - comprehensive selectors */
-#nav-path ul li a,
-.tabs a,
-.tabs2 a,
-.tabs3 a,
-.tablist a,
-.tablist a:link,
-.tablist a:visited,
-.tablist li a,
-#main-nav a,
-.sm > li > a,
-.sm > li > a .sub-arrow {
-    color: #ffffff !important;
-    text-shadow: 0px 1px 2px rgba(0, 0, 0, 0.3);
-}
-
-/* Active/current tab text */
-#nav-path ul li.current a,
-.tabs .current a,
-.tabs2 .current a,
-.tabs3 .current a,
-.tablist .current a,
-.tablist .current a:link,
-.tablist .current a:visited,
-.tablist li.current a,
-#main-nav .current a,
-.sm .current a {
-    color: #333333 !important;
-    text-shadow: none;
-}
-
-/* Dropdown arrow - white color for top menu */
-.sm-dox a span.sub-arrow {
-    border-right-color: #ffffff !important;
-    border-bottom-color: #ffffff !important;
-}
-
-/* Dropdown menu text - must be dark on white background */
-/* Make this as specific as possible to override white color */
-.sm-dox > li > ul > li > a,
-.sm-dox li ul li a,
-.sm-dox ul li a,
-#main-menu ul li a {
-    color: #333333 !important;
-    text-shadow: none !important;
-}
--- a/doc/favicon.png
+++ b/doc/favicon.png
--- a/doc/fetch_doxygen_awesome.cmake
+++ b/doc/fetch_doxygen_awesome.cmake
@@ -1,41 +0,0 @@
-# Script to download doxygen-awesome-css at build time
-#
-# Usage:
-#   cmake -P fetch_doxygen_awesome.cmake \
-#         -DURL=<download_url> \
-#         -DDEST_DIR=<destination_directory> \
-#         -DVERSION=<version>
-
-if(NOT DEFINED URL)
-    message(FATAL_ERROR "URL not specified")
-endif()
-if(NOT DEFINED DEST_DIR)
-    message(FATAL_ERROR "DEST_DIR not specified")
-endif()
-if(NOT DEFINED VERSION)
-    message(FATAL_ERROR "VERSION not specified")
-endif()
-
-set(EXTRACT_DIR "${DEST_DIR}/doxygen-awesome-css-${VERSION}")
-
-if(NOT EXISTS "${EXTRACT_DIR}/doxygen-awesome.css")
-    message(STATUS "Downloading doxygen-awesome-css ${VERSION}...")
-    set(TARBALL "${DEST_DIR}/doxygen-awesome-css.tar.gz")
-    file(DOWNLOAD
-        "${URL}"
-        "${TARBALL}"
-        STATUS download_status
-        SHOW_PROGRESS
-    )
-    list(GET download_status 0 status_code)
-    if(NOT status_code EQUAL 0)
-        list(GET download_status 1 error_msg)
-        message(FATAL_ERROR "Download failed: ${error_msg}")
-    endif()
-    message(STATUS "Extracting doxygen-awesome-css...")
-    file(ARCHIVE_EXTRACT
-        INPUT "${TARBALL}"
-        DESTINATION "${DEST_DIR}"
-    )
-    file(REMOVE "${TARBALL}")
-endif()
--- a/doc/fido2.dox
+++ b/doc/fido2.dox
@@ -1,601 +0,0 @@
-/**
-
-@page libssh_tutor_fido2 Chapter 11: FIDO2/U2F Keys Support
-
-@section fido2_intro Introduction
-
-The traditional SSH public key model stores the private key on disk
-and anyone who obtains that file (and possibly its passphrase) can impersonate
-the user. FIDO2 authenticators, such as USB security keys, are hardware tokens
-that generate or securely store private key material within a secure element
-and may require explicit user interaction such as a touch, PIN, or biometric
-verification for use. Hence, security keys are far safer from theft or
-exfiltration than traditional file-based SSH keys. libssh provides support
-for FIDO2/U2F security keys as hardware-backed SSH authentication credentials.
-
-This chapter explains the concepts, build prerequisites, the API, and
-usage patterns for enrolling (creating) and using security key-backed SSH
-keys, including resident (discoverable) credentials.
-
-@subsection fido2_resident_keys Resident Keys
-
-Two credential storage modes exist for security keys:
-
- - Non-resident (default): A credential ID (key handle) and metadata are
-	 stored on the client-side in a key file. This key handle must be
-	 presented to the FIDO2/U2F device while signing. This is somewhat
-	 similar to traditional SSH keys, except that the key handle is not the
-	 private key itself, but used in combination with the device's master key
-	 to derive the actual private key.
-
- - Resident (discoverable): The credential (and metadata like user id) is
-	 stored on the device. No local file is needed; the device can enumerate or
-	 locate the credential internally when queried.
-
-Advantages of resident keys include portability (using the same device
-across hosts) and resilience (no loss if the local machine is destroyed).
-Although, they may be limited by the storage of the authenticator.
-
-@subsection fido2_presence_verification User Presence vs. User Verification
-
-FIDO2 distinguishes between:
-
- - User Presence (UP): A simple physical interaction (touch) to confirm a
-	 human is present.
-
- - User Verification (UV): Verification of the user’s identity through
-     biometric authentication or a PIN.
-
-Requiring UV provides additional protection if the device is stolen
-and used without the PIN/biometric.
-
-libssh exposes flags controlling these requirements (see below).
-
-@subsection fido2_callbacks The Callback Abstraction
-
-Different environments may need to access security keys through different
-transport layers (e.g., USB-HID, NFC, Bluetooth, etc.). To accommodate
-this variability, libssh does not hard-code a single implementation.
-
-Instead, it defines a small callback interface (`ssh_sk_callbacks`) used for all
-security key operations. Any implementation of this callback interface can be used
-by higher-level PKI functions to perform enroll/sign/load_resident_keys
-operations without needing to know the transport specifics. Hence, users can
-define their own implementations for these callbacks to support different
-transport protocols or custom hardware. Refer @ref fido2_custom_callbacks
-for additional details.
-
-The callback interface is defined in `libssh/callbacks.h` and the behaviour
-and return values are specified by `libssh/sk_api.h`, which is the same
-interface defined by OpenSSH for its security key support. This means that
-any callback implementations (also called "middleware" in OpenSSH terminology)
-developed for OpenSSH can be adapted to libssh with minimal changes.
-
-The following operations are abstracted by the callback interface:
-
- - api_version(): Report the version of the SK API that the callback implementation
-   is based on, so that libssh can check whether this implementation would be
-   compatible with the SK API version that it supports.
-   Refer @ref fido2_custom_callbacks_version for additional details.
- - enroll(): Create (enroll) a new credential, returning public key, key
-	 handle, attestation data.
- - sign(): Produce a signature for supplied inputs using an existing key
-	 handle.
- - load_resident_keys(): Enumerate resident (discoverable) credentials stored
-	 on the authenticator.
-
-libssh provides a default implementation of the `ssh_sk_callbacks` using
-the libfido2 library for the USB-HID transport protocol. Hence, by default,
-libssh can interact with any FIDO2/U2F device that supports USB-HID and is
-compatible with libfido2, without requiring any additional modifications.
-
-@subsection fido2_build Building with FIDO2 Support
-
-To enable FIDO2/U2F support, libssh must be built with the WITH_FIDO2
-build option as follows:
-
-@verbatim
-	cmake -DWITH_FIDO2=ON <other options> ..
-@endverbatim
-
-libssh will also build the default USB-HID `ssh_sk_callbacks`, if the
-libfido2 library and headers are installed on your system.
-
-@warning If built without libfido2, support for interacting with FIDO2/U2F
-devices over USB-HID will not be available.
-
-@subsection fido2_api_overview API Overview
-
-Security key operations are configured through the `ssh_pki_ctx`
-which allows to specify both general PKI options and FIDO2-specific
-options such as the sk_callbacks, challenge data, application string, flags, etc.
-
-The following sections describe the options that can be configured and how
-the `ssh_pki_ctx` is used in conjunction with `ssh_key` to perform
-enrollment, signing, and resident key loading operations.
-
-@subsection fido2_key_objects Security Key Objects & Metadata
-
-Security keys are surfaced as `ssh_key` objects of type
-`SSH_KEYTYPE_SK_ECDSA` and `SSH_KEYTYPE_SK_ED25519` (corresponding to the
-OpenSSH public key algorithm names `sk-ecdsa-sha2-nistp256@openssh.com` and
-`sk-ssh-ed25519@openssh.com`). In addition to standard key handling, libssh
-exposes the following helper functions to retrieve embedded SK metadata:
-
- - ssh_key_get_sk_application(): Returns the relying party / application
-	 (RP ID) string. The Relying Party ID (RP ID) is a string
-	 that identifies the application or service requesting key enrollment. It
-	 ensures that a credential is bound to a specific origin, preventing
-	 phishing across sites. During registration, the authenticator associates
-	 the credential with this RP ID so that it can later only be used for
-	 authentication requests from the same relying party. For SSH keys, the
-	 common format is "ssh:user@host".
-
- - ssh_key_get_sk_user_id(): Returns a copy of the user ID associated with a key
-	 which represents a unique identifier for the user within the relying
-	 party (application) context. It is typically a string (such as an
-	 email, or a random identifier) that helps distinguish credentials
-	 belonging to different users for the same application.
-
-   Though the user ID can be binary data according to the FIDO2 spec, libssh only
-   supports NUL-terminated strings for enrolling new keys in order to remain compatible
-   with the OpenSSH's sk-api interface.
-
-   However, libssh does support loading existing resident keys with user IDs containing
-   arbitrary binary data. It does so by using an `ssh_string` to store the loaded key's
-   user_id, and an `ssh_string` can contain arbitrary binary data that can not be stored
-   in a traditional NUL-terminated string (like null bytes).
-
-   @note The user_id is NOT stored in the key file for non-resident keys. It is only
-   available for resident (discoverable) keys loaded from the authenticator via
-   ssh_sk_resident_keys_load(). For keys imported from files, this function returns
-   NULL.
-
- - ssh_key_get_sk_flags(): Returns the flags associated with the key. The
-	 following are the supported flags and they can be combined using
-	 bitwise OR:
-     - SSH_SK_USER_PRESENCE_REQD : Require user presence (touch).
-     - SSH_SK_USER_VERIFICATION_REQD : Require user verification
-	   (PIN/biometric).
-     - SSH_SK_RESIDENT_KEY : Request a resident discoverable credential.
-     - SSH_SK_FORCE_OPERATION : Force resident (discoverable) credential
-	   creation even if one with same application and user_id already
-	   exists.
-
-These functions perform no additional communication with the
-authenticator, this metadata is captured during enrollment/loading and
-cached in the `ssh_key`.
-
-@subsection fido2_options Setting Security Key Context Options
-
-Options are set via ssh_pki_ctx_options_set().
-
-Representative security key options:
- - SSH_PKI_OPTION_SK_APPLICATION (const char *): Required relying party ID
-   If not set, a default value of "ssh:" is used.
- - SSH_PKI_OPTION_SK_FLAGS (uint8_t *): Flags described above. If not set,
-   defaults to SSH_SK_USER_PRESENCE_REQD. This is because OpenSSH `sshd`
-   requires user presence for security key authentication by default.
- - SSH_PKI_OPTION_SK_USER_ID (const char *): Represents a unique identifier
-   for the user within the relying party (application) context.
-   It is typically a string (such as an email, or a random identifier) that
-   helps distinguish credentials belonging to different users for the same
-   application. If not set, defaults to 64 zeros.
- - SSH_PKI_OPTION_SK_CHALLENGE (ssh_buffer): Custom challenge; if omitted a
-   random 32-byte challenge is generated.
- - SSH_PKI_OPTION_SK_CALLBACKS (ssh_sk_callbacks): Replace the default
-   callbacks with custom callbacks.
-
-PIN callback: Use ssh_pki_ctx_set_sk_pin_callback() to register a function
-matching `ssh_auth_callback` to prompt for and supply a PIN. The callback may
-be called multiple times to ask for the pin depending on the authenticator policy.
-
-Callback options: Callback implementations may accept additional configuration
-name/value options such as the path to the fido device. These options can be provided via
-`ssh_pki_ctx_sk_callbacks_option_set()`. Refer @ref fido2_custom_callbacks_options
-for additional details.
-
-The built-in callback implementation provided by libssh supports additional options,
-with their names defined in `libssh.h` prefixed with `SSH_SK_OPTION_NAME_*`, such as:
-
-SSH_SK_OPTION_NAME_DEVICE_PATH: Used for specifying a device path.
-If the device path is not specified and multiple devices are connected, then
-depending upon the operation and the flags set, the callback implementation may
-automatically select a suitable device, or the user may be prompted to touch the
-device they want to use.
-
-SSH_SK_OPTION_NAME_USER_ID: Used for setting the user ID.
-Note that the user ID can also be set using the ssh_pki_ctx_options_set() API.
-
-@subsection fido2_enrollment Enrollment Example
-
-An enrollment operation creates a new credential on the authenticator and
-returns an ssh_key object representing it. The application and user_id
-fields are required for creating the credential. The other options are
-optional. A successful enrollment returns the public key, key handle, and
-metadata which are stored in the ssh_key object, and may optionally return
-attestation data which is used for verifying the authenticator model and
-firmware version.
-
-Below is a simple example enrolling an Ed25519 security key (non-resident)
-requiring user presence only:
-
-@code
-#include <libssh/libssh.h>
-#include <string.h>
-
-static int pin_cb(const char *prompt,
-                  char *buf,
-                  size_t len,
-                  int echo,
-                  int verify,
-                  void *userdata)
-{
-    (void)prompt;
-    (void)echo;
-    (void)verify;
-    (void)userdata;
-
-    /* In a real application, the user would be prompted to enter the PIN */
-    const char *pin = "4242";
-    size_t l = strlen(pin);
-    if (l + 1 > len) {
-        return SSH_ERROR;
-    }
-
-    memcpy(buf, pin, l + 1);
-    return SSH_OK;
-}
-
-int enroll_sk_key()
-{
-    const char *app = "ssh:user@host";
-    const char *user_id = "alice";
-    uint8_t flags = SSH_SK_USER_PRESENCE_REQD | SSH_SK_USER_VERIFICATION_REQD;
-    const char *device_path = "/dev/hidraw6"; /* Optional device path */
-
-    ssh_pki_ctx pki_ctx = ssh_pki_ctx_new();
-    ssh_pki_ctx_options_set(pki_ctx, SSH_PKI_OPTION_SK_APPLICATION, app);
-    ssh_pki_ctx_options_set(pki_ctx, SSH_PKI_OPTION_SK_USER_ID, user_id);
-    ssh_pki_ctx_options_set(pki_ctx, SSH_PKI_OPTION_SK_FLAGS, &flags);
-
-    ssh_pki_ctx_set_sk_pin_callback(pki_ctx, pin_cb, NULL);
-
-    ssh_pki_ctx_sk_callbacks_option_set(pki_ctx,
-                                        SSH_SK_OPTION_NAME_DEVICE_PATH,
-                                        device_path,
-                                        true);
-
-    ssh_key enrolled = NULL;
-    int rc = ssh_pki_generate_key(SSH_KEYTYPE_SK_ED25519,
-                                  pki_ctx,
-                                  &enrolled); /* produces sk-ed25519 key */
-
-    /* Save enrolled key using ssh_pki_export_privkey_file, retrieve attestation
-     * buffer etc. */
-
-    /* Free context and key when done */
-}
-@endcode
-
-After a successful enrollment, you can retrieve the attestation buffer
-(if provided by the authenticator) from the PKI context:
-
-@code
-ssh_buffer att_buf = NULL;
-rc = ssh_pki_ctx_get_sk_attestation_buffer(pki_ctx, &att_buf);
-if (rc == SSH_OK && att_buf != NULL) {
-    /* att_buf now contains the serialized attestation
-     * ("ssh-sk-attest-v01"). You can inspect, save, or
-     * parse the buffer as needed
-     */
-    ssh_buffer_free(att_buf);
-}
-@endcode
-
-Notes:
- The attestation buffer is only populated if the enrollment operation
-  succeeds and the authenticator provides attestation data.
- `ssh_pki_ctx_get_sk_attestation_buffer()` returns a copy of the attestation
-  buffer; the caller must free it with `ssh_buffer_free()`.
-
-@subsection fido2_signing Authenticating with a Stored Security Key Public Key
-
-To authenticate using a security key, the application typically loads the
-previously enrolled sk-* private key, establishes an SSH connection, and
-calls `ssh_userauth_publickey()`. libssh automatically recognizes security
-key types and transparently handles the required hardware-backed
-authentication steps such as prompting for a touch or PIN using the
-configured security key callbacks.
-
-Example:
-@code
-#include <libssh/libssh.h>
-#include <stdio.h>
-
-int auth_with_sk_file(const char *host,
-                      const char *user,
-                      const char *privkey_path)
-{
-    ssh_session session = NULL;
-    ssh_key privkey = NULL;
-    int rc = SSH_ERROR;
-
-    session = ssh_new();
-    ssh_options_set(session, SSH_OPTIONS_HOST, host);
-    ssh_options_set(session, SSH_OPTIONS_USER, user);
-    ssh_connect(session);
-
-    ssh_pki_import_privkey_file(privkey_path, NULL, NULL, NULL, &privkey);
-
-    ssh_pki_ctx pki_ctx = ssh_pki_ctx_new();
-    /* Optionally set PIN callback, device path, etc. */
-    /* ssh_pki_ctx_set_sk_pin_callback(pki_ctx, pin_cb, NULL); */
-
-    ssh_options_set(session, SSH_OPTIONS_PKI_CONTEXT, pki_ctx);
-
-    rc = ssh_userauth_publickey(session, user, privkey);
-    if (rc == SSH_AUTH_SUCCESS) {
-        printf("Authenticated with security key.\n");
-        rc = SSH_OK;
-    } else {
-        fprintf(stderr,
-                "Authentication failed rc=%d err=%s\n",
-                rc,
-                ssh_get_error(session));
-        rc = SSH_ERROR;
-    }
-
-    /* Free resources */
-}
-@endcode
-
-@subsection fido2_resident Resident Key Enumeration
-
-Resident keys stored on the device can be discovered and loaded with
-ssh_sk_resident_keys_load() which takes a PKI context (configured with
-a PIN callback) and returns each key as an ssh_key and the number of keys loaded.
-
-Example:
-
-@code
-#include <libssh/libssh.h>
-#include <stdio.h>
-#include <string.h>
-
-static int pin_cb(const char *prompt,
-                  char *buf,
-                  size_t len,
-                  int echo,
-                  int verify,
-                  void *userdata)
-{
-    (void)prompt;
-    (void)echo;
-    (void)verify;
-    (void)userdata;
-    const char *pin = "4242";
-    size_t l = strlen(pin);
-
-    if (l + 1 > len) {
-        return SSH_ERROR;
-    }
-
-    memcpy(buf, pin, l + 1);
-    return SSH_OK;
-}
-
-int auth_with_resident(const char *host,
-                       const char *user,
-                       const char *application,
-                       const char *user_id)
-{
-    ssh_pki_ctx pki_ctx = NULL;
-    size_t num_found = 0;
-    ssh_key *keys = NULL;
-    ssh_key final_key = NULL;
-    int rc = SSH_ERROR;
-
-    ssh_string cur_application = NULL;
-    ssh_string cur_user_id = NULL;
-    ssh_string expected_application = NULL;
-    ssh_string expected_user_id = NULL;
-
-    pki_ctx = ssh_pki_ctx_new();
-    ssh_pki_ctx_set_sk_pin_callback(pki_ctx, pin_cb, NULL);
-
-    expected_application = ssh_string_from_char(application);
-    expected_user_id = ssh_string_from_char(user_id);
-
-    rc = ssh_sk_resident_keys_load(pki_ctx, &keys, &num_found);
-    for (size_t i = 0; i < num_found; i++) {
-        cur_application = ssh_key_get_sk_application(keys[i]);
-        cur_user_id = ssh_key_get_sk_user_id(keys[i]);
-
-        if (ssh_string_cmp(cur_application, expected_application) == 0 &&
-            ssh_string_cmp(cur_user_id, expected_user_id) == 0) {
-            SSH_STRING_FREE(cur_application);
-            SSH_STRING_FREE(cur_user_id);
-            final_key = keys[i];
-            break;
-        }
-
-        SSH_STRING_FREE(cur_application);
-        SSH_STRING_FREE(cur_user_id);
-    }
-
-    SSH_STRING_FREE(expected_application);
-    SSH_STRING_FREE(expected_user_id);
-
-    /* Continue with authentication using the ssh_key with
-     * ssh_userauth_publickey as usual, and free resources when done. */
-}
-@endcode
-
-@subsection fido2_sshsig Signing using the sshsig API
-
-Security keys can also be used for general-purpose signing of arbitrary data
-(without SSH authentication) using the existing `sshsig_sign()` and `sshsig_verify()`
-functions. These functions work seamlessly with security key types
-(`SSH_KEYTYPE_SK_ECDSA` and `SSH_KEYTYPE_SK_ED25519`) and will automatically
-invoke the configured security key callbacks to perform hardware-backed signing
-operations.
-
-@subsection fido2_custom_callbacks Implementing Custom Callback Implementations
-
-Users may need to implement custom callback implementations to support
-different transport protocols (e.g., NFC, Bluetooth) beyond the default USB-HID
-support. This section describes how to implement and integrate custom callback
-implementations.
-
-To implement custom callbacks, you must include the following headers:
-
-@code
-#include <libssh/callbacks.h>  /* For ssh_sk_callbacks_struct */
-#include <libssh/sk_api.h>     /* For SK API constants and data structures */
-@endcode
-
-The `libssh/sk_api.h` header provides the complete interface specification including
-request/response structures, flags, and version macros.
-
-@subsubsection fido2_custom_callbacks_version API Version Compatibility
-
-libssh validates callback implementations by checking the API version returned by
-the `api_version()` callback. To ensure compatibility, libssh compares the major
-version (upper 16 bits) of the returned value with `LIBSSH_SK_API_VERSION_MAJOR`.
-If they don't match, libssh will reject the callback implementation.
-This ensures that the callbacks' SK API matches the major version expected by libssh,
-while allowing minor version differences.
-
-@subsubsection fido2_custom_callbacks_implementation Implementation Example
-
-Here's a minimal example of defining and using custom callbacks:
-
-@code
-#include <libssh/libssh.h>
-#include <libssh/callbacks.h>
-#include <libssh/sk_api.h>
-
-/* Your custom API version callback */
-static uint32_t my_sk_api_version(void)
-{
-    /* Match the major version, set your own minor version */
-    return SSH_SK_VERSION_MAJOR | 0x0001;
-}
-
-/* Your custom enroll callback */
-static int my_sk_enroll(uint32_t alg,
-                        const uint8_t *challenge,
-                        size_t challenge_len,
-                        const char *application,
-                        uint8_t flags,
-                        const char *pin,
-                        struct sk_option **options,
-                        struct sk_enroll_response **enroll_response)
-{
-    /* Parse options array to extract custom parameters */
-    if (options != NULL) {
-        for (size_t i = 0; options[i] != NULL; i++) {
-            if (strcmp(options[i]->name, "my_custom_option") == 0) {
-                /* Use options[i]->value */
-            }
-        }
-    }
-
-    /* Implement your enroll logic here */
-    /* ... */
-
-    return SSH_SK_ERR_GENERAL; /* Return appropriate error code */
-}
-
-/* Implement other required callbacks: sign, load_resident_keys */
-/* ... */
-
-/* Define your callback structure */
-static struct ssh_sk_callbacks_struct my_sk_callbacks = {
-    .size = sizeof(struct ssh_sk_callbacks_struct),
-    .api_version = my_sk_api_version,
-    .enroll = my_sk_enroll,
-    .sign = my_sk_sign,              /* Your implementation */
-    .load_resident_keys = my_sk_load_resident_keys,  /* Your implementation */
-};
-
-/* Usage example */
-void use_custom_callbacks(void)
-{
-    ssh_pki_ctx pki_ctx = ssh_pki_ctx_new();
-
-    /* Set your custom callbacks */
-    ssh_pki_ctx_options_set(pki_ctx,
-                            SSH_PKI_OPTION_SK_CALLBACKS,
-                            &my_sk_callbacks);
-
-    /* Pass custom options to your callbacks */
-    ssh_pki_ctx_sk_callbacks_option_set(pki_ctx,
-                                        "my_custom_option",
-                                        "my_custom_value",
-                                        false);
-
-    /* Use the context for enrollment, signing, etc. */
-}
-@endcode
-
-@subsubsection fido2_custom_callbacks_options Passing Custom Options
-
-The `ssh_pki_ctx_sk_callbacks_option_set()` function allows you to pass
-implementation-specific options as name/value string pairs:
-
-@code
-ssh_pki_ctx_sk_callbacks_option_set(pki_ctx,
-                                    "option_name",
-                                    "option_value",
-                                    required);
-@endcode
-
-Parameters:
- `option_name`: The name of the option (e.g., "device_path", "my_custom_param")
- `option_value`: The string value for this option
- `required`: If true, this option must be processed by the callback implementation
-  and cannot be ignored. If false, the option is advisory and can be skipped if the
-  callback implementation does not support it.
-
-These options are passed to your callbacks in the `struct sk_option **options`
-parameter as a NULL-terminated array. Each `sk_option` has the following fields:
- `name`: The option name (char *)
- `value`: The option value (char *)
- `required`: Whether the option must be processed (uint8_t, non-zero = required)
-
-@subsubsection fido2_custom_callbacks_openssh OpenSSH Middleware Compatibility
-
-Since libssh uses the same SK API as OpenSSH, middleware implementations developed
-for OpenSSH can be adapted with minimal changes.
-To adapt an OpenSSH middleware for libssh, create a wrapper that populates
-`ssh_sk_callbacks_struct` with pointers to the middleware's functions.
-
-@subsection fido2_testing Testing and Environment Variables
-
-Unit tests covering USB-HID enroll/sign/load_resident_keys operations can be found
-in the `tests/unittests/torture_sk_usbhid.c` file. To run these tests you
-must have libfido2 installed and the WITH_FIDO2=ON build option set.
-Additionally, you must ensure the following:
-
- - An actual FIDO2 device must be connected to the test machine.
- - The TORTURE_SK_USBHID environment variable must be set.
- - The environment variable TORTURE_SK_PIN=<device PIN> must be set.
-
-If these are not set, the tests are skipped.
-
-The higher level PKI integration tests can be found in
-`tests/unittests/torture_pki_sk.c` and the tests related to the sshsig API
-can be found in `tests/unittests/torture_pki_sshsig.c`.
-These use the callback implementation provided by OpenSSH's sk-dummy.so,
-which simulates an authenticator without requiring any hardware. Hence, these tests
-can be run in the CI environment.
-However, these tests can also be configured to use the default USB-HID callbacks
-by setting the same environment variables as described above.
-
-The following devices were tested during development:
-
- Yubico Security Key NFC - USB-A
-
-*/
--- a/doc/forwarding.dox
+++ b/doc/forwarding.dox
@@ -100,8 +100,8 @@ used to retrieve google's home page from the remote SSH server.
@code
 int direct_forwarding(ssh_session session)
 {
-  ssh_channel forwarding_channel = NULL;
-  int rc = SSH_ERROR;
+  ssh_channel forwarding_channel;
+  int rc;
  char *http_get = "GET / HTTP/1.1\nHost: www.google.com\n\n";
  int nbytes, nwritten;

@@ -161,12 +161,10 @@ local libssh application, which handles them:
 int web_server(ssh_session session)
 {
  int rc;
-  ssh_channel channel = NULL;
+  ssh_channel channel;
  char buffer[256];
  int nbytes, nwritten;
  int port = 0;
-  char *peer_address = NULL;
-  int peer_port = 0;
  char *helloworld = ""
 "HTTP/1.1 200 OK\n"
 "Content-Type: text/html\n"
@@ -189,8 +187,7 @@ int web_server(ssh_session session)
    return rc;
  }

-  channel = ssh_channel_open_forward_port(session, 60000, &port,
-                                        &peer_address, &peer_port);
+  channel = ssh_channel_accept_forward(session, 60000, &port);
  if (channel == NULL)
  {
    fprintf(stderr, "Error waiting for incoming connection: %s\n",
@@ -207,7 +204,6 @@ int web_server(ssh_session session)
              ssh_get_error(session));
      ssh_channel_send_eof(channel);
      ssh_channel_free(channel);
-      ssh_string_free_char(peer_address);
      return SSH_ERROR;
    }
    if (strncmp(buffer, "GET /", 5)) continue;
@@ -220,15 +216,13 @@ int web_server(ssh_session session)
              ssh_get_error(session));
      ssh_channel_send_eof(channel);
      ssh_channel_free(channel);
-      ssh_string_free_char(peer_address);
      return SSH_ERROR;
    }
-    printf("Sent answer to %s:%d\n", peer_address, peer_port);
+    printf("Sent answer\n");
  }

  ssh_channel_send_eof(channel);
  ssh_channel_free(channel);
-  ssh_string_free_char(peer_address);
  return SSH_OK;
 }
@endcode
--- a/doc/guided_tour.dox
+++ b/doc/guided_tour.dox
@@ -5,7 +5,7 @@
 A SSH session goes through the following steps:

 - Before connecting to the server, you can set up if you wish one or other
-   server public key authentication, i.e. RSA, ED25519 or ECDSA. You can choose
+   server public key authentication, i.e. DSA or RSA. You can choose
   cryptographic algorithms you trust and compression algorithms if any. You
   must of course set up the hostname.

@@ -15,7 +15,7 @@ A SSH session goes through the following steps:
   file.

 - The client must authenticate: the classical ways are password, or
-   public keys (from ecdsa, ed25519 and rsa key-pairs generated by openssh).
+   public keys (from dsa and rsa key-pairs generated by openssh).
   If a SSH agent is running, it is possible to use it.

 - Now that the user has been authenticated, you must open one or several
@@ -79,7 +79,7 @@ Here is a small example of how to use it:

 int main()
 {
-  ssh_session my_ssh_session = NULL;
+  ssh_session my_ssh_session;
  int verbosity = SSH_LOG_PROTOCOL;
  int port = 22;

@@ -126,7 +126,7 @@ Here's an example:

 int main()
 {
-  ssh_session my_ssh_session = NULL;
+  ssh_session my_ssh_session;
  int rc;

  my_ssh_session = ssh_new();
@@ -190,8 +190,8 @@ int verify_knownhost(ssh_session session)
    ssh_key srv_pubkey = NULL;
    size_t hlen;
    char buf[10];
-    char *hexa = NULL;
-    char *p = NULL;
+    char *hexa;
+    char *p;
    int cmp;
    int rc;

@@ -317,9 +317,9 @@ The example below shows an authentication with password:

 int main()
 {
-  ssh_session my_ssh_session = NULL;
+  ssh_session my_ssh_session;
  int rc;
-  char *password = NULL;
+  char *password;

  // Open session and set options
  my_ssh_session = ssh_new();
@@ -380,7 +380,7 @@ The example below shows how to execute a remote command:
@code
 int show_remote_processes(ssh_session session)
 {
-  ssh_channel channel = NULL;
+  ssh_channel channel;
  int rc;
  char buffer[256];
  int nbytes;
--- a/doc/header.html
+++ b/doc/header.html
@@ -1,92 +0,0 @@
-<!-- HTML header for doxygen 1.14.0-->
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" lang="$langISO">
-<head>
-<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
-<meta http-equiv="X-UA-Compatible" content="IE=11"/>
-<meta name="generator" content="Doxygen $doxygenversion"/>
-<meta name="viewport" content="width=device-width, initial-scale=1"/>
-<!--BEGIN PROJECT_NAME--><title>$projectname: $title</title><!--END PROJECT_NAME-->
-<!--BEGIN !PROJECT_NAME--><title>$title</title><!--END !PROJECT_NAME-->
-<!--BEGIN PROJECT_ICON-->
-<link rel="icon" href="$relpath^$projecticon" type="image/x-icon" />
-<!--END PROJECT_ICON-->
-<link href="$relpath^tabs.css" rel="stylesheet" type="text/css"/>
-<!--BEGIN FULL_SIDEBAR-->
-<script type="text/javascript">var page_layout=1;</script>
-<!--END FULL_SIDEBAR-->
-<script type="text/javascript" src="$relpath^jquery.js"></script>
-<script type="text/javascript" src="$relpath^dynsections.js"></script>
-<!--BEGIN COPY_CLIPBOARD-->
-<script type="text/javascript" src="$relpath^clipboard.js"></script>
-<!--END COPY_CLIPBOARD-->
-$treeview
-$search
-$mathjax
-$darkmode
-<link href="$relpath^$stylesheet" rel="stylesheet" type="text/css" />
-$extrastylesheet
-<script type="text/javascript" src="$relpath^doxygen-awesome-darkmode-toggle.js"></script>
-<script type="text/javascript">
-DoxygenAwesomeDarkModeToggle.init()
-</script>
-<script type="text/javascript" src="$relpath^doxygen-awesome-fragment-copy-button.js"></script>
-<script type="text/javascript">
-DoxygenAwesomeFragmentCopyButton.init()
-</script>
-<script type="text/javascript" src="$relpath^doxygen-awesome-paragraph-link.js"></script>
-<script type="text/javascript">
-DoxygenAwesomeParagraphLink.init()
-</script>
-<script type="text/javascript" src="$relpath^doxygen-awesome-interactive-toc.js"></script>
-<script type="text/javascript">
-DoxygenAwesomeInteractiveToc.init()
-</script>
-</head>
-<body>
-<!--BEGIN FULL_SIDEBAR-->
-<div id="side-nav" class="ui-resizable side-nav-resizable"><!-- do not remove this div, it is closed by doxygen! -->
-<!--END FULL_SIDEBAR-->
-
-<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
-
-<!--BEGIN TITLEAREA-->
-<div id="titlearea">
-<table cellspacing="0" cellpadding="0">
- <tbody>
- <tr id="projectrow">
-  <!--BEGIN PROJECT_LOGO-->
-  <td id="projectlogo"><img alt="Logo" src="$relpath^$projectlogo"$logosize/></td>
-  <!--END PROJECT_LOGO-->
-  <!--BEGIN PROJECT_NAME-->
-  <td id="projectalign">
-   <div id="projectname">$projectname<!--BEGIN PROJECT_NUMBER--><span id="projectnumber">&#160;$projectnumber</span><!--END PROJECT_NUMBER-->
-   </div>
-   <!--BEGIN PROJECT_BRIEF--><div id="projectbrief">$projectbrief</div><!--END PROJECT_BRIEF-->
-  </td>
-  <!--END PROJECT_NAME-->
-  <!--BEGIN !PROJECT_NAME-->
-   <!--BEGIN PROJECT_BRIEF-->
-    <td>
-    <div id="projectbrief">$projectbrief</div>
-    </td>
-   <!--END PROJECT_BRIEF-->
-  <!--END !PROJECT_NAME-->
-  <!--BEGIN DISABLE_INDEX-->
-   <!--BEGIN SEARCHENGINE-->
-     <!--BEGIN !FULL_SIDEBAR-->
-    <td>$searchbox</td>
-     <!--END !FULL_SIDEBAR-->
-   <!--END SEARCHENGINE-->
-  <!--END DISABLE_INDEX-->
- </tr>
-  <!--BEGIN SEARCHENGINE-->
-   <!--BEGIN FULL_SIDEBAR-->
-   <tr><td colspan="2">$searchbox</td></tr>
-   <!--END FULL_SIDEBAR-->
-  <!--END SEARCHENGINE-->
- </tbody>
-</table>
-</div>
-<!--END TITLEAREA-->
-<!-- end header part -->
--- a/doc/introduction.dox
+++ b/doc/introduction.dox
@@ -14,8 +14,8 @@ libssh is a Free Software / Open Source project. The libssh library
 is distributed under LGPL license. The libssh project has nothing to do with
 "libssh2", which is a completely different and independent project.

-libssh can run on top of either libcrypto, mbedtls or libgcrypt (deprecated)
-general-purpose cryptographic libraries.
+libssh can run on top of either libgcrypt or libcrypto,
+two general-purpose cryptographic libraries.

 This tutorial concentrates for its main part on the "client" side of libssh.
 To learn how to accept incoming SSH connections (how to write a SSH server),
@@ -44,12 +44,6 @@ Table of contents:

@subpage libssh_tutor_threads

-@subpage libssh_tutor_pkcs11
-
-@subpage libssh_tutor_sftp_aio
-
-@subpage libssh_tutor_fido2
-
@subpage libssh_tutor_todo

 */
--- a/doc/mainpage.dox
+++ b/doc/mainpage.dox
@@ -19,13 +19,12 @@ the interesting functions as you go.

 The libssh library provides:

- - <strong>Key Exchange Methods</strong>: <i>sntrup761x25519-sha512, sntrup761x25519-sha512@openssh.com, mlkem768x25519-sha256, mlkem768nistp256-sha256, mlkem1024nistp384-sha384, curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
- - <strong>GSSAPI Key Exchange Methods</strong>: gss-group14-sha256-*, gss-group16-sha512-*, gss-nistp256-sha256-*, gss-curve25519-sha256-*
- - <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256
- - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc
+ - <strong>Key Exchange Methods</strong>: <i>curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
+ - <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256,ssh-dss
+ - <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, none
 - <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none
- - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
- - <strong>Authentication</strong>: none, password, public-key, keyboard-interactive, <i>gssapi-with-mic, gssapi-keyex</i>
+ - <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5, none
+ - <strong>Authentication</strong>: none, password, public-key, keyboard-interactive, <i>gssapi-with-mic</i>
 - <strong>Channels</strong>: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem, <i>auth-agent-req@openssh.com</i>
 - <strong>Global Requests</strong>: tcpip-forward, forwarded-tcpip
 - <strong>Channel Requests</strong>: x11, pty, <i>exit-status, signal, exit-signal, keepalive@openssh.com, auth-agent-req@openssh.com</i>
@@ -34,12 +33,12 @@ The libssh library provides:
 - <strong>Thread-safe</strong>: Just don't share sessions
 - <strong>Non-blocking</strong>: it can be used both blocking and non-blocking
 - <strong>Your sockets</strong>: the app hands over the socket, or uses libssh sockets
- - <b>OpenSSL</b>, <b>MBedTLS</b> or <b>gcrypt</b> (deprecated): builds with either
+ - <b>OpenSSL</b> or <b>gcrypt</b>: builds with either

@section main-additional-features Additional Features

 - Client <b>and</b> server support
- - SSHv2 protocol support
+ - SSHv2 and SSHv1 protocol support
 - Supports <a href="https://test.libssh.org/" target="_blank">Linux, UNIX, BSD, Solaris, OS/2 and Windows</a>
 - Automated test cases with nightly <a href="https://test.libssh.org/" target="_blank">tests</a>
 - Event model based on poll(2), or a poll(2)-emulation.
@@ -150,7 +149,7 @@ The libssh Team

@subsection main-rfc-secsh Secure Shell (SSH)

-The following RFC documents described SSH-2 protocol as an Internet standard.
+The following RFC documents described SSH-2 protcol as an Internet standard.

 - <a href="https://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
    The Secure Shell (SSH) Protocol Assigned Numbers
@@ -212,17 +211,15 @@ It was later modified and expanded by the following RFCs.
    (only the "server-sig-algs" extension implemented)
 - <a href="https://tools.ietf.org/html/rfc8332" target="_blank">RFC 8332</a>,
    Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol
- - <a href="https://tools.ietf.org/html/rfc8709" target="_blank">RFC 8709</a>,
-    Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol
- - <a href="https://tools.ietf.org/html/rfc8709" target="_blank">RFC 8731</a>,
-    Secure Shell (SSH) Key Exchange Method Using Curve25519 and Curve448
- - <a href="https://tools.ietf.org/html/rfc9142" target="_blank">RFC 9142</a>,
-    Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)

 There are also drafts that are being currently developed and followed.

- - <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-08</a>
+ - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-10" target="_blank">draft-ietf-curdle-ssh-kex-sha2-10</a>
+    Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
+ - <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-03</a>
    SSH Agent Protocol
+ - <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-12" target="_blank">draft-ietf-curdle-ssh-curves-12</a>
+    Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448

 Interesting cryptography documents:

--- a/doc/pkcs11.dox
+++ b/doc/pkcs11.dox
@@ -1,86 +0,0 @@
-/**
-@page libssh_tutor_pkcs11 Chapter 9: Authentication using PKCS #11 URIs
-@section how_to How to use PKCS #11 URIs in libssh?
-
-PKCS #11 is a Cryptographic Token Interface Standard that provides an API
-to devices like smart cards that store cryptographic private information.
-Such cryptographic devices are referenced as tokens. A mechanism through which
-objects stored on the tokens can be uniquely identified is called PKCS #11 URI
-(Uniform Resource Identifier) and is defined in RFC 7512
-(https://tools.ietf.org/html/rfc7512).
-
-# Pre-requisites (OpenSSL < 3.0):
-
-OpenSSL 1.x defines an abstract layer called the "engine" to achieve
-cryptographic acceleration. The engine_pkcs11 module acts like an interface
-between the PKCS #11 modules and the OpenSSL application.
-
-To build and use libssh with PKCS #11 support:
-1. Enable the cmake option: $ cmake -DWITH_PKCS11_URI=ON
-2. Build with OpenSSL.
-3. Install and configure engine_pkcs11 (https://github.com/OpenSC/libp11).
-4. Plug in a working smart card or configure softhsm (https://www.opendnssec.org/softhsm).
-
-@warning The support for Engines was deprecated in OpenSSL 3.0 so this approach
-is deprecated in libssh 0.11.x.
-
-# Pre-requisites (OpenSSL 3.0.8+)
-
-The OpenSSL 3.0 is deprecating usage of low-level engines in favor of high-level
-"providers" to provide alternative implementation of cryptographic operations
-or acceleration.
-
-To build and use libssh with PKCS #11 support using OpenSSL providers:
-1. Install and configure pkcs11 provider (https://github.com/latchset/pkcs11-provider).
-2. Enable the cmake options: $ cmake -DWITH_PKCS11_URI=ON -DWITH_PKCS11_PROVIDER=ON
-3. Build with OpenSSL.
-4. Plug in a working smart card or configure softhsm (https://www.opendnssec.org/softhsm).
-
-# New API functions
-
-The functions  ssh_pki_import_pubkey_file() and ssh_pki_import_privkey_file() that
-import the public and private keys from files respectively are now modified to support
-PKCS #11 URIs. These functions automatically detect if the provided filename is a file path
-or a PKCS #11 URI (when it begins with "pkcs11:"). If a PKCS #11 URI is detected,
-the engine is loaded and initialized. Through the engine, the private/public key
-corresponding to the PKCS #11 URI are loaded from the PKCS #11 device.
-
-If you wish to authenticate using public keys on your own, follow the steps mentioned under
-"Authentication with public keys" in Chapter 2 - A deeper insight into authentication.
-
-The function pki_uri_import() is used to populate the public/private ssh_key from the
-engine with PKCS #11 URIs as the look up.
-
-Here is a minimalistic example of public key authentication using PKCS #11 URIs:
-
-@code
-int authenticate_pkcs11_URI(ssh_session session)
-{
-  int rc;
-  char priv_uri[1042] = "pkcs11:token=my-token;object=my-object;type=private?pin-value=1234";
-
-  rc = ssh_options_set(session, SSH_OPTIONS_IDENTITY, priv_uri);
-  assert_int_equal(rc, SSH_OK)
-
-  rc = ssh_userauth_publickey_auto(session, NULL, NULL);
-
-  if (rc == SSH_AUTH_ERROR)
-  {
-     fprintf(stderr, "Authentication with PKCS #11 URIs failed: %s\n",
-       ssh_get_error(session));
-     return SSH_AUTH_ERROR;
-  }
-
-  return rc;
-}
-@endcode
-
-@subsection Caveats
-
-We recommend the users to provide a specific PKCS #11 URI so that it matches only a single slot in the engine.
-If the engine discovers multiple slots that could potentially contain the private keys referenced
-by the provided PKCS #11 URI, the engine will not try to authenticate.
-
-For testing, the SoftHSM PKCS#11 library is used.
-
-*/
--- a/doc/sftp.dox
+++ b/doc/sftp.dox
@@ -139,7 +139,7 @@ Unlike its equivalent in the SCP subsystem, this function does NOT change the
 current directory to the newly created subdirectory.


-@subsection sftp_write Writing to a file on the remote computer
+@subsection sftp_write Copying a file to the remote computer

 You handle the contents of a remote file just like you would do with a
 local file: you open the file in a given mode, move the file pointer in it,
@@ -203,14 +203,16 @@ int sftp_helloworld(ssh_session session, sftp_session sftp)

@subsection sftp_read Reading a file from the remote computer

-A synchronous read from a remote file is done using sftp_read(). This
-section describes how to download a remote file using sftp_read(). The
-next section will discuss more about synchronous/asynchronous read/write
-operations using libssh sftp API.
+The nice thing with reading a file over the network through SFTP is that it
+can be done both in a synchronous way or an asynchronous way. If you read the file
+asynchronously, your program can do something else while it waits for the
+results to come.
+
+Synchronous read is done with sftp_read().

 Files are normally transferred in chunks. A good chunk size is 16 KB. The following
 example transfers the remote file "/etc/profile" in 16 KB chunks. For each chunk we
-request, sftp_read() blocks till the data has been received:
+request, sftp_read blocks till the data has been received:

@code
 // Good chunk size
@@ -271,39 +273,87 @@ int sftp_read_sync(ssh_session session, sftp_session sftp)
 }
@endcode

-@subsection sftp_aio Performing an asynchronous read/write on a file on the remote computer
+Asynchronous read is done in two steps, first sftp_async_read_begin(), which
+returns a "request handle", and then sftp_async_read(), which uses that request handle.
+If the file has been opened in nonblocking mode, then sftp_async_read()
+might return SSH_AGAIN, which means that the request hasn't completed yet
+and that the function should be called again later on. Otherwise,
+sftp_async_read() waits for the data to come. To open a file in nonblocking mode,
+call sftp_file_set_nonblocking() right after you opened it. Default is blocking mode.

-sftp_read() performs a "synchronous" read operation on a remote file.
-This means that sftp_read() will first request the server to read some
-data from the remote file and then would wait until the server response
-containing data to read (or an error) arrives at the client side.
+The example below reads a very big file in asynchronous, nonblocking, mode. Each
+time the data is not ready yet, a counter is incremented.

-sftp_write() performs a "synchronous" write operation on a remote file.
-This means that sftp_write() will first request the server to write some
-data to the remote file and then would wait until the server response
-containing information about the status of the write operation arrives at the
-client side.
+@code
+// Good chunk size
+#define MAX_XFER_BUF_SIZE 16384

-If your client program wants to do something other than waiting for the
-response after requesting a read/write, the synchronous sftp_read() and
-sftp_write() can't be used. In such a case the "asynchronous" sftp aio API
-should be used.
+int sftp_read_async(ssh_session session, sftp_session sftp)
+{
+  int access_type;
+  sftp_file file;
+  char buffer[MAX_XFER_BUF_SIZE];
+  int async_request;
+  int nbytes;
+  long counter;
+  int rc;

-Please go through @ref libssh_tutor_sftp_aio for a detailed description
-of the sftp aio API.
+  access_type = O_RDONLY;
+  file = sftp_open(sftp, "some_very_big_file",
+                   access_type, 0);
+  if (file == NULL) {
+    fprintf(stderr, "Can't open file for reading: %s\n",
+                     ssh_get_error(session));
+    return SSH_ERROR;
+  }
+  sftp_file_set_nonblocking(file);

-The sftp aio API provides two categories of functions :
-  - sftp_aio_begin_*() : For requesting a read/write from the server.
-  - sftp_aio_wait_*() : For waiting for the response of a previously
-    issued read/write request from the server.
+  async_request = sftp_async_read_begin(file, sizeof(buffer));
+  counter = 0L;
+  usleep(10000);
+  if (async_request >= 0) {
+    nbytes = sftp_async_read(file, buffer, sizeof(buffer),
+                             async_request);
+  } else {
+      nbytes = -1;
+  }

-Hence, the client program can call sftp_aio_begin_*() to request a read/write
-and then can perform any number of operations (other than waiting) before
-calling sftp_aio_wait_*() for waiting for the response of the previously
-issued request.
+  while (nbytes > 0 || nbytes == SSH_AGAIN) {
+    if (nbytes > 0) {
+      write(1, buffer, nbytes);
+      async_request = sftp_async_read_begin(file, sizeof(buffer));
+    } else {
+        counter++;
+    }
+    usleep(10000);

-We call read/write operations performed in the manner described above as
-"asynchronous" read/write operations on a remote file.
+    if (async_request >= 0) {
+      nbytes = sftp_async_read(file, buffer, sizeof(buffer),
+                               async_request);
+    } else {
+        nbytes = -1;
+    }
+  }
+
+  if (nbytes < 0) {
+    fprintf(stderr, "Error while reading file: %s\n",
+            ssh_get_error(session));
+    sftp_close(file);
+    return SSH_ERROR;
+  }
+
+  printf("The counter has reached value: %ld\n", counter);
+
+  rc = sftp_close(file);
+  if (rc != SSH_OK) {
+    fprintf(stderr, "Can't close the read file: %s\n",
+            ssh_get_error(session));
+    return rc;
+  }
+
+  return SSH_OK;
+}
+@endcode

@subsection sftp_ls Listing the contents of a directory

--- a/doc/sftp_aio.dox
+++ b/doc/sftp_aio.dox
@@ -1,705 +0,0 @@
-/**
-
-@page libssh_tutor_sftp_aio Chapter 10: The SFTP asynchronous I/O
-
-@section sftp_aio_api The SFTP asynchronous I/O
-
-NOTE : Please read @ref libssh_tutor_sftp before reading this page. The
-synchronous sftp_read() and sftp_write() have been described there.
-
-SFTP AIO stands for "SFTP Asynchronous Input/Output". This API contains
-functions which perform async read/write operations on remote files.
-
-File transfers performed using the asynchronous sftp aio API can be
-significantly faster than the file transfers performed using the synchronous
-sftp read/write API (see sftp_read() and sftp_write()).
-
-The sftp aio API functions are divided into two categories :
-  - sftp_aio_begin_*() [see sftp_aio_begin_read(), sftp_aio_begin_write()]:
-    These functions send a request for an i/o operation to the server and
-    provide the caller an sftp aio handle corresponding to the sent request.
-
-  - sftp_aio_wait_*() [see sftp_aio_wait_read(), sftp_aio_wait_write()]:
-    These functions wait for the server response corresponding to a previously
-    issued request. Which request ? the request corresponding to the sftp aio
-    handle supplied by the caller to these functions.
-
-Conceptually, you can think of the sftp aio handle as a request identifier.
-
-Technically, the sftp_aio_begin_*() functions dynamically allocate memory to
-store information about the i/o request they send and provide the caller a
-handle to this memory, we call this handle an sftp aio handle.
-
-sftp_aio_wait_*() functions use the information stored in that memory (handled
-by the caller supplied sftp aio handle) to identify a request, and then they
-wait for that request's response. These functions also release the memory
-handled by the caller supplied sftp aio handle (except when they return
-SSH_AGAIN).
-
-sftp_aio_free() can also be used to release the memory handled by an sftp aio
-handle but unlike the sftp_aio_wait_*() functions, it doesn't wait for a
-response. This should be used to release the memory corresponding to an sftp
-aio handle when some failure occurs. An example has been provided at the
-end of this page to show the usage of sftp_aio_free().
-
-To begin with, this tutorial will provide basic examples that describe the
-usage of sftp aio API to perform a single read/write operation.
-
-The later sections describe the usage of the sftp aio API to obtain faster file
-transfers as compared to the transfers performed using the synchronous sftp
-read/write API.
-
-On encountering an error, the sftp aio API functions set the sftp and ssh
-errors just like any other libssh sftp API function. These errors can be
-obtained using sftp_get_error(), ssh_get_error() and ssh_get_error_code().
-The code examples provided on this page ignore error handling for the sake of
-brevity.
-
-@subsection sftp_aio_read Using the sftp aio API for reading (a basic example)
-
-For performing an async read operation on a sftp file (see sftp_open()),
-the first step is to call sftp_aio_begin_read() to send a read request to the
-server. The caller is provided an sftp aio handle corresponding to the sent
-read request.
-
-The second step is to pass a pointer to this aio handle to
-sftp_aio_wait_read(), this function waits for the server response which
-indicates the success/failure of the read request. On success, the response
-indicates EOF or contains the data read from the sftp file.
-
-The following code example shows how a read operation can be performed
-on an sftp file using the sftp aio API.
-
-@code
-ssize_t read_chunk(sftp_file file, void *buf, size_t to_read)
-{
-    ssize_t bytes_requested, bytes_read;
-
-    // Variable to store an sftp aio handle
-    sftp_aio aio = NULL;
-
-    // Send a read request to the sftp server
-    bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
-    if (bytes_requested == SSH_ERROR) {
-        // handle error
-    }
-
-    // Here its possible that (bytes_requested < to_read) as specified in
-    // the function documentation of sftp_aio_begin_read()
-
-    // Wait for the response of the read request corresponding to the
-    // sftp aio handle stored in the aio variable.
-    bytes_read = sftp_aio_wait_read(&aio, buf, to_read);
-    if (bytes_read == SSH_ERROR) {
-        // handle error
-    }
-
-    return bytes_read;
-}
-@endcode
-
-@subsection sftp_aio_write Using the sftp aio API for writing (a basic example)
-
-For performing an async write operation on a sftp file (see sftp_open()),
-the first step is to call sftp_aio_begin_write() to send a write request to
-the server. The caller is provided an sftp aio handle corresponding to the
-sent write request.
-
-The second step is to pass a pointer to this aio handle to
-sftp_aio_wait_write(), this function waits for the server response which
-indicates the success/failure of the write request.
-
-The following code example shows how a write operation can be performed on an
-sftp file using the sftp aio API.
-
-@code
-ssize_t write_chunk(sftp_file file, void *buf, size_t to_write)
-{
-    ssize_t bytes_requested, bytes_written;
-
-    // Variable to store an sftp aio handle
-    sftp_aio aio = NULL;
-
-    // Send a write request to the sftp server
-    bytes_requested = sftp_aio_begin_write(file, buf, to_write, &aio);
-    if (bytes_requested == SSH_ERROR) {
-        // handle error
-    }
-
-    // Here its possible that (bytes_requested < to_write) as specified in
-    // the function documentation of sftp_aio_begin_write()
-
-    // Wait for the response of the write request corresponding to
-    // the sftp aio handle stored in the aio variable.
-    bytes_written = sftp_aio_wait_write(&aio);
-    if (bytes_written == SSH_ERROR) {
-        // handle error
-    }
-
-    return bytes_written;
-}
-@endcode
-
-@subsection sftp_aio_actual_use Using the sftp aio API to speed up a transfer
-
-The above examples were provided to introduce the sftp aio API.
-This is not how the sftp aio API is intended to be used, because the
-above usage offers no advantage over the synchronous sftp read/write API
-which does the same thing i.e issue a request and then immediately wait for
-its response.
-
-The facility that the sftp aio API provides is that the user can do
-anything between issuing a request and getting the corresponding response.
-Any number of operations can be performed after calling sftp_aio_begin_*()
-[which issues a request] and before calling sftp_aio_wait_*() [which waits
-for a response]
-
-The code can leverage this feature by calling sftp_aio_begin_*() multiple times
-to issue multiple requests before calling sftp_aio_wait_*() to wait for the
-response of an earlier issued request. This approach will keep a certain number
-of requests outstanding at the client side.
-
-After issuing those requests, while the client code does something else (for
-example waiting for an outstanding request's response, processing an obtained
-response, issuing another request or any other operation the client wants
-to perform), at the same time :
-
-  - Some of those outstanding requests may be travelling over the
-    network towards the server.
-
-  - Some of the outstanding requests may have reached the server and may
-    be queued for processing at the server side.
-
-  - Some of the outstanding requests may have been processed and the
-    corresponding responses may be travelling over the network towards the
-    client.
-
-  - Some of the responses corresponding to the outstanding requests may
-    have already reached the client side.
-
-Clearly in this case, operations that the client performs and operations
-involved in transfer/processing of a outstanding request can occur in
-parallel. Also, operations involved in transfer/processing of two or more
-outstanding requests may also occur in parallel (for example when one request
-travels to the server, another request's response may be incoming towards the
-client). Such kind of parallelism makes the overall transfer faster as compared
-to a transfer performed using the synchronous sftp read/write API.
-
-When the synchronous sftp read/write API is used to perform a transfer,
-a strict sequence is followed:
-
-  - The client issues a single read/write request.
-  - Then waits for its response.
-  - On obtaining the response, the client processes it.
-  - After the processing ends, the client issues the next read/write request.
-
-A file transfer performed in this manner would be slower than the case where
-multiple read/write requests are kept outstanding at the client side. Because
-here at any given time, operations related to transfer/processing of only one
-request/response pair occurs. This is in contrast to the multiple outstanding
-requests scenario where operations related to transfer/processing of multiple
-request/response pairs may occur at the same time.
-
-Although it's true that keeping multiple requests outstanding can speed up a
-transfer, those outstanding requests come at a cost of increased memory
-consumption both at the client side and the server side. Hence care must be
-taken to use a reasonable limit for the number of requests kept outstanding.
-
-The further sections provide code examples to show how uploads/downloads
-can be performed using the sftp aio API and the concept of outstanding requests
-discussed in this section. In those code examples, error handling has been
-ignored and at some places pseudo code has been used for the sake of brevity.
-
-The complete code for performing uploads/downloads using the sftp aio API,
-can be found at https://gitlab.com/libssh/libssh-mirror/-/tree/master.
-
-  - libssh benchmarks for uploads performed using the sftp aio API [See
-    tests/benchmarks/bench_sftp.c]
-  - libssh benchmarks for downloads performed using the sftp aio API. [See
-    tests/benchmarks/bench_sftp.c]
-  - libssh sftp ft API code for performing a local to remote transfer (upload).
-    [See src/sftp_ft.c]
-  - libssh sftp ft API code for performing a remote to local transfer
-    (download). [See src/sftp_ft.c]
-
-@subsection sftp_aio_cap Capping applied by the sftp aio API
-
-Before the code examples for uploads and downloads, its important
-to know about the capping applied by the sftp aio API.
-
-sftp_aio_begin_read() caps the number of bytes the caller can request
-to read from the remote file. That cap is the value of the max_read_length
-field of the sftp_limits_t returned by sftp_limits(). Say that cap is LIM
-and the caller passes x as the number of bytes to read to
-sftp_aio_begin_read(), then (assuming no error occurs) :
-
-  - if x <= LIM, then sftp_aio_begin_read() will request the server
-    to read x bytes from the remote file, and will return x.
-
-  - if x > LIM, then sftp_aio_begin_read() will request the server
-    to read LIM bytes from the remote file and will return LIM.
-
-Hence to request server to read x bytes (> LIM), the caller would have
-to call sftp_aio_begin_read() multiple times, typically in a loop and
-break out of the loop when the summation of return values of the multiple
-sftp_aio_begin_read() calls becomes equal to x.
-
-For the sake of simplicity, the code example for download in the upcoming
-section would always ask sftp_aio_begin_read() to read x <= LIM bytes,
-so that its return value is guaranteed to be x, unless an error occurs.
-
-Similarly, sftp_aio_begin_write() caps the number of bytes the caller
-can request to write to the remote file. That cap is the value of
-max_write_length field of the sftp_limits_t returned by sftp_limits().
-Say that cap is LIM and the caller passes x as the number of bytes to
-write to sftp_aio_begin_write(), then (assuming no error occurs) :
-
-  - if x <= LIM, then sftp_aio_begin_write() will request the server
-    to write x bytes to the remote file, and will return x.
-
-  - if x > LIM, then sftp_aio_begin_write() will request the server
-    to write LIM bytes to the remote file and will return LIM.
-
-Hence to request server to write x bytes (> LIM), the caller would have
-to call sftp_aio_begin_write() multiple times, typically in a loop and
-break out of the loop when the summation of return values of the multiple
-sftp_aio_begin_write() calls becomes equal to x.
-
-For the sake of simplicity, the code example for upload in the upcoming
-section would always ask sftp_aio_begin_write() to write x <= LIM bytes,
-so that its return value is guaranteed to be x, unless an error occurs.
-
-@subsection sftp_aio_download_example Performing a download using the sftp aio API
-
-Terminologies used in the following code snippets :
-
-  - sftp : The sftp_session opened using sftp_new() and initialised using
-    sftp_init()
-
-  - file : The sftp file handle of the remote file to download data
-    from. (See sftp_open())
-
-  - file_size : the size of the sftp file to download. This size can be obtained
-    by statting the remote file to download (e.g by using sftp_stat())
-
-  - We will need to maintain a queue which will be used to store the sftp aio
-    handles corresponding to the outstanding requests.
-
-First, we issue the read requests while ensuring that their count
-doesn't exceed a particular limit decided by us, and the number of bytes
-requested don't exceed the size of the file to download.
-
-@code
-sftp_aio aio = NULL;
-
-// Chunk size to use for the transfer
-size_t chunk_size;
-
-// For the limits structure that would be used
-// by the code to set the chunk size
-sftp_limits_t lim = NULL;
-
-// Max number of requests to keep outstanding at a time
-size_t in_flight_requests = 5;
-
-// Number of bytes for which requests have been sent
-size_t total_bytes_requested = 0;
-
-// Number of bytes which have been downloaded
-size_t bytes_downloaded = 0;
-
-// Buffer to use for the download
-char *buffer = NULL;
-
-// Helper variables
-size_t to_read;
-ssize_t bytes_requested;
-
-// Get the sftp limits
-lim = sftp_limits(sftp);
-if (lim == NULL) {
-    // handle error
-}
-
-// Set the chunk size for download = the max limit for reading
-// The reason for this has been given in the "Capping applied by
-// the sftp aio API" section (Its to make the code simpler)
-//
-// Assigning a size_t type variable a uint64_t type value here,
-// theoretically could cause an overflow, but practically
-// max_read_length would never exceed SIZE_MAX so its okay.
-chunk_size = lim->max_read_length;
-
-buffer = malloc(chunk_size);
-if (buffer == NULL) {
-    // handle error
-}
-
-... // Code to open the remote file (to download) using sftp_open().
-... // Code to stat the remote file's file size.
-... // Code to open the local file in which downloaded data is to be stored.
-... // Code to initialize the queue which will be used to store sftp aio
-    // handles.
-
-for (i = 0;
-     i < in_flight_requests && total_bytes_requested < file_size;
-     ++i) {
-    to_read = file_size - total_bytes_requested;
-    if (to_read > chunk_size) {
-        to_read = chunk_size;
-    }
-
-    // Issue a read request
-    bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
-    if (bytes_requested == SSH_ERROR) {
-        // handle error
-    }
-
-    if ((size_t)bytes_requested < to_read) {
-        // Should not happen for this code, as the to_read is <=
-        // max limit for reading (chunk size), so there is no reason
-        // for sftp_aio_begin_read() to return a lesser value.
-    }
-
-    total_bytes_requested += (size_t)bytes_requested;
-
-    // Pseudo code
-    ENQUEUE aio in the queue;
-}
-
-@endcode
-
-At this point, at max in_flight_requests number of requests may be
-outstanding. Now we wait for the response corresponding to the earliest
-issued outstanding request.
-
-On getting that response, we issue another read request if there are
-still some bytes in the sftp file (to download) for which we haven't sent the
-read request. (This happens when total_bytes_requested < file_size)
-
-This issuing of another read request (under a condition) is done to
-keep the number of outstanding requests equal to the value of the
-in_flight_requests variable.
-
-This process has to be repeated for every remaining outstanding request.
-
-@code
-while (the queue is not empty) {
-    // Pseudo code
-    aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
-
-    // Wait for the response of the request corresponding to the aio
-    bytes_read = sftp_aio_wait_read(&aio, buffer, chunk_size);
-    if (bytes_read == SSH_ERROR) {
-        //handle error
-    }
-
-    bytes_downloaded += bytes_read;
-    if (bytes_read != chunk_size && bytes_downloaded != file_size) {
-        // A short read encountered on the remote file before reaching EOF,
-        // short read before reaching EOF should never happen for the sftp aio
-        // API which respects the max limit for reading. This probably
-        // indicates a bad server.
-    }
-
-    // Pseudo code
-    WRITE bytes_read bytes from the buffer into the local file
-    in which downloaded data is to be stored ;
-
-    if (total_bytes_requested == file_size) {
-        // no need to issue more read requests
-        continue;
-    }
-
-    // else issue a read request
-    to_read = file_size - total_bytes_requested;
-    if (to_read > chunk_size) {
-        to_read = chunk_size;
-    }
-
-    bytes_requested = sftp_aio_begin_read(file, to_read, &aio);
-    if (bytes_requested == SSH_ERROR) {
-        // handle error
-    }
-
-    if ((size_t)bytes_requested < to_read) {
-        // Should not happen for this code, as the to_read is <=
-        // max limit for reading (chunk size), so there is no reason
-        // for sftp_aio_begin_read() to return a lesser value.
-    }
-
-    total_bytes_requested += bytes_requested;
-
-    // Pseudo code
-    ENQUEUE aio in the queue;
-}
-
-free(buffer);
-sftp_limits_free(lim);
-
-... // Code to destroy the queue which was used to store the sftp aio
-    // handles.
-@endcode
-
-After exiting the while (the queue is not empty) loop, the download
-would've been complete (assuming no error occurs).
-
-@subsection sftp_aio_upload_example Performing an upload using the sftp aio API
-
-Terminologies used in the following code snippets :
-
-  - sftp : The sftp_session opened using sftp_new() and initialised using
-    sftp_init()
-
-  - file : The sftp file handle of the remote file in which uploaded data
-    is to be stored. (See sftp_open())
-
-  - file_size : The size of the local file to upload. This size can be
-    obtained by statting the local file to upload (e.g by using stat())
-
-  - We will need maintain a queue which will be used to store the sftp aio
-    handles corresponding to the outstanding requests.
-
-First, we issue the write requests while ensuring that their count
-doesn't exceed a particular limit decided by us, and the number of bytes
-requested to write don't exceed the size of the file to upload.
-
-@code
-sftp_aio aio = NULL;
-
-// The chunk size to use for the transfer
-size_t chunk_size;
-
-// For the limits structure that would be used by
-// the code to set the chunk size
-sftp_limits_t lim = NULL;
-
-// Max number of requests to keep outstanding at a time
-size_t in_flight_requests = 5;
-
-// Total number of bytes for which write requests have been sent
-size_t total_bytes_requested = 0;
-
-// Buffer to use for the upload
-char *buffer = NULL;
-
-// Helper variables
-size_t to_write;
-ssize_t bytes_requested;
-
-// Get the sftp limits
-lim = sftp_limits(sftp);
-if (lim == NULL) {
-    // handle error
-}
-
-// Set the chunk size for upload = the max limit for writing.
-// The reason for this has been given in the "Capping applied by
-// the sftp aio API" section (Its to make the code simpler)
-//
-// Assigning a size_t type variable a uint64_t type value here,
-// theoretically could cause an overflow, but practically
-// max_write_length would never exceed SIZE_MAX so its okay.
-chunk_size = lim->max_write_length;
-
-buffer = malloc(chunk_size);
-if (buffer == NULL) {
-    // handle error
-}
-
-... // Code to open the local file (to upload) [e.g using open(), fopen()].
-... // Code to stat the local file's file size [e.g using stat()].
-... // Code to open the remote file in which uploaded data will be stored [see
-    // sftp_open()].
-... // Code to initialize the queue which will be used to store sftp aio
-    // handles.
-
-for (i = 0;
-     i < in_flight_requests && total_bytes_requested < file_size;
-     ++i) {
-    to_write = file_size - total_bytes_requested;
-    if (to_write > chunk_size) {
-        to_write = chunk_size;
-    }
-
-    // Pseudo code
-    READ to_write bytes from the local file (to upload) into the buffer;
-
-    bytes_requested = sftp_aio_begin_write(file, buffer, to_write, &aio);
-    if (bytes_requested == SSH_ERROR) {
-        // handle error
-    }
-
-    if ((size_t)bytes_requested < to_write) {
-        // Should not happen for this code, as the to_write is <=
-        // max limit for writing (chunk size), so there is no reason
-        // for sftp_aio_begin_write() to return a lesser value.
-    }
-
-    total_bytes_requested += (size_t)bytes_requested;
-
-    // Pseudo code
-    ENQUEUE aio in the queue;
-}
-
-@endcode
-
-At this point, at max in_flight_requests number of requests may be
-outstanding. Now we wait for the response corresponding to the earliest
-issued outstanding request.
-
-On getting that response, we issue another write request if there are
-still some bytes in the local file (to upload) for which we haven't sent
-the write request. (This happens when total_bytes_requested < file_size)
-
-This issuing of another write request (under a condition) is done to
-keep the number of outstanding requests equal to the value of the
-in_flight_requests variable.
-
-This process has to be repeated for every remaining outstanding request.
-
-@code
-while (the queue is not empty) {
-    // Pseudo code
-    aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
-
-    // Wait for the response of the request corresponding to the aio
-    bytes_written = sftp_aio_wait_write(&aio);
-    if (bytes_written == SSH_ERROR) {
-        // handle error
-    }
-
-    // sftp_aio_wait_write() won't report a short write, so no need
-    // to check for a short write here.
-
-    if (total_bytes_requested == file_size) {
-        // no need to issue more write requests
-        continue;
-    }
-
-    // else issue a write request
-    to_write = file_size - total_bytes_requested;
-    if (to_write > chunk_size) {
-        to_write = chunk_size;
-    }
-
-    // Pseudo code
-    READ to_write bytes from the local file (to upload) into a buffer;
-
-    bytes_requested = sftp_aio_begin_write(file, buffer, to_write, &aio);
-    if (bytes_requested == SSH_ERROR) {
-        // handle error
-    }
-
-    if ((size_t)bytes_requested < to_write) {
-        // Should not happen for this code, as the to_write is <=
-        // max limit for writing (chunk size), so there is no reason
-        // for sftp_aio_begin_write() to return a lesser value.
-    }
-
-    total_bytes_requested += (size_t)bytes_requested;
-
-    // Pseudo code
-    ENQUEUE aio in the queue;
-}
-
-free(buffer);
-
-... // Code to destroy the queue which was used to store the sftp aio
-    // handles.
-@endcode
-
-After exiting the while (the queue is not empty) loop, the upload
-would've been complete (assuming no error occurs).
-
-@subsection sftp_aio_free Example showing the usage of sftp_aio_free()
-
-The purpose of sftp_aio_free() was discussed at the beginning of this page,
-the following code example shows how it can be used during cleanup.
-
-@code
-void print_sftp_error(sftp_session sftp)
-{
-    if (sftp == NULL) {
-        return;
-    }
-
-    fprintf(stderr, "sftp error : %d\n", sftp_get_error(sftp));
-    fprintf(stderr, "ssh error : %s\n", ssh_get_error(sftp->session));
-}
-
-// Returns 0 on success, -1 on error
-int write_strings(sftp_file file)
-{
-    const char * strings[] = {
-        "This is the first string",
-        "This is the second string",
-        "This is the third string",
-        "This is the fourth string"
-    };
-
-    size_t string_count = sizeof(strings) / sizeof(strings[0]);
-    size_t i;
-
-    sftp_session sftp = NULL;
-    sftp_aio aio = NULL;
-
-    int rc;
-
-    if (file == NULL) {
-        return -1;
-    }
-
-    ... // Code to initialize the queue which will be used to store sftp aio
-        // handles
-
-    sftp = file->sftp;
-    for (i = 0; i < string_count; ++i) {
-        rc = sftp_aio_begin_write(file,
-                                  strings[i],
-                                  strlen(strings[i]),
-                                  &aio);
-        if (rc == SSH_ERROR) {
-            print_sftp_error(sftp);
-            goto err;
-        }
-
-        // Pseudo code
-        ENQUEUE aio in the queue of sftp aio handles
-    }
-
-    for (i = 0; i < string_count; ++i) {
-        // Pseudo code
-        aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
-
-        rc = sftp_aio_wait_write(&aio);
-        if (rc == SSH_ERROR) {
-            print_sftp_error(sftp);
-            goto err;
-        }
-    }
-
-
-    ... // Code to destroy the queue in which sftp aio handles were
-        // stored
-
-    return 0;
-
-err:
-
-    while (queue is not empty) {
-        // Pseudo code
-        aio = DEQUEUE an sftp aio handle from the queue of sftp aio handles;
-
-        sftp_aio_free(aio);
-    }
-
-    ... // Code to destroy the queue in which sftp aio handles were
-        // stored.
-
-    return -1;
-}
-
-@endcode
-
-*/
--- a/doc/shell.dox
+++ b/doc/shell.dox
@@ -26,7 +26,7 @@ The code sample below achieves these tasks:
@code
 int shell_session(ssh_session session)
 {
-  ssh_channel channel = NULL;
+  ssh_channel channel;
  int rc;

  channel = ssh_channel_new(session);
@@ -65,17 +65,8 @@ to as a "pty", for "pseudo-teletype". The remote processes won't see the
 difference with a real text-oriented terminal.

 If needed, you request the pty with the function ssh_channel_request_pty().
-If you want define its dimensions (number of rows and columns),
-call ssh_channel_request_pty_size() instead. It's also possible to change
-the dimensions after creating the pty with ssh_channel_change_pty_size().
-
-These two functions configure the pty using the same terminal modes that
-stdin has. If stdin isn't a TTY, they use default modes that configure
-the pty with in canonical mode and e.g. preserving CR and LF characters.
-If you want to change the terminal modes used by the pty (e.g. to change
-CRLF handling), use ssh_channel_request_pty_size_modes(). This function
-accepts an additional "modes" buffer that is expected to contain encoded
-terminal modes according to RFC 4254 section 8.
+Then you define its dimensions (number of rows and columns)
+with ssh_channel_change_pty_size().

 Be your session interactive or not, the next step is to request a
 shell with ssh_channel_request_shell().
@@ -329,36 +320,18 @@ int interactive_shell_session(ssh_session session, ssh_channel channel)
 If your remote application is graphical, you can forward the X11 protocol to
 your local computer.

-To do that, you first declare a callback to manage channel_open_request_x11_function.
-Then you create the forwarding tunnel for the X11 protocol with ssh_channel_request_x11().
+To do that, you first declare that you accept X11 connections with
+ssh_channel_accept_x11(). Then you create the forwarding tunnel for
+the X11 protocol with ssh_channel_request_x11().

 The following code performs channel initialization and shell session
 opening, and handles a parallel X11 connection:

@code
-#include <libssh/callbacks.h>
-
-ssh_channel x11channel = NULL;
-
-ssh_channel x11_open_request_callback(ssh_session session, const char *shost, int sport, void *userdata)
-{
-  x11channel = ssh_channel_new(session);
-  return x11channel;
-}
-
 int interactive_shell_session(ssh_channel channel)
 {
  int rc;
-
-  struct ssh_callbacks_struct cb =
-  {
-    .channel_open_request_x11_function = x11_open_request_callback,
-    .userdata = NULL
-  };
-
-  ssh_callbacks_init(&cb);
-  rc = ssh_set_callbacks(session, &cb);
-  if (rc != SSH_OK) return rc;
+  ssh_channel x11channel;

  rc = ssh_channel_request_pty(channel);
  if (rc != SSH_OK) return rc;
@@ -377,15 +350,12 @@ int interactive_shell_session(ssh_channel channel)
 }
@endcode

-Don't forget to check the $DISPLAY environment variable on the remote
+Don't forget to set the $DISPLAY environment variable on the remote
 side, or the remote applications won't try using the X11 tunnel:

@code
-$ echo $DISPLAY
-localhost:10.0
+$ export DISPLAY=:0
 $ xclock &
@endcode

-See an implementation example at https://gitlab.com/libssh/libssh-mirror/-/tree/master/examples/ssh_X11_client.c for details.
-
 */
--- a/doc/that_style/LICENSE
+++ b/doc/that_style/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Jan-Lukas Wynen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/doc/that_style/README.md
+++ b/doc/that_style/README.md
@@ -0,0 +1,22 @@
+# that style
+A plain, more modern HTML style for Doxygen
+
+## Requirements
+- Doxygen (tested with version 1.8.13)
+- *optional*: a sass/scss compiler if you want to modify the style
+
+## Simple usage
+Tell Doxygen about the files for that style as shown in [doxyfile.conf](doxyfile.conf). You might need to adjust the
+paths depending on where you installed that style.
+When you run Doxygen, all files are copied into to generated HTML folder. So you don't need to keep the originals around
+unless you want to re-generate the documentation.
+
+## Advanced
+that style uses a custom javascript to hack some nice stripes into some tables. It has to be loaded from HTML. Hence you need
+to use the provided custom header. Since its default content may change when Doxygen is updated, there might be syntax error in
+the generated HTML. If this is the case, you can remove the custom header (adjust your doxyfile.conf). This has no
+disadvantages other than removing the stripes.
+
+[that_style.css](that_style.css) was generated from the scss files in the folder [sass](sass). If you want to change the style,
+use those files in order to have better control. For instance, you can easily change most colors by modifying the variables
+in the beginning of [that_style.scss](sass/that_style.scss).
--- a/doc/that_style/header.html
+++ b/doc/that_style/header.html
@@ -0,0 +1,56 @@
+<!-- HTML header for doxygen 1.8.13-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<head>
+<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
+<meta http-equiv="X-UA-Compatible" content="IE=9"/>
+<meta name="generator" content="Doxygen $doxygenversion"/>
+<meta name="viewport" content="width=device-width, initial-scale=1"/>
+<!--BEGIN PROJECT_NAME--><title>$projectname: $title</title><!--END PROJECT_NAME-->
+<!--BEGIN !PROJECT_NAME--><title>$title</title><!--END !PROJECT_NAME-->
+<link href="$relpath^tabs.css" rel="stylesheet" type="text/css"/>
+<script type="text/javascript" src="$relpath^jquery.js"></script>
+<script type="text/javascript" src="$relpath^dynsections.js"></script>
+$treeview
+$search
+$mathjax
+<link href="$relpath^$stylesheet" rel="stylesheet" type="text/css" />
+<script src="$relpath^striped_bg.js"></script>
+$extrastylesheet
+</head>
+<body>
+<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
+
+<!--BEGIN TITLEAREA-->
+<div id="titlearea">
+<table cellspacing="0" cellpadding="0">
+ <tbody>
+ <tr style="height: 56px;">
+  <!--BEGIN PROJECT_LOGO-->
+  <td id="projectlogo"><img alt="Logo" src="$relpath^$projectlogo"/></td>
+  <!--END PROJECT_LOGO-->
+  <!--BEGIN PROJECT_NAME-->
+  <td id="projectalign" style="padding-left: 0.5em;">
+   <div id="projectname">$projectname
+   <!--BEGIN PROJECT_NUMBER-->&#160;<span id="projectnumber">$projectnumber</span><!--END PROJECT_NUMBER-->
+   </div>
+   <!--BEGIN PROJECT_BRIEF--><div id="projectbrief">$projectbrief</div><!--END PROJECT_BRIEF-->
+  </td>
+  <!--END PROJECT_NAME-->
+  <!--BEGIN !PROJECT_NAME-->
+   <!--BEGIN PROJECT_BRIEF-->
+    <td style="padding-left: 0.5em;">
+    <div id="projectbrief">$projectbrief</div>
+    </td>
+   <!--END PROJECT_BRIEF-->
+  <!--END !PROJECT_NAME-->
+  <!--BEGIN DISABLE_INDEX-->
+   <!--BEGIN SEARCHENGINE-->
+   <td>$searchbox</td>
+   <!--END SEARCHENGINE-->
+  <!--END DISABLE_INDEX-->
+ </tr>
+ </tbody>
+</table>
+</div>
+<!--END TITLEAREA-->
+<!-- end header part -->
--- a/doc/that_style/img/doc.svg
+++ b/doc/that_style/img/doc.svg
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="24"
+   height="22"
+   viewBox="0 0 6.3499999 5.8208335"
+   version="1.1"
+   id="svg8"
+   sodipodi:docname="doc.svg"
+   inkscape:version="0.92.1 r">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="32"
+     inkscape:cx="11.139212"
+     inkscape:cy="14.811193"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     inkscape:showpageshadow="false"
+     units="px"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1" />
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-291.17915)">
+    <path
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:#4d4d4d;stroke-width:0.26458329;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="M 3.315043,291.8406 H 1.4552083 v 4.49792 h 3.1749999 v -3.10055 z"
+       id="path5095"
+       inkscape:connector-curvature="0" />
+    <path
+       style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;writing-mode:lr-tb;direction:ltr;text-orientation:mixed;dominant-baseline:auto;baseline-shift:baseline;text-anchor:start;white-space:normal;shape-padding:0;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;vector-effect:none;fill:#4d4d4d;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:0.26458332px;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 3.1837239,291.84114 v 1.71186 h 1.4472656 v -0.31418 H 3.4473958 v -1.39768 z"
+       id="path5128"
+       inkscape:connector-curvature="0" />
+    <rect
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       id="rect5132"
+       width="2.1166668"
+       height="0.26458332"
+       x="1.8520833"
+       y="293.82498" />
+    <rect
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       id="rect5136"
+       width="1.0583334"
+       height="0.26458332"
+       x="1.8520832"
+       y="294.35416" />
+    <rect
+       y="294.88333"
+       x="1.8520832"
+       height="0.26458332"
+       width="1.8520833"
+       id="rect5138"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" />
+    <rect
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:normal;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       id="rect4543"
+       width="1.5875"
+       height="0.26458332"
+       x="1.8520832"
+       y="295.41248" />
+  </g>
+</svg>
--- a/doc/that_style/img/folderclosed.svg
+++ b/doc/that_style/img/folderclosed.svg
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="24"
+   height="22"
+   viewBox="0 0 6.3499998 5.8208335"
+   version="1.1"
+   id="svg8"
+   inkscape:version="0.92.1 r"
+   sodipodi:docname="folderclosed.svg"
+   inkscape:export-filename="/home/jl/Prog/doxygen_style/folderclosed.png"
+   inkscape:export-xdpi="96"
+   inkscape:export-ydpi="96">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="51.113139"
+     inkscape:cx="7.7057751"
+     inkscape:cy="12.584171"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     inkscape:snap-global="false"
+     units="px"
+     inkscape:showpageshadow="false"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:measure-start="0,0"
+     inkscape:measure-end="0,0" />
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-291.17915)">
+    <path
+       inkscape:connector-curvature="0"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.26458332;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;paint-order:stroke fill markers;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 0.52916667,292.2374 -0.26458334,0.52925 v 3.43958 H 4.7625001 v -3.43958 H 2.38125 L 2.1166667,292.2374 Z"
+       id="rect4498"
+       sodipodi:nodetypes="cccccccc" />
+    <path
+       inkscape:connector-curvature="0"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#cccccc;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.66145831;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="M 2.9104167,292.76665 2.38125,293.56034 H 0.26458333 v 0.26464 H 2.38125 l 0.5291667,-0.79375 h 1.8520834 v -0.26458 z"
+       id="rect4500"
+       sodipodi:nodetypes="ccccccccc" />
+  </g>
+</svg>
--- a/doc/that_style/img/folderopen.svg
+++ b/doc/that_style/img/folderopen.svg
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="24"
+   height="22"
+   viewBox="0 0 6.3499998 5.8208335"
+   version="1.1"
+   id="svg8"
+   inkscape:version="0.92.1 r"
+   sodipodi:docname="folderopen.svg"
+   inkscape:export-filename="/home/jl/Prog/doxygen_style/folderopen.png"
+   inkscape:export-xdpi="96"
+   inkscape:export-ydpi="96">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="43.725861"
+     inkscape:cx="8.2043861"
+     inkscape:cy="13.464183"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     inkscape:snap-global="false"
+     units="px"
+     inkscape:showpageshadow="false"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:measure-start="0,0"
+     inkscape:measure-end="0,0" />
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-291.17915)">
+    <path
+       inkscape:connector-curvature="0"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.66145831;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 0.52916667,292.23748 -0.26458334,0.52917 v 3.43958 H 4.762461 l 7.8e-5,-3.43958 H 2.38125 l -0.2645833,-0.52917 z"
+       id="path5228"
+       sodipodi:nodetypes="cccccccc" />
+    <path
+       inkscape:connector-curvature="0"
+       id="path5279"
+       d="M 1.0583333,293.5604 H 5.55625 L 4.7625,296.20603 H 0.26458333 Z"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ececec;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.66145831;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       sodipodi:nodetypes="ccccc" />
+    <path
+       sodipodi:nodetypes="ccccccc"
+       inkscape:connector-curvature="0"
+       id="path5234"
+       d="M 1.0583333,294.35415 H 3.175 l 0.5291667,-0.52917 H 5.55625 L 4.7625,296.20603 H 0.26458333 Z"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#4d4d4d;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.66145831;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" />
+  </g>
+</svg>
--- a/doc/that_style/img/mag_glass.svg
+++ b/doc/that_style/img/mag_glass.svg
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="22"
+   height="22"
+   viewBox="0 0 5.8208332 5.8208335"
+   version="1.1"
+   id="svg8"
+   inkscape:version="0.92.1 r"
+   sodipodi:docname="mag_glass.svg">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="32"
+     inkscape:cx="8.961936"
+     inkscape:cy="10.205344"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="px"
+     inkscape:showpageshadow="false"
+     inkscape:snap-bbox="false"
+     inkscape:bbox-nodes="true"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1"
+     inkscape:snap-global="false" />
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-291.17915)">
+    <path
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#333333;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:1.99999988;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="M 6.9101562 2.4082031 C 3.1105656 2.4082031 -5.9211895e-16 5.5081643 0 9.3027344 C 0 13.097342 3.1105656 16.197266 6.9101562 16.197266 C 8.2869348 16.197266 9.5698699 15.787508 10.650391 15.087891 L 15.162109 19.587891 L 16.636719 18.115234 L 12.214844 13.707031 C 13.214837 12.510659 13.818359 10.974238 13.818359 9.3027344 C 13.818359 5.5081643 10.709747 2.4082031 6.9101562 2.4082031 z M 6.9101562 4.9101562 C 9.3624717 4.9101562 11.324219 6.8631249 11.324219 9.3027344 C 11.324219 11.742382 9.3624717 13.695312 6.9101562 13.695312 C 4.4578408 13.695312 2.5019531 11.742382 2.5019531 9.3027344 C 2.5019531 6.8631249 4.4578408 4.9101562 6.9101562 4.9101562 z "
+       transform="matrix(0.26458333,0,0,0.26458333,0,291.17915)"
+       id="rect4524" />
+    <path
+       transform="matrix(0.99422295,0,0,0.68955299,-0.83134947,91.755588)"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#333333;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.63466448;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       inkscape:transform-center-y="0.25905895"
+       d="m 5.6074138,294.49889 -1.0836583,-1.87695 2.1673165,0 z"
+       id="path4491" />
+  </g>
+</svg>
--- a/doc/that_style/img/nav_edge_inter.svg
+++ b/doc/that_style/img/nav_edge_inter.svg
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="10.53333"
+   height="32"
+   viewBox="0 0 9.8749964 30"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.92.1 r"
+   sodipodi:docname="nav_edge_inter.svg">
+  <defs
+     id="defs4" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="32"
+     inkscape:cx="8.6823304"
+     inkscape:cy="16.225639"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="px"
+     inkscape:snap-bbox="true"
+     inkscape:bbox-paths="false"
+     inkscape:bbox-nodes="true"
+     inkscape:snap-bbox-edge-midpoints="true"
+     inkscape:object-nodes="true"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1" />
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-1022.3622)">
+    <path
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 0,1022.3622 v 15 15 l 8,-15 z"
+       id="path4143"
+       inkscape:connector-curvature="0" />
+    <path
+       style="color:#000000;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:medium;line-height:normal;font-family:sans-serif;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feature-settings:normal;text-indent:0;text-align:start;text-decoration:none;text-decoration-line:none;text-decoration-style:solid;text-decoration-color:#000000;letter-spacing:normal;word-spacing:normal;text-transform:none;writing-mode:lr-tb;direction:ltr;text-orientation:mixed;dominant-baseline:auto;baseline-shift:baseline;text-anchor:start;white-space:normal;shape-padding:0;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;vector-effect:none;fill:#333333;fill-opacity:1;fill-rule:evenodd;stroke:none;stroke-width:0.9375px;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 1.2910156,1022.3496 -0.82421872,0.4473 7.87890622,14.5527 -7.87890622,14.5527 0.82421872,0.4473 8.1210938,-15 z"
+       id="path5240"
+       inkscape:connector-curvature="0" />
+  </g>
+</svg>
--- a/doc/that_style/img/nav_edge_left.svg
+++ b/doc/that_style/img/nav_edge_left.svg
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="8.5333338"
+   height="32"
+   viewBox="0 0 8.0000001 30"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.92.1 r"
+   sodipodi:docname="nav_edge_left.svg">
+  <defs
+     id="defs4" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="32"
+     inkscape:cx="5.3721385"
+     inkscape:cy="14.16429"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="px"
+     inkscape:snap-bbox="true"
+     inkscape:bbox-paths="false"
+     inkscape:bbox-nodes="false"
+     inkscape:snap-bbox-edge-midpoints="false"
+     inkscape:object-nodes="true"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1" />
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-1022.3622)">
+    <path
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:6;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="M 0 0 L 0 32 L 8.5332031 16 L 0 0 z "
+       transform="matrix(0.93749998,0,0,0.93749998,0,1022.3622)"
+       id="rect4586" />
+    <path
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 0,1022.3622 v 15 15 l 8,-15 z"
+       id="path4143"
+       inkscape:connector-curvature="0" />
+  </g>
+</svg>
--- a/doc/that_style/img/nav_edge_right.svg
+++ b/doc/that_style/img/nav_edge_right.svg
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="8"
+   height="30"
+   viewBox="0 0 8.0000001 30"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.91 r13725"
+   sodipodi:docname="nav_edge.svg">
+  <defs
+     id="defs4" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="32"
+     inkscape:cx="5.3721385"
+     inkscape:cy="14.16429"
+     inkscape:document-units="px"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="px"
+     inkscape:snap-bbox="true"
+     inkscape:bbox-paths="false"
+     inkscape:bbox-nodes="false"
+     inkscape:snap-bbox-edge-midpoints="false"
+     inkscape:object-nodes="true"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1" />
+  <metadata
+     id="metadata7">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-1022.3622)">
+    <path
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:none;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 0,1022.3622 0,15 0,15 8,-15 -8,-15 z"
+       id="path4143"
+       inkscape:connector-curvature="0" />
+    <path
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       d="m 1e-8,1022.3622 7.99999999,15 0,-15 -8,0 z m 7.99999999,15 -8,15 8,0 0,-15 z"
+       id="rect4136"
+       inkscape:connector-curvature="0" />
+  </g>
+</svg>
--- a/doc/that_style/img/splitbar_handle.svg
+++ b/doc/that_style/img/splitbar_handle.svg
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="6"
+   height="9"
+   viewBox="0 0 1.5875 2.3812501"
+   version="1.1"
+   id="svg8"
+   inkscape:version="0.92.1 r"
+   sodipodi:docname="splitbar_handle.svg">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="32"
+     inkscape:cx="8.7681488"
+     inkscape:cy="-2.7929517"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     showgrid="false"
+     units="px"
+     inkscape:showpageshadow="false"
+     showguides="false"
+     inkscape:window-width="2560"
+     inkscape:window-height="1357"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1">
+    <inkscape:grid
+       type="xygrid"
+       id="grid4487" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-294.61873)">
+    <rect
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       id="rect4485"
+       width="0.26458335"
+       height="0.26458332"
+       x="0.26458332"
+       y="294.8833" />
+    <rect
+       y="294.8833"
+       x="1.0583333"
+       height="0.26458332"
+       width="0.26458335"
+       id="rect4489"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" />
+    <rect
+       y="295.41248"
+       x="0.26458329"
+       height="0.26458332"
+       width="0.26458335"
+       id="rect4491"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" />
+    <rect
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       id="rect4493"
+       width="0.26458335"
+       height="0.26458332"
+       x="1.0583333"
+       y="295.41248" />
+    <rect
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       id="rect4495"
+       width="0.26458335"
+       height="0.26458332"
+       x="0.26458332"
+       y="295.94165" />
+    <rect
+       y="295.94165"
+       x="1.0583333"
+       height="0.26458332"
+       width="0.26458335"
+       id="rect4497"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" />
+    <rect
+       y="296.47079"
+       x="0.26458329"
+       height="0.26458332"
+       width="0.26458335"
+       id="rect4499"
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate" />
+    <rect
+       style="color:#000000;clip-rule:nonzero;display:inline;overflow:visible;visibility:visible;opacity:1;isolation:auto;mix-blend-mode:normal;color-interpolation:sRGB;color-interpolation-filters:linearRGB;solid-color:#000000;solid-opacity:1;fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.52916664;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1;color-rendering:auto;image-rendering:auto;shape-rendering:auto;text-rendering:auto;enable-background:accumulate"
+       id="rect4501"
+       width="0.26458335"
+       height="0.26458332"
+       x="1.0583333"
+       y="296.47079" />
+  </g>
+</svg>
--- a/doc/that_style/img/sync_off.png
+++ b/doc/that_style/img/sync_off.png
--- a/doc/that_style/img/sync_on.png
+++ b/doc/that_style/img/sync_on.png
--- a/doc/that_style/js/striped_bg.js
+++ b/doc/that_style/js/striped_bg.js
@@ -0,0 +1,32 @@
+// Adds extra CSS classes "even" and "odd" to .memberdecls to allow
+// striped backgrounds.
+function MemberDeclsStriper () {
+    var counter = 0;
+    
+    this.stripe = function() {
+        $(".memberdecls tbody").children().each(function(i) {
+            
+            // reset counter at every heading -> always start with even
+            if ($(this).is(".heading")) {
+                counter = 0;
+            }
+
+            // add extra classes
+            if (counter % 2 == 1) {
+                $(this).addClass("odd");
+            }
+            else {
+                $(this).addClass("even");
+            }
+
+            // advance counter at every separator
+            // this is the only way to reliably detect which table rows belong together
+            if ($(this).is('[class^="separator"]')) {
+                counter++;
+            }
+        });
+    }
+}
+
+// execute the function
+$(document).ready(new MemberDeclsStriper().stripe);
--- a/doc/that_style/that_style.css
+++ b/doc/that_style/that_style.css
--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -29,63 +29,40 @@ if (UNIX AND NOT WIN32)
        add_executable(samplesftp samplesftp.c ${examples_SRCS})
        target_compile_options(samplesftp PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
        target_link_libraries(samplesftp ssh::ssh)
-
-        if (WITH_SERVER)
-            add_executable(sample_sftpserver sample_sftpserver.c ${examples_SRCS})
-            target_compile_options(sample_sftpserver PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(sample_sftpserver ssh::ssh ${ARGP_LIBRARIES})
-        endif (WITH_SERVER)
    endif (WITH_SFTP)

    add_executable(ssh-client ssh_client.c ${examples_SRCS})
    target_compile_options(ssh-client PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
    target_link_libraries(ssh-client ssh::ssh)

-    add_executable(ssh-X11-client ssh_X11_client.c ${examples_SRCS})
-    target_compile_options(ssh-X11-client PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-    target_link_libraries(ssh-X11-client ssh::ssh)
-
-    if (WITH_SERVER AND (ARGP_LIBRARIES OR HAVE_ARGP_H))
+    if (WITH_SERVER AND (ARGP_LIBRARY OR HAVE_ARGP_H))
        if (HAVE_LIBUTIL)
-            add_executable(ssh_server_fork ssh_server.c)
-            target_compile_options(ssh_server_fork PRIVATE ${DEFAULT_C_COMPILE_FLAGS} -DWITH_FORK)
-            target_link_libraries(ssh_server_fork ssh::ssh ${ARGP_LIBRARIES} util)
-
-            add_executable(ssh_server_pthread ssh_server.c)
-            target_compile_options(ssh_server_pthread PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(ssh_server_pthread ssh::ssh ${ARGP_LIBRARIES} pthread util)
+            add_executable(ssh_server_fork ssh_server_fork.c)
+            target_compile_options(ssh_server_fork PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+            target_link_libraries(ssh_server_fork ssh::ssh ${ARGP_LIBRARY} util)
        endif (HAVE_LIBUTIL)

        if (WITH_GSSAPI AND GSSAPI_FOUND)
+            add_executable(samplesshd-cb samplesshd-cb.c)
+            target_compile_options(samplesshd-cb PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
+            target_link_libraries(samplesshd-cb ssh::ssh ${ARGP_LIBRARY})
+
            add_executable(proxy proxy.c)
            target_compile_options(proxy PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(proxy ssh::ssh ${ARGP_LIBRARIES})
+            target_link_libraries(proxy ssh::ssh ${ARGP_LIBRARY})

            add_executable(sshd_direct-tcpip sshd_direct-tcpip.c)
            target_compile_options(sshd_direct-tcpip PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-            target_link_libraries(sshd_direct-tcpip ssh::ssh ${ARGP_LIBRARIES})
+            target_link_libraries(sshd_direct-tcpip ssh::ssh ${ARGP_LIBRARY})
        endif (WITH_GSSAPI AND GSSAPI_FOUND)

        add_executable(samplesshd-kbdint samplesshd-kbdint.c)
        target_compile_options(samplesshd-kbdint PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(samplesshd-kbdint ssh::ssh ${ARGP_LIBRARIES})
-
-        add_executable(keygen2 keygen2.c ${examples_SRCS})
-        target_compile_options(keygen2 PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-        target_link_libraries(keygen2 ssh::ssh ${ARGP_LIBRARIES})
+        target_link_libraries(samplesshd-kbdint ssh::ssh ${ARGP_LIBRARY})

    endif()
 endif (UNIX AND NOT WIN32)

-if (WITH_SERVER)
-    add_executable(samplesshd-cb samplesshd-cb.c)
-    target_compile_options(samplesshd-cb PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
-    target_link_libraries(samplesshd-cb ssh::ssh)
-    if (ARGP_LIBRARIES OR HAVE_ARGP_H)
-        target_link_libraries(samplesshd-cb ${ARGP_LIBRARIES})
-    endif(ARGP_LIBRARIES OR HAVE_ARGP_H)
-endif()
-
 add_executable(exec exec.c ${examples_SRCS})
 target_compile_options(exec PRIVATE ${DEFAULT_C_COMPILE_FLAGS})
 target_link_libraries(exec ssh::ssh)
--- a/examples/authentication.c
+++ b/examples/authentication.c
@@ -30,8 +30,8 @@ int authenticate_kbdint(ssh_session session, const char *password)

    err = ssh_userauth_kbdint(session, NULL, NULL);
    while (err == SSH_AUTH_INFO) {
-        const char *instruction = NULL;
-        const char *name = NULL;
+        const char *instruction;
+        const char *name;
        char buffer[128];
        int i, n;

@@ -48,8 +48,8 @@ int authenticate_kbdint(ssh_session session, const char *password)
        }

        for (i = 0; i < n; i++) {
-            const char *answer = NULL;
-            const char *prompt = NULL;
+            const char *answer;
+            const char *prompt;
            char echo;

            prompt = ssh_userauth_kbdint_getprompt(session, i, &echo);
@@ -58,7 +58,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
            }

            if (echo) {
-                char *p = NULL;
+                char *p;

                printf("%s", prompt);

@@ -66,6 +66,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
                    return SSH_AUTH_ERROR;
                }

+                buffer[sizeof(buffer) - 1] = '\0';
                if ((p = strchr(buffer, '\n'))) {
                    *p = '\0';
                }
@@ -74,7 +75,7 @@ int authenticate_kbdint(ssh_session session, const char *password)
                    return SSH_AUTH_ERROR;
                }

-                memset(buffer, 0, sizeof(buffer));
+                memset(buffer, 0, strlen(buffer));
            } else {
                if (password && strstr(prompt, "Password:")) {
                    answer = password;
@@ -142,11 +143,11 @@ int authenticate_console(ssh_session session)
    int rc;
    int method;
    char password[128] = {0};
-    char *banner = NULL;
+    char *banner;

    // Try to authenticate
    rc = ssh_userauth_none(session, NULL);
-    if (rc == SSH_AUTH_ERROR || !ssh_is_connected(session)) {
+    if (rc == SSH_AUTH_ERROR) {
        error(session);
        return rc;
    }
@@ -155,7 +156,7 @@ int authenticate_console(ssh_session session)
    while (rc != SSH_AUTH_SUCCESS) {
        if (method & SSH_AUTH_METHOD_GSSAPI_MIC){
            rc = ssh_userauth_gssapi(session);
-            if (rc == SSH_AUTH_ERROR || !ssh_is_connected(session)) {
+            if(rc == SSH_AUTH_ERROR) {
                error(session);
                return rc;
            } else if (rc == SSH_AUTH_SUCCESS) {
@@ -165,7 +166,7 @@ int authenticate_console(ssh_session session)
        // Try to authenticate with public key first
        if (method & SSH_AUTH_METHOD_PUBLICKEY) {
            rc = ssh_userauth_publickey_auto(session, NULL, NULL);
-            if (rc == SSH_AUTH_ERROR || !ssh_is_connected(session)) {
+            if (rc == SSH_AUTH_ERROR) {
                error(session);
                return rc;
            } else if (rc == SSH_AUTH_SUCCESS) {
@@ -205,7 +206,7 @@ int authenticate_console(ssh_session session)
        // Try to authenticate with keyboard interactive";
        if (method & SSH_AUTH_METHOD_INTERACTIVE) {
            rc = authenticate_kbdint(session, NULL);
-            if (rc == SSH_AUTH_ERROR || !ssh_is_connected(session)) {
+            if (rc == SSH_AUTH_ERROR) {
                error(session);
                return rc;
            } else if (rc == SSH_AUTH_SUCCESS) {
@@ -220,7 +221,7 @@ int authenticate_console(ssh_session session)
        // Try to authenticate with password
        if (method & SSH_AUTH_METHOD_PASSWORD) {
            rc = ssh_userauth_password(session, NULL, password);
-            if (rc == SSH_AUTH_ERROR || !ssh_is_connected(session)) {
+            if (rc == SSH_AUTH_ERROR) {
                error(session);
                return rc;
            } else if (rc == SSH_AUTH_SUCCESS) {
--- a/examples/connect_ssh.c
+++ b/examples/connect_ssh.c
@@ -21,57 +21,47 @@ clients must be made or how a client should react.
 #include "examples_common.h"
 #include <stdio.h>

-ssh_session connect_ssh(const char *host, const char *port, const char *user, int verbosity)
-{
-    ssh_session session = NULL;
-    int auth = 0;
+ssh_session connect_ssh(const char *host, const char *user,int verbosity){
+  ssh_session session;
+  int auth=0;

-    session = ssh_new();
-    if (session == NULL) {
-        return NULL;
-    }
+  session=ssh_new();
+  if (session == NULL) {
+    return NULL;
+  }

-    if (user != NULL) {
-        if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0) {
-            ssh_free(session);
-            return NULL;
-        }
+  if(user != NULL){
+    if (ssh_options_set(session, SSH_OPTIONS_USER, user) < 0) {
+      ssh_free(session);
+      return NULL;
    }
+  }

-    if (port != NULL) {
-        if (ssh_options_set(session, SSH_OPTIONS_PORT_STR, port) < 0) {
-            ssh_free(session);
-            return NULL;
-        }
-    }
-
-    if (ssh_options_set(session, SSH_OPTIONS_HOST, host) < 0) {
-        ssh_free(session);
-        return NULL;
-    }
-    ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
-    if (ssh_connect(session)) {
-        fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
-        ssh_disconnect(session);
-        ssh_free(session);
-        return NULL;
-    }
-    if (verify_knownhost(session) < 0) {
-        ssh_disconnect(session);
-        ssh_free(session);
-        return NULL;
-    }
-    auth = authenticate_console(session);
-    if (auth == SSH_AUTH_SUCCESS) {
-        return session;
-    } else if (auth == SSH_AUTH_DENIED) {
-        fprintf(stderr, "Authentication failed\n");
-    } else {
-        fprintf(stderr,
-                "Error while authenticating : %s\n",
-                ssh_get_error(session));
-    }
+  if (ssh_options_set(session, SSH_OPTIONS_HOST, host) < 0) {
+    ssh_free(session);
+    return NULL;
+  }
+  ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+  if(ssh_connect(session)){
+    fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
    ssh_disconnect(session);
    ssh_free(session);
    return NULL;
+  }
+  if(verify_knownhost(session)<0){
+    ssh_disconnect(session);
+    ssh_free(session);
+    return NULL;
+  }
+  auth=authenticate_console(session);
+  if(auth==SSH_AUTH_SUCCESS){
+    return session;
+  } else if(auth==SSH_AUTH_DENIED){
+    fprintf(stderr,"Authentication failed\n");
+  } else {
+    fprintf(stderr,"Error while authenticating : %s\n",ssh_get_error(session));
+  }
+  ssh_disconnect(session);
+  ssh_free(session);
+  return NULL;
 }
--- a/examples/examples_common.h
+++ b/examples/examples_common.h
@@ -16,11 +16,11 @@ clients must be made or how a client should react.
 #include <libssh/libssh.h>

 /** Zero a structure */
-#define ZERO_STRUCT(x) memset(&(x), 0, sizeof(x))
+#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))

 int authenticate_console(ssh_session session);
 int authenticate_kbdint(ssh_session session, const char *password);
 int verify_knownhost(ssh_session session);
-ssh_session connect_ssh(const char *hostname, const char *port, const char *user, int verbosity);
+ssh_session connect_ssh(const char *hostname, const char *user, int verbosity);

 #endif /* EXAMPLES_COMMON_H_ */
--- a/examples/exec.c
+++ b/examples/exec.c
@@ -5,19 +5,19 @@
 #include "examples_common.h"

 int main(void) {
-    ssh_session session = NULL;
-    ssh_channel channel = NULL;
+    ssh_session session;
+    ssh_channel channel;
    char buffer[256];
    int rbytes, wbytes, total = 0;
    int rc;

-    session = connect_ssh("localhost", NULL, NULL, 0);
+    session = connect_ssh("localhost", NULL, 0);
    if (session == NULL) {
        ssh_finalize();
        return 1;
    }

-    channel = ssh_channel_new(session);
+    channel = ssh_channel_new(session);;
    if (channel == NULL) {
        ssh_disconnect(session);
        ssh_free(session);
--- a/examples/keygen.c
+++ b/examples/keygen.c
@@ -27,14 +27,14 @@ int main(void)
    rv = ssh_pki_generate(SSH_KEYTYPE_ED25519, 0, &key);
    if (rv != SSH_OK) {
        fprintf(stderr, "Failed to generate private key");
-        return -1;
+	return -1;
    }

-    /* Write it to a file testkey in the current directory */
+    /* Write it to a file testkey in the current dirrectory */
    rv = ssh_pki_export_privkey_file(key, NULL, NULL, NULL, "testkey");
    if (rv != SSH_OK) {
        fprintf(stderr, "Failed to write private key file");
-        return -1;
+	return -1;
    }

    return 0;
--- a/examples/keygen2.c
+++ b/examples/keygen2.c
@@ -1,526 +0,0 @@
-/*
- * keygen2.c - Generate SSH keys using libssh
- * Author: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
- */
-
-/*
- * Copyright (c) 2019 Red Hat, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- */
-
-#include "config.h"
-
-#include <libssh/libssh.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <argp.h>
-#include <errno.h>
-#include <string.h>
-#include <ctype.h>
-#include <fcntl.h>
-
-#include <sys/stat.h>
-
-struct arguments_st {
-    enum ssh_keytypes_e type;
-    unsigned long bits;
-    char *file;
-    char *passphrase;
-    char *format;
-    int action_list;
-};
-
-static struct argp_option options[] = {
-    {
-        .name  = "bits",
-        .key   = 'b',
-        .arg   = "BITS",
-        .flags = 0,
-        .doc   = "The size of the key to be generated. "
-                 "If omitted, a default value is used depending on the TYPE. "
-                 "Accepted values are: "
-                 "1024, 2048, 3072 (default), 4096, and 8192 for TYPE=\"rsa\"; "
-                 "256 (default), 384, and 521 for TYPE=\"ecdsa\"; "
-                 "can be omitted for TYPE=\"ed25519\" "
-                 "(it will be ignored if provided).\n",
-        .group = 0
-    },
-    {
-        .name  = "file",
-        .key   = 'f',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "The output file. "
-                 "If not provided, the used file name will be generated "
-                 "according to the key type as \"id_TYPE\" "
-                 "(e.g. \"id_rsa\" for type \"rsa\"). "
-                 "The public key file name is generated from the private key "
-                 "file name by appending \".pub\".\n",
-        .group = 0
-    },
-    {
-        .name  = "passphrase",
-        .key   = 'p',
-        .arg   = "PASSPHRASE",
-        .flags = 0,
-        .doc   = "The passphrase used to encrypt the private key. "
-                 "If omitted the file will not be encrypted.\n",
-        .group = 0
-    },
-    {
-        .name  = "type",
-        .key   = 't',
-        .arg   = "TYPE",
-        .flags = 0,
-        .doc   = "The type of the key to be generated. "
-                 "Accepted values are: "
-                 "\"rsa\", \"ecdsa\", and \"ed25519\".\n",
-        .group = 0
-    },
-    {
-        .name  = "list",
-        .key   = 'l',
-        .arg   = NULL,
-        .flags = 0,
-        .doc   = "List the Fingerprint of the given key\n",
-        .group = 0
-    },
-    {
-        .name  = "format",
-        .key   = 'm',
-        .arg   = "FORMAT",
-        .flags = 0,
-        .doc   = "Write the file in specific format. The supported values are "
-                "'PEM'and 'OpenSSH' file format. By default Ed25519 "
-                "keys are exported in OpenSSH format and others in PEM.\n",
-        .group = 0
-    },
-    {
-        /* End of the options */
-        0
-    },
-};
-
-/* Parse a single option. */
-static error_t parse_opt (int key, char *arg, struct argp_state *state)
-{
-    /* Get the input argument from argp_parse, which we
-     * know is a pointer to our arguments structure.
-     */
-    struct arguments_st *arguments = NULL;
-    error_t rc = 0;
-
-    if (state == NULL) {
-        return EINVAL;
-    }
-
-    arguments = state->input;
-    if (arguments == NULL) {
-        fprintf(stderr, "Error: NULL pointer to arguments structure "
-                "provided\n");
-        rc = EINVAL;
-        goto end;
-    }
-
-    switch (key) {
-        case 'b':
-            errno = 0;
-            arguments->bits = strtoul(arg, NULL, 10);
-            if (errno != 0) {
-                rc = errno;
-                goto end;
-            }
-            break;
-        case 'f':
-            arguments->file = strdup(arg);
-            if (arguments->file == NULL) {
-                fprintf(stderr, "Error: Out of memory\n");
-                rc = ENOMEM;
-                goto end;
-            }
-            break;
-        case 'p':
-            arguments->passphrase = strdup(arg);
-            if (arguments->passphrase == NULL) {
-                fprintf(stderr, "Error: Out of memory\n");
-                rc = ENOMEM;
-                goto end;
-            }
-            break;
-        case 't':
-            if (!strcmp(arg, "rsa")) {
-                arguments->type = SSH_KEYTYPE_RSA;
-            }
-            else if (!strcmp(arg, "ecdsa")) {
-                arguments->type = SSH_KEYTYPE_ECDSA;
-            }
-            else if (!strcmp(arg, "ed25519")) {
-                arguments->type = SSH_KEYTYPE_ED25519;
-            }
-            else {
-                fprintf(stderr, "Error: Invalid key type\n");
-                argp_usage(state);
-                rc = EINVAL;
-                goto end;
-            }
-            break;
-        case 'l':
-            arguments->action_list = 1;
-            break;
-        case 'm':
-            arguments->format = strdup(arg);
-            break;
-        case ARGP_KEY_ARG:
-            if (state->arg_num > 0) {
-                /* Too many arguments. */
-                printf("Error: Too many arguments\n");
-                argp_usage(state);
-            }
-            break;
-        case ARGP_KEY_END:
-            break;
-        default:
-            return ARGP_ERR_UNKNOWN;
-    }
-
-end:
-    return rc;
-}
-
-static int validate_args(struct arguments_st *args)
-{
-    int rc = 0;
-
-    if (args == NULL) {
-        return EINVAL;
-    }
-
-    /* no other arguments needed for listing key fingerprints */
-    if (args->action_list) {
-        return 0;
-    }
-
-    switch (args->type) {
-    case SSH_KEYTYPE_RSA:
-        switch (args->bits) {
-        case 0:
-            /* If not provided, use default value */
-            args->bits = 3072;
-            break;
-        case 1024:
-        case 2048:
-        case 3072:
-        case 4096:
-        case 8192:
-            break;
-        default:
-            fprintf(stderr, "Error: Invalid bits parameter provided\n");
-            rc = EINVAL;
-            break;
-        }
-
-        if (args->file == NULL) {
-            args->file = strdup("id_rsa");
-            if (args->file == NULL) {
-                rc = ENOMEM;
-                break;
-            }
-        }
-
-        break;
-    case SSH_KEYTYPE_ECDSA:
-        switch (args->bits) {
-        case 0:
-            /* If not provided, use default value */
-            args->bits = 256;
-            break;
-        case 256:
-        case 384:
-        case 521:
-            break;
-        default:
-            fprintf(stderr, "Error: Invalid bits parameter provided\n");
-            rc = EINVAL;
-            break;
-        }
-        if (args->file == NULL) {
-            args->file = strdup("id_ecdsa");
-            if (args->file == NULL) {
-                rc = ENOMEM;
-                break;
-            }
-        }
-
-        break;
-    case SSH_KEYTYPE_ED25519:
-        /* Ignore value and overwrite with a zero */
-        args->bits = 0;
-
-        if (args->file == NULL) {
-            args->file = strdup("id_ed25519");
-            if (args->file == NULL) {
-                rc = ENOMEM;
-                break;
-            }
-        }
-
-        break;
-    default:
-        fprintf(stderr, "Error: unknown key type\n");
-        rc = EINVAL;
-        break;
-    }
-
-    return rc;
-}
-
-/* Program documentation. */
-static char doc[] = "Generate an SSH key pair. "
-                    "The \"--type\" (short: \"-t\") option is required.";
-
-/* Our argp parser */
-static struct argp argp = {options, parse_opt, NULL, doc, NULL, NULL, NULL};
-
-static void
-list_fingerprint(char *file)
-{
-    ssh_key key = NULL;
-    unsigned char *hash = NULL;
-    size_t hlen = 0;
-    int rc;
-
-    rc = ssh_pki_import_privkey_file(file, NULL, NULL, NULL, &key);
-    if (rc != SSH_OK) {
-        fprintf(stderr, "Failed to import private key %s\n", file);
-        return;
-    }
-
-    rc = ssh_get_publickey_hash(key, SSH_PUBLICKEY_HASH_SHA256, &hash, &hlen);
-    if (rc != SSH_OK) {
-        fprintf(stderr, "Failed to get key fingerprint\n");
-        ssh_key_free(key);
-        return;
-    }
-    ssh_print_hash(SSH_PUBLICKEY_HASH_SHA256, hash, hlen);
-
-    ssh_clean_pubkey_hash(&hash);
-    ssh_key_free(key);
-}
-
-int main(int argc, char *argv[])
-{
-    ssh_key key = NULL;
-    int rc = 0;
-    char overwrite[1024] = "";
-
-    char *pubkey_file = NULL;
-
-    struct arguments_st arguments = {
-        .type = SSH_KEYTYPE_UNKNOWN,
-        .bits = 0,
-        .file = NULL,
-        .passphrase = NULL,
-        .action_list = 0,
-    };
-
-    if (argc < 2) {
-        argp_help(&argp, stdout, ARGP_HELP_DOC | ARGP_HELP_USAGE, argv[0]);
-        goto end;
-    }
-
-    rc = argp_parse(&argp, argc, argv, 0, 0, &arguments);
-    if (rc != 0) {
-        goto end;
-    }
-
-    rc = validate_args(&arguments);
-    if (rc != 0) {
-        goto end;
-    }
-
-    if (arguments.file == NULL) {
-        fprintf(stderr, "Error: Missing argument file\n");
-        goto end;
-    }
-
-    if (arguments.action_list) {
-        list_fingerprint(arguments.file);
-        goto end;
-    }
-
-    errno = 0;
-    rc = open(arguments.file, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR);
-    if (rc < 0) {
-        if (errno == EEXIST) {
-            printf("File \"%s\" exists. Overwrite it? (y|n) ", arguments.file);
-            rc = scanf("%1023s", overwrite);
-            if (rc > 0 && tolower(overwrite[0]) == 'y') {
-                rc = open(arguments.file, O_WRONLY);
-                if (rc > 0) {
-                    close(rc);
-                    errno = 0;
-                    rc = chmod(arguments.file, S_IRUSR | S_IWUSR);
-                    if (rc != 0) {
-                        fprintf(stderr,
-                                "Error(%d): Could not set file permissions\n",
-                                errno);
-                        goto end;
-                    }
-                } else {
-                    fprintf(stderr,
-                            "Error: Could not create private key file\n");
-                    goto end;
-                }
-            } else {
-                goto end;
-            }
-        } else {
-            fprintf(stderr, "Error opening \"%s\" file\n", arguments.file);
-            goto end;
-        }
-    } else {
-        close(rc);
-    }
-
-    /* Generate a new private key */
-    rc = ssh_pki_generate(arguments.type, arguments.bits, &key);
-    if (rc != SSH_OK) {
-        fprintf(stderr, "Error: Failed to generate keys");
-        goto end;
-    }
-
-    /* Write the private key */
-    if (arguments.format != NULL) {
-        if (strcasecmp(arguments.format, "PEM") == 0) {
-            rc = ssh_pki_export_privkey_file_format(key,
-                                                    arguments.passphrase,
-                                                    NULL,
-                                                    NULL,
-                                                    arguments.file,
-                                                    SSH_FILE_FORMAT_PEM);
-        } else if (strcasecmp(arguments.format, "OpenSSH") == 0) {
-            rc = ssh_pki_export_privkey_file_format(key,
-                                                    arguments.passphrase,
-                                                    NULL,
-                                                    NULL,
-                                                    arguments.file,
-                                                    SSH_FILE_FORMAT_OPENSSH);
-        } else {
-            rc = ssh_pki_export_privkey_file_format(key,
-                                                    arguments.passphrase,
-                                                    NULL,
-                                                    NULL,
-                                                    arguments.file,
-                                                    SSH_FILE_FORMAT_DEFAULT);
-        }
-    } else {
-        rc = ssh_pki_export_privkey_file(key,
-                                         arguments.passphrase,
-                                         NULL,
-                                         NULL,
-                                         arguments.file);
-    }
-    if (rc != SSH_OK) {
-        fprintf(stderr, "Error: Failed to write private key file");
-        goto end;
-    }
-
-    /* If a passphrase was provided, overwrite and free it as it is not needed
-     * anymore */
-    if (arguments.passphrase != NULL) {
-#ifdef HAVE_EXPLICIT_BZERO
-        explicit_bzero(arguments.passphrase, strlen(arguments.passphrase));
-#else
-        bzero(arguments.passphrase, strlen(arguments.passphrase));
-#endif
-        free(arguments.passphrase);
-        arguments.passphrase = NULL;
-    }
-
-    pubkey_file = (char *)malloc(strlen(arguments.file) + 5);
-    if (pubkey_file == NULL) {
-        rc = ENOMEM;
-        goto end;
-    }
-
-    sprintf(pubkey_file, "%s.pub", arguments.file);
-
-    errno = 0;
-    rc = open(pubkey_file,
-              O_CREAT | O_EXCL | O_WRONLY,
-              S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-    if (rc < 0) {
-        if (errno == EEXIST) {
-            printf("File \"%s\" exists. Overwrite it? (y|n) ", pubkey_file);
-            rc = scanf("%1023s", overwrite);
-            if (rc > 0 && tolower(overwrite[0]) == 'y') {
-                rc = open(pubkey_file, O_WRONLY);
-                if (rc > 0) {
-                    close(rc);
-                    errno = 0;
-                    rc = chmod(pubkey_file,
-                               S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-                    if (rc != 0) {
-                        fprintf(stderr,
-                                "Error(%d): Could not set file permissions\n",
-                                errno);
-                        goto end;
-                    }
-                } else {
-                    fprintf(stderr,
-                            "Error: Could not create public key file\n");
-                    goto end;
-                }
-            } else {
-                goto end;
-            }
-        } else {
-            fprintf(stderr, "Error opening \"%s\" file\n", pubkey_file);
-            goto end;
-        }
-    } else {
-        close(rc);
-    }
-
-    /* Write the public key */
-    rc = ssh_pki_export_pubkey_file(key, pubkey_file);
-    if (rc != SSH_OK) {
-        fprintf(stderr, "Error: Failed to write public key file");
-        goto end;
-    }
-
-end:
-    if (key != NULL) {
-        ssh_key_free(key);
-    }
-
-    if (arguments.file != NULL) {
-        free(arguments.file);
-    }
-
-    if (arguments.passphrase != NULL) {
-#ifdef HAVE_EXPLICIT_BZERO
-        explicit_bzero(arguments.passphrase, strlen(arguments.passphrase));
-#else
-        bzero(arguments.passphrase, strlen(arguments.passphrase));
-#endif
-        free(arguments.passphrase);
-    }
-
-    if (pubkey_file != NULL) {
-        free(pubkey_file);
-    }
-    return rc;
-}
--- a/examples/knownhosts.c
+++ b/examples/knownhosts.c
@@ -38,7 +38,7 @@ int verify_knownhost(ssh_session session)
    char buf[10];
    unsigned char *hash = NULL;
    size_t hlen;
-    ssh_key srv_pubkey = NULL;
+    ssh_key srv_pubkey;
    int rc;

    rc = ssh_get_server_publickey(session, &srv_pubkey);
--- a/examples/libssh_scp.c
+++ b/examples/libssh_scp.c
@@ -22,15 +22,10 @@ program.
 #include <libssh/libssh.h>
 #include "examples_common.h"

-#ifndef BUF_SIZE
-#define BUF_SIZE 16384
-#endif
-
-static char **sources = NULL;
+static char **sources;
 static int nsources;
-static char *destination = NULL;
+static char *destination;
 static int verbosity = 0;
-static char *port = NULL;

 struct location {
    int is_ssh;
@@ -50,10 +45,9 @@ enum {
 static void usage(const char *argv0) {
    fprintf(stderr, "Usage : %s [options] [[user@]host1:]file1 ... \n"
            "                               [[user@]host2:]destination\n"
-            "sample scp client - libssh-%s\n"
-            "Options :\n"
-            "  -P : use port to connect to remote host\n"
-            "  -v : increase verbosity of libssh. Can be used multiple times\n",
+            "sample scp client - libssh-%s\n",
+            //      "Options :\n",
+            //      "  -r : use RSA to verify host public key\n",
            argv0,
            ssh_version(0));
    exit(0);
@@ -62,14 +56,11 @@ static void usage(const char *argv0) {
 static int opts(int argc, char **argv) {
    int i;

-    while((i = getopt(argc, argv, "P:v")) != -1) {
+    while((i = getopt(argc, argv, "v")) != -1) {
        switch(i) {
        case 'v':
            verbosity++;
            break;
-        case 'P':
-            port = optarg;
-            break;
        default:
            fprintf(stderr, "unknown option %c\n", optopt);
            usage(argv[0]);
@@ -114,19 +105,18 @@ static void location_free(struct location *loc)
                free(loc->user);
            }
            loc->user = NULL;
+            if (loc->host) {
+                free(loc->host);
+            }
+            loc->host = NULL;
        }
        free(loc);
    }
 }

-static struct location *parse_location(char *loc)
-{
-    struct location *location = NULL;
-    char *ptr = NULL;
-
-    if (loc == NULL) {
-        return NULL;
-    }
+static struct location *parse_location(char *loc) {
+    struct location *location;
+    char *ptr;

    location = malloc(sizeof(struct location));
    if (location == NULL) {
@@ -188,7 +178,7 @@ static void close_location(struct location *loc) {

 static int open_location(struct location *loc, int flag) {
    if (loc->is_ssh && flag == WRITE) {
-        loc->session = connect_ssh(loc->host, port, loc->user, verbosity);
+        loc->session = connect_ssh(loc->host, loc->user, verbosity);
        if (!loc->session) {
            fprintf(stderr, "Couldn't connect to %s\n", loc->host);
            return -1;
@@ -214,7 +204,7 @@ static int open_location(struct location *loc, int flag) {
        }
        return 0;
    } else if (loc->is_ssh && flag == READ) {
-        loc->session = connect_ssh(loc->host, port, loc->user, verbosity);
+        loc->session = connect_ssh(loc->host, loc->user, verbosity);
        if (!loc->session) {
            fprintf(stderr, "Couldn't connect to %s\n", loc->host);
            return -1;
@@ -239,11 +229,11 @@ static int open_location(struct location *loc, int flag) {
            return -1;
        }
        return 0;
-    } else if (loc->path != NULL) {
+    } else {
        loc->file = fopen(loc->path, flag == READ ? "r":"w");
        if (!loc->file) {
            if (errno == EISDIR) {
-                if (chdir(loc->path)) {
+                if (loc->path != NULL && chdir(loc->path)) {
                    fprintf(stderr,
                            "Error changing directory to %s: %s\n",
                            loc->path, strerror(errno));
@@ -271,7 +261,7 @@ static int do_copy(struct location *src, struct location *dest, int recursive) {
    socket_t fd;
    struct stat s;
    int w, r;
-    char buffer[BUF_SIZE];
+    char buffer[16384];
    size_t total = 0;
    mode_t mode;
    char *filename = NULL;
@@ -414,11 +404,10 @@ int main(int argc, char **argv) {
    int i;
    int r;
    if (opts(argc, argv) < 0) {
-        return EXIT_FAILURE;
+        r = EXIT_FAILURE;
+        goto end;
    }

-    ssh_init();
-
    dest = parse_location(destination);
    if (dest == NULL) {
        r = EXIT_FAILURE;
@@ -460,7 +449,5 @@ close_dest:
    close_location(dest);
    location_free(dest);
 end:
-    ssh_finalize();
-    free(sources);
    return r;
 }
--- a/examples/proxy.c
+++ b/examples/proxy.c
@@ -25,18 +25,14 @@ clients must be made or how a client should react.
 #include <string.h>
 #include <stdio.h>

-#ifndef BUF_SIZE
-#define BUF_SIZE 2048
-#endif
-
 #define USER "myuser"
 #define PASSWORD "mypassword"

 static int authenticated=0;
 static int tries = 0;
 static int error = 0;
-static ssh_channel chan = NULL;
-static char *username = NULL;
+static ssh_channel chan=NULL;
+static char *username;
 static ssh_gssapi_creds client_creds = NULL;

 static int auth_password(ssh_session session, const char *user,
@@ -142,12 +138,20 @@ static struct argp_option options[] = {
        .doc   = "Set the host key.",
        .group = 0
    },
+    {
+        .name  = "dsakey",
+        .key   = 'd',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set the dsa key.",
+        .group = 0
+    },
    {
        .name  = "rsakey",
        .key   = 'r',
        .arg   = "FILE",
        .flags = 0,
-        .doc   = "Set the rsa host key (deprecated alias to 'k').",
+        .doc   = "Set the rsa key.",
        .group = 0
    },
    {
@@ -172,11 +176,15 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
        case 'p':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
            break;
-        case 'r':
-            /* deprecated */
+        case 'd':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
+            break;
        case 'k':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
            break;
+        case 'r':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
+            break;
        case 'v':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
            break;
@@ -204,12 +212,11 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */

-int main(int argc, char **argv)
-{
-    ssh_session session = NULL;
-    ssh_bind sshbind = NULL;
-    ssh_event mainloop = NULL;
-    ssh_session client_session = NULL;
+int main(int argc, char **argv){
+    ssh_session session;
+    ssh_bind sshbind;
+    ssh_event mainloop;
+    ssh_session client_session;

    struct ssh_server_callbacks_struct cb = {
        .userdata = NULL,
@@ -218,15 +225,15 @@ int main(int argc, char **argv)
        .channel_open_request_session_function = new_session_channel
    };

-    char buf[BUF_SIZE];
+    char buf[2048];
    char host[128]="";
-    char *ptr = NULL;
+    char *ptr;
    int i,r, rc;

    sshbind=ssh_bind_new();
    session=ssh_new();

-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, "sshd_rsa");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, "sshd_rsa");

 #ifdef HAVE_ARGP_H
    /*
@@ -284,7 +291,7 @@ int main(int argc, char **argv)
    snprintf(buf,sizeof(buf), "Hello %s, welcome to the Sample SSH proxy.\r\nPlease select your destination: ", username);
    ssh_channel_write(chan, buf, strlen(buf));
    do{
-        i=ssh_channel_read(chan,buf, sizeof(buf), 0);
+        i=ssh_channel_read(chan,buf, 2048, 0);
        if(i>0) {
            ssh_channel_write(chan, buf, i);
            if(strlen(host) + i < sizeof(host)){
@@ -337,3 +344,4 @@ int main(int argc, char **argv)
    ssh_finalize();
    return 0;
 }
+
--- a/examples/sample_sftpserver.c
+++ b/examples/sample_sftpserver.c
@@ -1,508 +0,0 @@
-/* This is a sample implementation of a libssh based SSH server */
-/*
-Copyright 2014 Audrius Butkevicius
-
-This file is part of the SSH Library
-
-You are free to copy this file, modify it in any way, consider it being public
-domain. This does not apply to the rest of the library though, but it is
-allowed to cut-and-paste working code from this file to any license of
-program.
-The goal is to show the API in action.
-*/
-
-#include "config.h"
-
-#include <libssh/callbacks.h>
-#include <libssh/server.h>
-#include <libssh/sftp.h>
-#include <libssh/sftpserver.h>
-
-#include <poll.h>
-#ifdef HAVE_ARGP_H
-#include <argp.h>
-#endif
-#include <fcntl.h>
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#ifdef HAVE_PTY_H
-#include <pty.h>
-#endif
-#include <signal.h>
-#include <stdlib.h>
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-#include <sys/ioctl.h>
-#include <sys/wait.h>
-#include <sys/stat.h>
-#include <stdio.h>
-#include <stdbool.h>
-
-/* below are for sftp */
-#include <sys/statvfs.h>
-#include <errno.h>
-#include <unistd.h>
-#include <dirent.h>
-#include <time.h>
-#include <inttypes.h>
-
-#ifndef KEYS_FOLDER
-#ifdef _WIN32
-#define KEYS_FOLDER
-#else
-#define KEYS_FOLDER "/etc/ssh/"
-#endif
-#endif
-
-#define USER "myuser"
-#define PASS "mypassword"
-#define BUF_SIZE 1048576
-#define SESSION_END (SSH_CLOSED | SSH_CLOSED_ERROR)
-
-static void set_default_keys(ssh_bind sshbind,
-                             int rsa_already_set,
-                             int ecdsa_already_set)
-{
-    if (!rsa_already_set)
-    {
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
-                             KEYS_FOLDER "ssh_host_rsa_key");
-    }
-    if (!ecdsa_already_set)
-    {
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
-                             KEYS_FOLDER "ssh_host_ecdsa_key");
-    }
-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
-                         KEYS_FOLDER "ssh_host_ed25519_key");
-}
-#define DEF_STR_SIZE 1024
-char authorizedkeys[DEF_STR_SIZE] = {0};
-#ifdef HAVE_ARGP_H
-const char *argp_program_version = "libssh sftp server example " SSH_STRINGIFY(LIBSSH_VERSION);
-const char *argp_program_bug_address = "<libssh@libssh.org>";
-
-/* Program documentation. */
-static char doc[] = "Sftp server implemented with libssh -- a Secure Shell protocol implementation";
-
-/* A description of the arguments we accept. */
-static char args_doc[] = "BINDADDR";
-
-/* The options we understand. */
-static struct argp_option options[] = {
-    {.name = "port",
-     .key = 'p',
-     .arg = "PORT",
-     .flags = 0,
-     .doc = "Set the port to bind.",
-     .group = 0},
-    {.name = "hostkey",
-     .key = 'k',
-     .arg = "FILE",
-     .flags = 0,
-     .doc = "Set a host key.  Can be used multiple times.  "
-            "Implies no default keys.",
-     .group = 0},
-    {.name = "rsakey",
-     .key = 'r',
-     .arg = "FILE",
-     .flags = 0,
-     .doc = "Set the rsa key.",
-     .group = 0},
-    {.name = "ecdsakey",
-     .key = 'e',
-     .arg = "FILE",
-     .flags = 0,
-     .doc = "Set the ecdsa key.",
-     .group = 0},
-    {.name = "authorizedkeys",
-     .key = 'a',
-     .arg = "FILE",
-     .flags = 0,
-     .doc = "Set the authorized keys file.",
-     .group = 0},
-    {.name = "no-default-keys",
-     .key = 'n',
-     .arg = NULL,
-     .flags = 0,
-     .doc = "Do not set default key locations.",
-     .group = 0},
-    {.name = "verbose",
-     .key = 'v',
-     .arg = NULL,
-     .flags = 0,
-     .doc = "Get verbose output.",
-     .group = 0},
-    {NULL, 0, NULL, 0, NULL, 0}};
-
-/* Parse a single option. */
-static error_t parse_opt(int key, char *arg, struct argp_state *state)
-{
-    /* Get the input argument from argp_parse, which we
-     * know is a pointer to our arguments structure. */
-    ssh_bind sshbind = state->input;
-    static int no_default_keys = 0;
-    static int rsa_already_set = 0, ecdsa_already_set = 0;
-    static int verbosity = 0;
-
-    switch (key)
-    {
-    case 'n':
-        no_default_keys = 1;
-        break;
-    case 'p':
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
-        break;
-    case 'k':
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
-        /* We can't track the types of keys being added with this
-           option, so let's ensure we keep the keys we're adding
-           by just not setting the default keys */
-        no_default_keys = 1;
-        break;
-    case 'r':
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
-        rsa_already_set = 1;
-        break;
-    case 'e':
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
-        ecdsa_already_set = 1;
-        break;
-    case 'a':
-        strncpy(authorizedkeys, arg, DEF_STR_SIZE - 1);
-        break;
-    case 'v':
-        verbosity++;
-        ssh_bind_options_set(sshbind,
-                             SSH_BIND_OPTIONS_LOG_VERBOSITY,
-                             &verbosity);
-        break;
-    case ARGP_KEY_ARG:
-        if (state->arg_num >= 1)
-        {
-            /* Too many arguments. */
-            argp_usage(state);
-        }
-        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, arg);
-        break;
-    case ARGP_KEY_END:
-        if (state->arg_num < 1)
-        {
-            /* Not enough arguments. */
-            argp_usage(state);
-        }
-
-        if (!no_default_keys)
-        {
-            set_default_keys(sshbind,
-                             rsa_already_set,
-                             ecdsa_already_set);
-        }
-
-        break;
-    default:
-        return ARGP_ERR_UNKNOWN;
-    }
-    return 0;
-}
-
-/* Our argp parser. */
-static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
-#endif /* HAVE_ARGP_H */
-
-/* A userdata struct for channel. */
-struct channel_data_struct {
-    sftp_session sftp;
-};
-
-/* A userdata struct for session. */
-struct session_data_struct
-{
-    /* Pointer to the channel the session will allocate. */
-    ssh_channel channel;
-    int auth_attempts;
-    int authenticated;
-};
-
-static int auth_password(ssh_session session, const char *user,
-                         const char *pass, void *userdata)
-{
-    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
-
-    (void)session;
-
-    if (strcmp(user, USER) == 0 && strcmp(pass, PASS) == 0)
-    {
-        sdata->authenticated = 1;
-        return SSH_AUTH_SUCCESS;
-    }
-
-    sdata->auth_attempts++;
-    return SSH_AUTH_DENIED;
-}
-
-static int auth_publickey(ssh_session session,
-                          const char *user,
-                          struct ssh_key_struct *pubkey,
-                          char signature_state,
-                          void *userdata)
-{
-    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
-
-    (void)session;
-    (void)user;
-
-    if (signature_state == SSH_PUBLICKEY_STATE_NONE)
-    {
-        return SSH_AUTH_SUCCESS;
-    }
-
-    if (signature_state != SSH_PUBLICKEY_STATE_VALID)
-    {
-        return SSH_AUTH_DENIED;
-    }
-
-    // valid so far.  Now look through authorized keys for a match
-    if (authorizedkeys[0])
-    {
-        ssh_key key = NULL;
-        int result;
-        struct stat buf;
-
-        if (stat(authorizedkeys, &buf) == 0)
-        {
-            result = ssh_pki_import_pubkey_file(authorizedkeys, &key);
-            if ((result != SSH_OK) || (key == NULL))
-            {
-                fprintf(stderr,
-                        "Unable to import public key file %s\n",
-                        authorizedkeys);
-            }
-            else
-            {
-                result = ssh_key_cmp(key, pubkey, SSH_KEY_CMP_PUBLIC);
-                ssh_key_free(key);
-                if (result == 0)
-                {
-                    sdata->authenticated = 1;
-                    return SSH_AUTH_SUCCESS;
-                }
-            }
-        }
-    }
-
-    // no matches
-    sdata->authenticated = 0;
-    return SSH_AUTH_DENIED;
-}
-
-static ssh_channel channel_open(ssh_session session, void *userdata)
-{
-    struct session_data_struct *sdata = (struct session_data_struct *)userdata;
-
-    sdata->channel = ssh_channel_new(session);
-    return sdata->channel;
-}
-
-static void handle_session(ssh_event event, ssh_session session)
-{
-    int n;
-
-    /* Our struct holding information about the channel. */
-    struct channel_data_struct cdata = {
-        .sftp = NULL,
-    };
-
-    /* Our struct holding information about the session. */
-    struct session_data_struct sdata = {
-        .channel = NULL,
-        .auth_attempts = 0,
-        .authenticated = 0,
-    };
-
-    struct ssh_channel_callbacks_struct channel_cb = {
-        .userdata = &(cdata.sftp),
-        .channel_data_function = sftp_channel_default_data_callback,
-        .channel_subsystem_request_function = sftp_channel_default_subsystem_request,
-    };
-
-    struct ssh_server_callbacks_struct server_cb = {
-        .userdata = &sdata,
-        .auth_password_function = auth_password,
-        .channel_open_request_session_function = channel_open,
-    };
-
-    if (authorizedkeys[0])
-    {
-        server_cb.auth_pubkey_function = auth_publickey;
-        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_PUBLICKEY);
-    }
-    else
-        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD);
-
-    ssh_callbacks_init(&server_cb);
-    ssh_callbacks_init(&channel_cb);
-
-    ssh_set_server_callbacks(session, &server_cb);
-
-    if (ssh_handle_key_exchange(session) != SSH_OK)
-    {
-        fprintf(stderr, "%s\n", ssh_get_error(session));
-        return;
-    }
-
-    ssh_event_add_session(event, session);
-
-    n = 0;
-    while (sdata.authenticated == 0 || sdata.channel == NULL) {
-        /* If the user has used up all attempts, or if he hasn't been able to
-         * authenticate in 10 seconds (n * 100ms), disconnect. */
-        if (sdata.auth_attempts >= 3 || n >= 100) {
-            return;
-        }
-
-        if (ssh_event_dopoll(event, 100) == SSH_ERROR) {
-            fprintf(stderr, "%s\n", ssh_get_error(session));
-            return;
-        }
-        n++;
-    }
-
-    ssh_set_channel_callbacks(sdata.channel, &channel_cb);
-
-    do {
-        /* Poll the main event which takes care of the session, the channel and
-         * even our child process's stdout/stderr (once it's started). */
-        if (ssh_event_dopoll(event, 100) == SSH_ERROR) {
-            ssh_channel_close(sdata.channel);
-        }
-    } while (ssh_channel_is_open(sdata.channel) &&
-             !ssh_channel_is_eof(sdata.channel));
-
-    ssh_channel_send_eof(sdata.channel);
-    ssh_channel_close(sdata.channel);
-
-    /* Wait up to 5 seconds for the client to terminate the session. */
-    for (n = 0; n < 50 && (ssh_get_status(session) & SESSION_END) == 0; n++) {
-        ssh_event_dopoll(event, 100);
-    }
-}
-
-/* SIGCHLD handler for cleaning up dead children. */
-static void sigchld_handler(int signo)
-{
-    (void)signo;
-
-    while (waitpid(-1, NULL, WNOHANG) > 0)
-        ;
-}
-
-int main(int argc, char **argv)
-{
-    ssh_bind sshbind = NULL;
-    ssh_session session = NULL;
-    ssh_event event = NULL;
-    struct sigaction sa;
-    int rc;
-
-    /* Set up SIGCHLD handler. */
-    sa.sa_handler = sigchld_handler;
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = SA_RESTART | SA_NOCLDSTOP;
-    if (sigaction(SIGCHLD, &sa, NULL) != 0)
-    {
-        fprintf(stderr, "Failed to register SIGCHLD handler\n");
-        return 1;
-    }
-
-    rc = ssh_init();
-    if (rc < 0)
-    {
-        fprintf(stderr, "ssh_init failed\n");
-        goto exit;
-    }
-
-    sshbind = ssh_bind_new();
-    if (sshbind == NULL)
-    {
-        fprintf(stderr, "ssh_bind_new failed\n");
-        goto exit;
-    }
-
-#ifdef HAVE_ARGP_H
-    argp_parse(&argp, argc, argv, 0, 0, sshbind);
-#else
-    (void)argc;
-    (void)argv;
-
-    set_default_keys(sshbind, 0, 0);
-#endif /* HAVE_ARGP_H */
-
-    if (ssh_bind_listen(sshbind) < 0)
-    {
-        fprintf(stderr, "%s\n", ssh_get_error(sshbind));
-        goto exit;
-    }
-
-    while (1)
-    {
-        session = ssh_new();
-        if (session == NULL)
-        {
-            fprintf(stderr, "Failed to allocate session\n");
-            continue;
-        }
-
-        /* Blocks until there is a new incoming connection. */
-        if (ssh_bind_accept(sshbind, session) != SSH_ERROR)
-        {
-            switch (fork())
-            {
-            case 0:
-                /* Remove the SIGCHLD handler inherited from parent. */
-                sa.sa_handler = SIG_DFL;
-                sigaction(SIGCHLD, &sa, NULL);
-                /* Remove socket binding, which allows us to restart the
-                 * parent process, without terminating existing sessions. */
-                ssh_bind_free(sshbind);
-
-                event = ssh_event_new();
-                if (event != NULL)
-                {
-                    /* Blocks until the SSH session ends by either
-                     * child process exiting, or client disconnecting. */
-                    handle_session(event, session);
-                    ssh_event_free(event);
-                }
-                else
-                {
-                    fprintf(stderr, "Could not create polling context\n");
-                }
-                ssh_disconnect(session);
-                ssh_free(session);
-
-                exit(0);
-            case -1:
-                fprintf(stderr, "Failed to fork\n");
-            }
-        }
-        else
-        {
-            fprintf(stderr, "%s\n", ssh_get_error(sshbind));
-        }
-        /* Since the session has been passed to a child fork, do some cleaning
-         * up at the parent process. */
-        ssh_disconnect(session);
-        ssh_free(session);
-    }
-
-exit:
-    ssh_bind_free(sshbind);
-    ssh_finalize();
-    return 0;
-}
--- a/examples/samplesftp.c
+++ b/examples/samplesftp.c
@@ -29,9 +29,10 @@ clients must be made or how a client should react.
 #include "examples_common.h"
 #ifdef WITH_SFTP

-#ifndef BUF_SIZE
-#define BUF_SIZE 65536
-#endif
+static int verbosity;
+static char *destination;
+
+#define DATALEN 65536

 static void do_sftp(ssh_session session) {
    sftp_session sftp = sftp_new(session);
@@ -39,12 +40,12 @@ static void do_sftp(ssh_session session) {
    sftp_attributes file;
    sftp_statvfs_t sftpstatvfs;
    struct statvfs sysstatvfs;
-    sftp_file source;
+    sftp_file fichier;
    sftp_file to;
    int len = 1;
    unsigned int i;
-    char data[BUF_SIZE] = {0};
-    char *lnk = NULL;
+    char data[DATALEN] = {0};
+    char *lnk;

    unsigned int count;

@@ -83,7 +84,6 @@ static void do_sftp(ssh_session session) {
        goto end;
    }
    printf("readlink /tmp/sftp_symlink_test: %s\n", lnk);
-    ssh_string_free_char(lnk);

    sftp_unlink(sftp, "/tmp/sftp_symlink_test");

@@ -171,7 +171,7 @@ static void do_sftp(ssh_session session) {
        sftp_attributes_free(file);
    }

-    /* when file = NULL, an error has occurred OR the directory listing is end of
+    /* when file = NULL, an error has occured OR the directory listing is end of
     * file */
    if (!sftp_dir_eof(dir)) {
        fprintf(stderr, "Error: %s\n", ssh_get_error(session));
@@ -186,8 +186,8 @@ static void do_sftp(ssh_session session) {
    /* the small buffer size was intended to stress the library. of course, you
     * can use a buffer till 20kbytes without problem */

-    source = sftp_open(sftp, "/usr/bin/ssh", O_RDONLY, 0);
-    if (!source) {
+    fichier = sftp_open(sftp, "/usr/bin/ssh", O_RDONLY, 0);
+    if (!fichier) {
        fprintf(stderr, "Error opening /usr/bin/ssh: %s\n",
                ssh_get_error(session));
        goto end;
@@ -198,16 +198,16 @@ static void do_sftp(ssh_session session) {
    if (!to) {
        fprintf(stderr, "Error opening ssh-copy for writing: %s\n",
                ssh_get_error(session));
-        sftp_close(source);
+        sftp_close(fichier);
        goto end;
    }

-    while ((len = sftp_read(source, data, 4096)) > 0) {
+    while ((len = sftp_read(fichier, data, 4096)) > 0) {
        if (sftp_write(to, data, len) != len) {
            fprintf(stderr, "Error writing %d bytes: %s\n",
                    len, ssh_get_error(session));
            sftp_close(to);
-            sftp_close(source);
+            sftp_close(fichier);
            goto end;
        }
    }
@@ -217,15 +217,15 @@ static void do_sftp(ssh_session session) {
        fprintf(stderr, "Error reading file: %s\n", ssh_get_error(session));
    }

-    sftp_close(source);
+    sftp_close(fichier);
    sftp_close(to);
-    printf("file closed\n");
-    to = sftp_open(sftp, "/tmp/large_file", O_WRONLY|O_CREAT, 0644);
+    printf("fichiers ferm\n");
+    to = sftp_open(sftp, "/tmp/grosfichier", O_WRONLY|O_CREAT, 0644);

    for (i = 0; i < 1000; ++i) {
-        len = sftp_write(to, data, sizeof(data));
+        len = sftp_write(to, data, DATALEN);
        printf("wrote %d bytes\n", len);
-        if (len != sizeof(data)) {
+        if (len != DATALEN) {
            printf("chunk %d : %d (%s)\n", i, len, ssh_get_error(session));
        }
    }
@@ -241,63 +241,50 @@ static void usage(const char *argv0) {
    fprintf(stderr, "Usage : %s [-v] remotehost\n"
            "sample sftp test client - libssh-%s\n"
            "Options :\n"
-            "  -l user : log in as user\n"
-            "  -p port : connect to port\n"
            "  -v : increase log verbosity\n",
            argv0,
            ssh_version(0));
    exit(0);
 }

-int main(int argc, char **argv)
-{
-    ssh_session session = NULL;
-    char *destination = NULL;
-    int auth = 0;
-    int state;
+static int opts(int argc, char **argv) {
+    int i;

-    ssh_init();
-    session = ssh_new();
+    while ((i = getopt(argc, argv, "v")) != -1) {
+        switch(i) {
+        case 'v':
+            verbosity++;
+            break;
+        default:
+            fprintf(stderr, "unknown option %c\n", optopt);
+            usage(argv[0]);
+            return -1;
+        }
+    }

-    if (ssh_options_getopt(session, &argc, argv)) {
-        fprintf(stderr,
-                "Error parsing command line: %s\n",
-                ssh_get_error(session));
-        ssh_free(session);
-        ssh_finalize();
+    destination = argv[optind];
+    if (destination == NULL) {
        usage(argv[0]);
+        return -1;
+    }
+    return 0;
+}
+
+int main(int argc, char **argv) {
+    ssh_session session;
+
+    if (opts(argc, argv) < 0) {
        return EXIT_FAILURE;
    }
-    if (argc < 1) {
-        usage(argv[0]);
+
+    session = connect_ssh(destination, NULL, verbosity);
+    if (session == NULL) {
        return EXIT_FAILURE;
    }
-    destination = argv[1];
-
-    if (ssh_options_set(session, SSH_OPTIONS_HOST, destination) < 0) {
-        return -1;
-    }
-    if (ssh_connect(session)) {
-        fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
-        return -1;
-    }
-
-    state = verify_knownhost(session);
-    if (state != 0) {
-        return -1;
-    }
-
-    auth = authenticate_console(session);
-    if (auth != SSH_AUTH_SUCCESS) {
-        return -1;
-    }

    do_sftp(session);
    ssh_disconnect(session);
    ssh_free(session);
-
-    ssh_finalize();
-
    return 0;
 }

--- a/examples/samplesshd-cb.c
+++ b/examples/samplesshd-cb.c
@@ -25,14 +25,6 @@ clients must be made or how a client should react.
 #include <string.h>
 #include <stdio.h>

-#ifdef _WIN32
-#include <io.h>
-#endif
-
-#ifndef BUF_SIZE
-#define BUF_SIZE 2049
-#endif
-
 #ifndef KEYS_FOLDER
 #ifdef _WIN32
 #define KEYS_FOLDER
@@ -49,27 +41,6 @@ static int tries = 0;
 static int error = 0;
 static ssh_channel chan=NULL;

-static int auth_none(ssh_session session,
-                     const char *user,
-                     void *userdata)
-{
-    ssh_string banner = NULL;
-
-    (void)user; /* unused */
-    (void)userdata; /* unused */
-
-    ssh_set_auth_methods(session,
-                         SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_GSSAPI_MIC);
-
-    banner = ssh_string_from_char("Banner Example\n");
-    if (banner != NULL) {
-        ssh_send_issue_banner(session, banner);
-    }
-    ssh_string_free(banner);
-
-    return SSH_AUTH_DENIED;
-}
-
 static int auth_password(ssh_session session, const char *user,
        const char *password, void *userdata){
    (void)userdata;
@@ -89,7 +60,6 @@ static int auth_password(ssh_session session, const char *user,
    return SSH_AUTH_DENIED;
 }

-#ifdef WITH_GSSAPI
 static int auth_gssapi_mic(ssh_session session, const char *user, const char *principal, void *userdata){
    ssh_gssapi_creds creds = ssh_gssapi_get_creds(session);
    (void)userdata;
@@ -102,7 +72,6 @@ static int auth_gssapi_mic(ssh_session session, const char *user, const char *pr
    authenticated = 1;
    return SSH_AUTH_SUCCESS;
 }
-#endif

 static int pty_request(ssh_session session, ssh_channel channel, const char *term,
        int x,int y, int px, int py, void *userdata){
@@ -172,12 +141,20 @@ static struct argp_option options[] = {
        .doc   = "Set the host key.",
        .group = 0
    },
+    {
+        .name  = "dsakey",
+        .key   = 'd',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set the dsa key.",
+        .group = 0
+    },
    {
        .name  = "rsakey",
        .key   = 'r',
        .arg   = "FILE",
        .flags = 0,
-        .doc   = "Set the rsa key (deprecated alias for 'k').",
+        .doc   = "Set the rsa key.",
        .group = 0
    },
    {
@@ -188,14 +165,6 @@ static struct argp_option options[] = {
        .doc   = "Get verbose output.",
        .group = 0
    },
-    {
-        .name  = "config",
-        .key   = 'f',
-        .arg   = "FILE",
-        .flags = 0,
-        .doc   = "Configuration file to use.",
-        .group = 0
-    },
    {NULL, 0, NULL, 0, NULL, 0}
 };

@@ -210,16 +179,18 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
        case 'p':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
            break;
-        case 'r':
+        case 'd':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
+            break;
        case 'k':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
            break;
+        case 'r':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
+            break;
        case 'v':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
            break;
-        case 'f':
-            ssh_bind_options_parse_config(sshbind, arg);
-            break;
        case ARGP_KEY_ARG:
            if (state->arg_num >= 1) {
                /* Too many arguments. */
@@ -244,29 +215,26 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */

-int main(int argc, char **argv)
-{
-    ssh_session session = NULL;
-    ssh_bind sshbind = NULL;
-    ssh_event mainloop = NULL;
+int main(int argc, char **argv){
+    ssh_session session;
+    ssh_bind sshbind;
+    ssh_event mainloop;
    struct ssh_server_callbacks_struct cb = {
        .userdata = NULL,
-        .auth_none_function = auth_none,
        .auth_password_function = auth_password,
-#ifdef WITH_GSSAPI
        .auth_gssapi_mic_function = auth_gssapi_mic,
-#endif
        .channel_open_request_session_function = new_session_channel
    };

-    char buf[BUF_SIZE];
+    char buf[2048];
    int i;
    int r;

    sshbind=ssh_bind_new();
    session=ssh_new();

-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, KEYS_FOLDER "ssh_host_dsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key");

 #ifdef HAVE_ARGP_H
    /*
@@ -314,24 +282,19 @@ int main(int argc, char **argv)
    } else
        printf("Authenticated and got a channel\n");
    do{
-        i=ssh_channel_read(chan, buf, sizeof(buf) - 1, 0);
+        i=ssh_channel_read(chan,buf, 2048, 0);
        if(i>0) {
-            if (ssh_channel_write(chan, buf, i) == SSH_ERROR) {
-                printf("error writing to channel\n");
+            ssh_channel_write(chan, buf, i);
+            if (write(1,buf,i) < 0) {
+                printf("error writing to buffer\n");
                return 1;
            }
-
-            buf[i] = '\0';
-            printf("%s", buf);
-            fflush(stdout);
-
            if (buf[0] == '\x0d') {
-                if (ssh_channel_write(chan, "\n", 1) == SSH_ERROR) {
-                    printf("error writing to channel\n");
+                if (write(1, "\n", 1) < 0) {
+                    printf("error writing to buffer\n");
                    return 1;
                }
-
-                printf("\n");
+                ssh_channel_write(chan, "\n", 1);
            }
        }
    } while (i>0);
@@ -340,3 +303,4 @@ int main(int argc, char **argv)
    ssh_finalize();
    return 0;
 }
+
--- a/examples/samplesshd-kbdint.c
+++ b/examples/samplesshd-kbdint.c
@@ -25,10 +25,6 @@ clients must be made or how a client should react.
 #include <stdio.h>
 #include <stdbool.h>

-#ifndef BUF_SIZE
-#define BUF_SIZE 2048
-#endif
-
 #define SSHD_USER "libssh"
 #define SSHD_PASSWORD "libssh"

@@ -112,12 +108,20 @@ static struct argp_option options[] = {
    .doc   = "Set the host key.",
    .group = 0
  },
+  {
+    .name  = "dsakey",
+    .key   = 'd',
+    .arg   = "FILE",
+    .flags = 0,
+    .doc   = "Set the dsa key.",
+    .group = 0
+  },
  {
    .name  = "rsakey",
    .key   = 'r',
    .arg   = "FILE",
    .flags = 0,
-    .doc   = "Set the rsa key (deprecated alias for 'k').",
+    .doc   = "Set the rsa key.",
    .group = 0
  },
  {
@@ -143,10 +147,15 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
      ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
      port = atoi(arg);
      break;
-    case 'r':
+    case 'd':
+      ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
+      break;
    case 'k':
      ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
      break;
+    case 'r':
+      ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
+      break;
    case 'v':
      ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "3");
      break;
@@ -174,8 +183,8 @@ static error_t parse_opt (int key, char *arg, struct argp_state *state) {
 static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 #endif /* HAVE_ARGP_H */

-static const char *name = NULL;
-static const char *instruction = NULL;
+static const char *name;
+static const char *instruction;
 static const char *prompts[2];
 static char echo[] = { 1, 0 };

@@ -279,13 +288,12 @@ static int authenticate(ssh_session session) {
    return 0;
 }

-int main(int argc, char **argv)
-{
-    ssh_session session = NULL;
-    ssh_bind sshbind = NULL;
-    ssh_message message = NULL;
-    ssh_channel chan = NULL;
-    char buf[BUF_SIZE];
+int main(int argc, char **argv){
+    ssh_session session;
+    ssh_bind sshbind;
+    ssh_message message;
+    ssh_channel chan=0;
+    char buf[2048];
    int auth=0;
    int shell=0;
    int i;
@@ -294,8 +302,10 @@ int main(int argc, char **argv)
    sshbind=ssh_bind_new();
    session=ssh_new();

-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
-                         KEYS_FOLDER "ssh_host_rsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY,
+                                            KEYS_FOLDER "ssh_host_dsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
+                                            KEYS_FOLDER "ssh_host_rsa_key");

 #ifdef HAVE_ARGP_H
    /*
@@ -355,9 +365,9 @@ int main(int argc, char **argv)
        }
    } while(!chan);

-    if (!chan) {
-        printf("Error: client did not ask for a channel session (%s)\n",
-               ssh_get_error(session));
+    if(!chan) {
+        printf("Error: cleint did not ask for a channel session (%s)\n",
+                                                    ssh_get_error(session));
        ssh_finalize();
        return 1;
    }
@@ -389,7 +399,7 @@ int main(int argc, char **argv)

    printf("it works !\n");
    do{
-        i=ssh_channel_read(chan,buf, sizeof(buf), 0);
+        i=ssh_channel_read(chan,buf, 2048, 0);
        if(i>0) {
            if(*buf == '' || *buf == '')
                    break;
@@ -412,3 +422,4 @@ int main(int argc, char **argv)
    ssh_finalize();
    return 0;
 }
+
--- a/examples/scp_download.c
+++ b/examples/scp_download.c
@@ -22,173 +22,157 @@ program.
 #include <libssh/libssh.h>
 #include "examples_common.h"

-#ifndef BUF_SIZE
-#define BUF_SIZE 16384
-#endif
-
 static int verbosity = 0;
 static const char *createcommand =
    "rm -fr /tmp/libssh_tests && mkdir /tmp/libssh_tests && "
    "cd /tmp/libssh_tests && date > a && date > b && mkdir c && date > d";
 static char *host = NULL;

-static void usage(const char *argv0)
-{
-    fprintf(stderr,
-            "Usage : %s [options] host\n"
-            "sample tiny scp downloader client - libssh-%s\n"
-            "This program will create files in /tmp and try to fetch them\n",
-            argv0,
-            ssh_version(0));
-    exit(0);
+static void usage(const char *argv0){
+  fprintf(stderr,"Usage : %s [options] host\n"
+      "sample tiny scp downloader client - libssh-%s\n"
+	  "This program will create files in /tmp and try to fetch them\n",
+//      "Options :\n",
+//      "  -r : use RSA to verify host public key\n",
+      argv0,
+      ssh_version(0));
+  exit(0);
 }

-static int opts(int argc, char **argv)
-{
-    int i;
-
-    while ((i = getopt(argc, argv, "v")) != -1) {
-        switch (i) {
-        case 'v':
-            verbosity++;
-            break;
-        default:
-            fprintf(stderr, "unknown option %c\n", optopt);
-            usage(argv[0]);
-            return -1;
-        }
-    }
-    host = argv[optind];
-    if (host == NULL)
+static int opts(int argc, char **argv){
+  int i;
+  while((i=getopt(argc,argv,"v"))!=-1){
+    switch(i){
+      case 'v':
+        verbosity++;
+        break;
+      default:
+        fprintf(stderr,"unknown option %c\n",optopt);
        usage(argv[0]);
-    return 0;
-}
-
-static void create_files(ssh_session session)
-{
-    ssh_channel channel = ssh_channel_new(session);
-    char buffer[1];
-    int rc;
-
-    if (channel == NULL) {
-        fprintf(stderr, "Error creating channel: %s\n", ssh_get_error(session));
-        exit(EXIT_FAILURE);
-    }
-    if (ssh_channel_open_session(channel) != SSH_OK) {
-        fprintf(stderr, "Error creating channel: %s\n", ssh_get_error(session));
-        ssh_channel_free(channel);
-        exit(EXIT_FAILURE);
-    }
-    if (ssh_channel_request_exec(channel, createcommand) != SSH_OK) {
-        fprintf(stderr,
-                "Error executing command: %s\n",
-                ssh_get_error(session));
-        ssh_channel_close(channel);
-        ssh_channel_free(channel);
-        exit(EXIT_FAILURE);
-    }
-    while (!ssh_channel_is_eof(channel)) {
-        rc = ssh_channel_read(channel, buffer, 1, 1);
-        if (rc != 1) {
-            fprintf(stderr, "Error reading from channel\n");
-            ssh_channel_close(channel);
-            ssh_channel_free(channel);
-            return;
-        }
-
-        rc = write(1, buffer, 1);
-        if (rc < 0) {
-            fprintf(stderr, "Error writing to buffer\n");
-            ssh_channel_close(channel);
-            ssh_channel_free(channel);
-            return;
-        }
-    }
-    ssh_channel_close(channel);
-    ssh_channel_free(channel);
-}
-
-static int fetch_files(ssh_session session)
-{
-    int size;
-    char buffer[BUF_SIZE];
-    int mode;
-    char *filename = NULL;
-    int r;
-    ssh_scp scp = ssh_scp_new(session,
-                              SSH_SCP_READ | SSH_SCP_RECURSIVE,
-                              "/tmp/libssh_tests/*");
-    if (ssh_scp_init(scp) != SSH_OK) {
-        fprintf(stderr, "error initializing scp: %s\n", ssh_get_error(session));
-        ssh_scp_free(scp);
        return -1;
    }
-    printf("Trying to download 3 files (a,b,d) and 1 directory (c)\n");
-    do {
-        r = ssh_scp_pull_request(scp);
-        switch (r) {
-        case SSH_SCP_REQUEST_NEWFILE:
-            size = ssh_scp_request_get_size(scp);
-            filename = strdup(ssh_scp_request_get_filename(scp));
-            mode = ssh_scp_request_get_permissions(scp);
-            printf("downloading file %s, size %d, perms 0%o\n",
-                   filename,
-                   size,
-                   mode);
-            free(filename);
-            ssh_scp_accept_request(scp);
-            r = ssh_scp_read(scp, buffer, sizeof(buffer));
-            if (r == SSH_ERROR) {
-                fprintf(stderr,
-                        "Error reading scp: %s\n",
-                        ssh_get_error(session));
-                ssh_scp_close(scp);
-                ssh_scp_free(scp);
-                return -1;
-            }
-            printf("done\n");
-            break;
-        case SSH_ERROR:
-            fprintf(stderr, "Error: %s\n", ssh_get_error(session));
-            ssh_scp_close(scp);
-            ssh_scp_free(scp);
-            return -1;
-        case SSH_SCP_REQUEST_WARNING:
-            fprintf(stderr, "Warning: %s\n", ssh_scp_request_get_warning(scp));
-            break;
-        case SSH_SCP_REQUEST_NEWDIR:
-            filename = strdup(ssh_scp_request_get_filename(scp));
-            mode = ssh_scp_request_get_permissions(scp);
-            printf("downloading directory %s, perms 0%o\n", filename, mode);
-            free(filename);
-            ssh_scp_accept_request(scp);
-            break;
-        case SSH_SCP_REQUEST_ENDDIR:
-            printf("End of directory\n");
-            break;
-        case SSH_SCP_REQUEST_EOF:
-            printf("End of requests\n");
-            goto end;
-        }
-    } while (1);
-end:
-    ssh_scp_close(scp);
-    ssh_scp_free(scp);
-    return 0;
+  }
+  host = argv[optind];
+  if(host == NULL)
+	  usage(argv[0]);
+  return 0;
 }

-int main(int argc, char **argv)
-{
-    ssh_session session = NULL;
-    if (opts(argc, argv) < 0)
-        return EXIT_FAILURE;
-    session = connect_ssh(host, NULL, NULL, verbosity);
-    if (session == NULL)
-        return EXIT_FAILURE;
-    create_files(session);
-    fetch_files(session);
-    ssh_disconnect(session);
-    ssh_free(session);
-    ssh_finalize();
-    return 0;
+static void create_files(ssh_session session){
+	ssh_channel channel=ssh_channel_new(session);
+	char buffer[1];
+        int rc;
+
+	if(channel == NULL){
+		fprintf(stderr,"Error creating channel: %s\n",ssh_get_error(session));
+		exit(EXIT_FAILURE);
+	}
+	if(ssh_channel_open_session(channel) != SSH_OK){
+		fprintf(stderr,"Error creating channel: %s\n",ssh_get_error(session));
+		ssh_channel_free(channel);
+		exit(EXIT_FAILURE);
+	}
+	if(ssh_channel_request_exec(channel,createcommand) != SSH_OK){
+		fprintf(stderr,"Error executing command: %s\n",ssh_get_error(session));
+		ssh_channel_close(channel);
+		ssh_channel_free(channel);
+		exit(EXIT_FAILURE);
+	}
+	while(!ssh_channel_is_eof(channel)){
+		rc = ssh_channel_read(channel,buffer,1,1);
+                if (rc != 1) {
+                    fprintf(stderr, "Error reading from channel\n");
+                    ssh_channel_close(channel);
+                    ssh_channel_free(channel);
+                    return;
+                }
+
+                rc = write(1, buffer, 1);
+                if (rc < 0) {
+                    fprintf(stderr, "Error writing to buffer\n");
+                    ssh_channel_close(channel);
+                    ssh_channel_free(channel);
+                    return;
+                }
+	}
+	ssh_channel_close(channel);
+	ssh_channel_free(channel);
+}
+
+
+static int fetch_files(ssh_session session){
+  int size;
+  char buffer[16384];
+  int mode;
+  char *filename;
+  int r;
+  ssh_scp scp=ssh_scp_new(session, SSH_SCP_READ | SSH_SCP_RECURSIVE, "/tmp/libssh_tests/*");
+  if(ssh_scp_init(scp) != SSH_OK){
+	  fprintf(stderr,"error initializing scp: %s\n",ssh_get_error(session));
+	  ssh_scp_free(scp);
+	  return -1;
+  }
+  printf("Trying to download 3 files (a,b,d) and 1 directory (c)\n");
+  do {
+
+	  r=ssh_scp_pull_request(scp);
+	  switch(r){
+	  case SSH_SCP_REQUEST_NEWFILE:
+		  size=ssh_scp_request_get_size(scp);
+		  filename=strdup(ssh_scp_request_get_filename(scp));
+		  mode=ssh_scp_request_get_permissions(scp);
+		  printf("downloading file %s, size %d, perms 0%o\n",filename,size,mode);
+		  free(filename);
+		  ssh_scp_accept_request(scp);
+		  r=ssh_scp_read(scp,buffer,sizeof(buffer));
+		  if(r==SSH_ERROR){
+			  fprintf(stderr,"Error reading scp: %s\n",ssh_get_error(session));
+			  ssh_scp_close(scp);
+			  ssh_scp_free(scp);
+			  return -1;
+		  }
+		  printf("done\n");
+		  break;
+	  case SSH_ERROR:
+		  fprintf(stderr,"Error: %s\n",ssh_get_error(session));
+		  ssh_scp_close(scp);
+		  ssh_scp_free(scp);
+		  return -1;
+	  case SSH_SCP_REQUEST_WARNING:
+		  fprintf(stderr,"Warning: %s\n",ssh_scp_request_get_warning(scp));
+		  break;
+	  case SSH_SCP_REQUEST_NEWDIR:
+		  filename=strdup(ssh_scp_request_get_filename(scp));
+		  mode=ssh_scp_request_get_permissions(scp);
+		  printf("downloading directory %s, perms 0%o\n",filename,mode);
+		  free(filename);
+		  ssh_scp_accept_request(scp);
+		  break;
+	  case SSH_SCP_REQUEST_ENDDIR:
+		  printf("End of directory\n");
+		  break;
+	  case SSH_SCP_REQUEST_EOF:
+		  printf("End of requests\n");
+		  goto end;
+	  }
+  } while (1);
+  end:
+  ssh_scp_close(scp);
+  ssh_scp_free(scp);
+  return 0;
+}
+
+int main(int argc, char **argv){
+  ssh_session session;
+  if(opts(argc,argv)<0)
+    return EXIT_FAILURE;
+  session=connect_ssh(host,NULL,verbosity);
+  if(session == NULL)
+	  return EXIT_FAILURE;
+  create_files(session);
+  fetch_files(session);
+  ssh_disconnect(session);
+  ssh_free(session);
+  ssh_finalize();
+  return 0;
 }
--- a/examples/senddata.c
+++ b/examples/senddata.c
@@ -5,60 +5,60 @@

 #define LIMIT 0x100000000UL

-int main(void)
-{
-    ssh_session session = NULL;
-    ssh_channel channel = NULL;
-    char buffer[1024 * 1024] = {0};
-    int rc;
-    uint64_t total = 0;
-    uint64_t lastshown = 4096;
-    session = connect_ssh("localhost", NULL, NULL, 0);
-    if (session == NULL) {
-        return 1;
-    }
-
-    channel = ssh_channel_new(session);
-    if (channel == NULL) {
-        ssh_disconnect(session);
-        return 1;
-    }
-
-    rc = ssh_channel_open_session(channel);
-    if (rc < 0) {
-        ssh_channel_close(channel);
-        ssh_disconnect(session);
-        return 1;
-    }
-
-    rc = ssh_channel_request_exec(channel, "cat > /dev/null");
-    if (rc < 0) {
-        ssh_channel_close(channel);
-        ssh_disconnect(session);
-        return 1;
-    }
-
-    while ((rc = ssh_channel_write(channel, buffer, sizeof(buffer))) > 0) {
-        total += rc;
-        if (total / 2 >= lastshown) {
-            printf("written %llx\n", (long long unsigned int)total);
-            lastshown = total;
-        }
-        if (total > LIMIT)
-            break;
-    }
-
-    if (rc < 0) {
-        printf("error : %s\n", ssh_get_error(session));
-        ssh_channel_close(channel);
-        ssh_disconnect(session);
-        return 1;
-    }
-
-    ssh_channel_send_eof(channel);
-    ssh_channel_close(channel);
+int main(void) {
+  ssh_session session;
+  ssh_channel channel;
+  char buffer[1024*1024];
+  int rc;
+  uint64_t total=0;
+  uint64_t lastshown=4096;
+  session = connect_ssh("localhost", NULL, 0);
+  if (session == NULL) {
+    return 1;
+  }

+  channel = ssh_channel_new(session);;
+  if (channel == NULL) {
    ssh_disconnect(session);
+    return 1;
+  }

-    return 0;
+  rc = ssh_channel_open_session(channel);
+  if (rc < 0) {
+    ssh_channel_close(channel);
+    ssh_disconnect(session);
+    return 1;
+  }
+
+  rc = ssh_channel_request_exec(channel, "cat > /dev/null");
+  if (rc < 0) {
+    ssh_channel_close(channel);
+    ssh_disconnect(session);
+    return 1;
+  }
+
+
+  while ((rc = ssh_channel_write(channel, buffer, sizeof(buffer))) > 0) {
+    total += rc;
+    if(total/2 >= lastshown){
+      printf("written %llx\n", (long long unsigned int) total);
+      lastshown=total;
+    }
+    if(total > LIMIT)
+      break;
+  }
+    
+  if (rc < 0) {
+    printf("error : %s\n",ssh_get_error(session));
+    ssh_channel_close(channel);
+    ssh_disconnect(session);
+    return 1;
+  }
+
+  ssh_channel_send_eof(channel);
+  ssh_channel_close(channel);
+
+  ssh_disconnect(session);
+
+  return 0;
 }
--- a/examples/ssh_X11_client.c
+++ b/examples/ssh_X11_client.c
@@ -1,951 +0,0 @@
-/*
- * ssh.c - Simple example of SSH X11 client using libssh
- *
- * Copyright (C) 2022 Marco Fortina
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor,
- * Boston, MA  02110-1301, USA.
- *
- *  In addition, as a special exception, the copyright holders give
- *  permission to link the code of portions of this program with the
- *  OpenSSL library under certain conditions as described in each
- *  individual source file, and distribute linked combinations
- *  including the two.
- *  You must obey the GNU General Public License in all respects
- *  for all of the code used other than OpenSSL. *  If you modify
- *  file(s) with this exception, you may extend this exception to your
- *  version of the file(s), but you are not obligated to do so. *  If you
- *  do not wish to do so, delete this exception statement from your
- *  version. *  If you delete this exception statement from all source
- *  files in the program, then also delete it here.
- *
- *
- *
- * ssh_X11_client
- * ==============
- *
- * AUTHOR URL
- * https://gitlab.com/marco.fortina/libssh-x11-client/
- *
- * This is a simple example of SSH X11 client using libssh.
- *
- * Features:
- *
- * - support local display (e.g. :0)
- * - support remote display (e.g. localhost:10.0)
- * - using callbacks and event polling to significantly reduce CPU utilization
- * - use X11 forwarding with authentication spoofing (like openssh)
- *
- * Note:
- *
- * - part of this code was inspired by openssh's one.
- *
- * Dependencies:
- *
- * - gcc >= 7.5.0
- * - libssh >= 0.8.0
- * - libssh-dev >= 0.8.0
- *
- * To Build:
- * gcc -o ssh_X11_client ssh_X11_client.c -lssh -g
- *
- * Donations:
- *
- * If you liked this work and wish to support the developer please donate to:
- * Bitcoin: 1N2rQimKbeUQA8N2LU5vGopYQJmZsBM2d6
- *
- */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <inttypes.h>
-#include <poll.h>
-#include <pthread.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <termios.h>
-#include <time.h>
-
-#include <libssh/libssh.h>
-#include <libssh/callbacks.h>
-
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-
-#include <sys/un.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-
-/*
- * Data Structures and Macros
- */
-
-#define _PATH_UNIX_X 	"/tmp/.X11-unix/X%d"
-#define _XAUTH_CMD	"/usr/bin/xauth list %s 2>/dev/null"
-
-typedef struct item {
-    ssh_channel channel;
-    int fd_in;
-    int fd_out;
-    int protected;
-    struct item *next;
-} node_t;
-
-node_t *node = NULL;
-
-
-/*
- * Mutex
- */
-
-pthread_mutex_t mutex;
-
-
-/*
- * Function declarations
- */
-
-/* Linked nodes to manage channel/fd tuples */
-static int insert_item(ssh_channel channel, int fd_in, int fd_out,
-                       int protected);
-static void delete_item(ssh_channel channel);
-static node_t * search_item(ssh_channel channel);
-
-/* X11 Display */
-const char * ssh_gai_strerror(int gaierr);
-static int x11_get_proto(const char *display, char **_proto, char **_data);
-static void set_nodelay(int fd);
-static int connect_local_xsocket_path(const char *pathname);
-static int connect_local_xsocket(int display_number);
-static int x11_connect_display(void);
-
-/* Send data to channel */
-static int copy_fd_to_channel_callback(int fd, int revents, void *userdata);
-
-/* Read data from channel */
-static int copy_channel_to_fd_callback(ssh_session session, ssh_channel channel,
-                                       void *data, uint32_t len, int is_stderr,
-                                       void *userdata);
-
-/* EOF&Close channel */
-static void channel_close_callback(ssh_session session, ssh_channel channel,
-                                   void *userdata);
-
-/* X11 Request */
-static ssh_channel x11_open_request_callback(ssh_session session,
-                                             const char *shost, int sport,
-                                             void *userdata);
-
-/* Main loop */
-static int main_loop(ssh_channel channel);
-
-/* Internals */
-int64_t _current_timestamp(void);
-
-/* Global variables */
-const char *hostname = NULL;
-int enableX11 = 1;
-
-/*
- * Callbacks Data Structures
- */
-
-/* SSH Channel Callbacks */
-struct ssh_channel_callbacks_struct channel_cb =
-{
-    .channel_data_function = copy_channel_to_fd_callback,
-    .channel_eof_function = channel_close_callback,
-    .channel_close_function = channel_close_callback,
-    .userdata = NULL
-};
-
-/* SSH Callbacks */
-struct ssh_callbacks_struct cb =
-{
-    .channel_open_request_x11_function = x11_open_request_callback,
-    .userdata = NULL
-};
-
-
-/*
- * SSH Event Context
- */
-
-short events = POLLIN | POLLPRI | POLLERR | POLLHUP | POLLNVAL;
-ssh_event event;
-
-
-/*
- * Internal data structures
- */
-
-struct termios _saved_tio;
-
-
-/*
- * Internal functions
- */
-
-int64_t _current_timestamp(void)
-{
-    struct timeval tv;
-    int64_t milliseconds;
-
-    gettimeofday(&tv, NULL);
-    milliseconds = (int64_t)(tv.tv_sec) * 1000 + (tv.tv_usec / 1000);
-
-    return milliseconds;
-}
-
-static void _logging_callback(int priority, const char *function,
-                              const char *buffer, void *userdata)
-{
-    FILE *fp = NULL;
-    char buf[100];
-    int64_t milliseconds;
-
-    time_t now = time(0);
-
-    (void)userdata;
-
-    strftime(buf, 100, "%Y-%m-%d %H:%M:%S", localtime(&now));
-
-    fp = fopen("debug.log","a");
-    if (fp == NULL) {
-        printf("Error!");
-        exit(-11);
-    }
-
-    milliseconds = _current_timestamp();
-
-    fprintf(fp, "[%s.%" PRId64 ", %d] %s: %s\n", buf, milliseconds, priority,
-            function, buffer);
-    fclose(fp);
-}
-
-static int _enter_term_raw_mode(void)
-{
-    struct termios tio;
-    int ret = tcgetattr(fileno(stdin), &tio);
-    if (ret != -1) {
-        _saved_tio = tio;
-        tio.c_iflag |= IGNPAR;
-        tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);
-#ifdef IUCLC
-        tio.c_iflag &= ~IUCLC;
-#endif
-        tio.c_lflag &= ~(ISIG | ICANON | ECHO | ECHOE | ECHOK | ECHONL);
-#ifdef IEXTEN
-        tio.c_lflag &= ~IEXTEN;
-#endif
-        tio.c_oflag &= ~OPOST;
-        tio.c_cc[VMIN] = 1;
-        tio.c_cc[VTIME] = 0;
-        ret = tcsetattr(fileno(stdin), TCSADRAIN, &tio);
-    }
-
-    return ret;
-}
-
-static int _leave_term_raw_mode(void)
-{
-    int ret = tcsetattr(fileno(stdin), TCSADRAIN, &_saved_tio);
-    return ret;
-}
-
-
-/*
- * Functions
- */
-
-static int insert_item(ssh_channel channel, int fd_in, int fd_out,
-                       int protected)
-{
-    node_t *node_iterator = NULL, *new = NULL;
-
-    pthread_mutex_lock(&mutex);
-
-    if (node == NULL) {
-        /* Calloc ensure that node is full of 0 */
-        node = (node_t *) calloc(1, sizeof(node_t));
-        if (node == NULL) {
-            pthread_mutex_unlock(&mutex);
-            return -1;
-        }
-        node->channel = channel;
-        node->fd_in = fd_in;
-        node->fd_out = fd_out;
-        node->protected = protected;
-        node->next = NULL;
-    } else {
-        node_iterator = node;
-        while (node_iterator->next != NULL) {
-            node_iterator = node_iterator->next;
-        }
-        /* Create the new node */
-        new = (node_t *) malloc(sizeof(node_t));
-        if (new == NULL) {
-            pthread_mutex_unlock(&mutex);
-            return -1;
-        }
-        new->channel = channel;
-        new->fd_in = fd_in;
-        new->fd_out = fd_out;
-        new->protected = protected;
-        new->next = NULL;
-        node_iterator->next = new;
-
-    }
-
-    pthread_mutex_unlock(&mutex);
-    return 0;
-}
-
-
-static void delete_item(ssh_channel channel)
-{
-    node_t *current = NULL, *previous = NULL;
-
-    pthread_mutex_lock(&mutex);
-
-    for (current = node; current; previous = current, current = current->next) {
-        if (current->channel != channel) {
-            continue;
-        }
-
-        if (previous == NULL) {
-            node = current->next;
-        } else {
-            previous->next = current->next;
-        }
-
-        free(current);
-        pthread_mutex_unlock(&mutex);
-        return;
-    }
-
-    pthread_mutex_unlock(&mutex);
-}
-
-
-static node_t *search_item(ssh_channel channel)
-{
-    node_t *current = NULL;
-
-    pthread_mutex_lock(&mutex);
-
-    current = node;
-    while (current != NULL) {
-        if (current->channel == channel) {
-            pthread_mutex_unlock(&mutex);
-            return current;
-        } else {
-            current = current->next;
-        }
-    }
-
-    pthread_mutex_unlock(&mutex);
-
-    return NULL;
-}
-
-
-
-static void set_nodelay(int fd)
-{
-    int opt, rc;
-    socklen_t optlen;
-
-    optlen = sizeof(opt);
-
-    rc = getsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, &optlen);
-    if (rc == -1) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "getsockopt TCP_NODELAY: %.100s",
-                 strerror(errno));
-        return;
-    }
-    if (opt == 1) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd %d is TCP_NODELAY", fd);
-        return;
-    }
-    opt = 1;
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd %d setting TCP_NODELAY", fd);
-
-    rc = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
-    if (rc == -1) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "setsockopt TCP_NODELAY: %.100s",
-                 strerror(errno));
-    }
-}
-
-
-const char *ssh_gai_strerror(int gaierr)
-{
-    if (gaierr == EAI_SYSTEM && errno != 0) {
-        return strerror(errno);
-    }
-    return gai_strerror(gaierr);
-}
-
-
-
-static int x11_get_proto(const char *display, char **_proto, char **_cookie)
-{
-    char cmd[1024], line[512], xdisplay[512];
-    static char proto[512], cookie[512];
-    FILE *f = NULL;
-    int ret = 0;
-
-    *_proto = proto;
-    *_cookie = cookie;
-
-    proto[0] = cookie[0] = '\0';
-
-    if (strncmp(display, "localhost:", 10) == 0) {
-        ret = snprintf(xdisplay, sizeof(xdisplay), "unix:%s", display + 10);
-        if (ret < 0 || (size_t)ret >= sizeof(xdisplay)) {
-            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
-                     "display name too long. display: %s", display);
-            return -1;
-        }
-        display = xdisplay;
-    }
-
-    snprintf(cmd, sizeof(cmd), _XAUTH_CMD, display);
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "xauth cmd: %s", cmd);
-
-    f = popen(cmd, "r");
-    if (f && fgets(line, sizeof(line), f) &&
-        sscanf(line, "%*s %511s %511s", proto, cookie) == 2) {
-        ret = 0;
-    } else {
-        ret = 1;
-    }
-
-    if (f) {
-        pclose(f);
-    }
-
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "proto: %s - cookie: %s - ret: %d",
-             proto, cookie, ret);
-
-    return ret;
-}
-
-static int connect_local_xsocket_path(const char *pathname)
-{
-    int sock, rc;
-    struct sockaddr_un addr;
-
-    sock = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (sock == -1) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %.100s",
-                 strerror(errno));
-        return -1;
-    }
-
-    memset(&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    addr.sun_path[0] = '\0';
-    /* pathname is guaranteed to be initialized and larger than addr.sun_path[108] */
-    memcpy(addr.sun_path + 1, pathname, sizeof(addr.sun_path) - 1);
-    rc = connect(sock, (struct sockaddr *)&addr,
-                 offsetof(struct sockaddr_un, sun_path) + 1 + strlen(pathname));
-    if (rc == 0) {
-        return sock;
-    }
-    close(sock);
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "connect %.100s: %.100s",
-             addr.sun_path, strerror(errno));
-
-    return -1;
-}
-
-
-static int connect_local_xsocket(int display_number)
-{
-    char buf[1024] = {0};
-    snprintf(buf, sizeof(buf), _PATH_UNIX_X, display_number);
-    return connect_local_xsocket_path(buf);
-}
-
-
-static int x11_connect_display(void)
-{
-    int display_number;
-    const char *display = NULL;
-    char buf[1024], *cp = NULL;
-    struct addrinfo hints, *ai = NULL, *aitop = NULL;
-    char strport[NI_MAXSERV];
-    int gaierr = 0, sock = 0;
-
-    /* Try to open a socket for the local X server. */
-    display = getenv("DISPLAY");
-
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "display: %s", display);
-
-    if (display == 0) {
-        return -1;
-    }
-
-    /* Check if it is a unix domain socket. */
-    if (strncmp(display, "unix:", 5) == 0 || display[0] == ':') {
-        /* Connect to the unix domain socket. */
-        if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
-            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
-                     "Could not parse display number from DISPLAY: %.100s",
-                     display);
-            return -1;
-        }
-
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "display_number: %d",
-                 display_number);
-
-        /* Create a socket. */
-        sock = connect_local_xsocket(display_number);
-
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %d", sock);
-
-        if (sock < 0) {
-            return -1;
-        }
-
-        /* OK, we now have a connection to the display. */
-        return sock;
-    }
-
-    /* Connect to an inet socket. */
-    strncpy(buf, display, sizeof(buf) - 1);
-    cp = strchr(buf, ':');
-    if (cp == 0) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__,
-                 "Could not find ':' in DISPLAY: %.100s", display);
-        return -1;
-    }
-    *cp = 0;
-    if (sscanf(cp + 1, "%d", &display_number) != 1) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__,
-                 "Could not parse display number from DISPLAY: %.100s",
-                 display);
-        return -1;
-    }
-
-    /* Look up the host address */
-    memset(&hints, 0, sizeof(hints));
-    hints.ai_family = AF_INET;
-    hints.ai_socktype = SOCK_STREAM;
-    snprintf(strport, sizeof(strport), "%u", 6000 + display_number);
-    gaierr = getaddrinfo(buf, strport, &hints, &aitop);
-    if (gaierr != 0) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "%.100s: unknown host. (%s)",
-                 buf, ssh_gai_strerror(gaierr));
-        return -1;
-    }
-    for (ai = aitop; ai; ai = ai->ai_next) {
-        /* Create a socket. */
-        sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-        if (sock == -1) {
-            _ssh_log(SSH_LOG_FUNCTIONS, __func__, "socket: %.100s",
-                     strerror(errno));
-            continue;
-        }
-        /* Connect it to the display. */
-        if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
-            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
-                     "connect %.100s port %u: %.100s", buf,
-                     6000 + display_number, strerror(errno));
-            close(sock);
-            continue;
-        }
-        /* Success */
-        break;
-    }
-    freeaddrinfo(aitop);
-    if (ai == 0) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "connect %.100s port %u: %.100s",
-                 buf, 6000 + display_number, strerror(errno));
-        return -1;
-    }
-    set_nodelay(sock);
-
-    return sock;
-}
-
-
-
-static int copy_fd_to_channel_callback(int fd, int revents, void *userdata)
-{
-    ssh_channel channel = (ssh_channel)userdata;
-    char buf[2097152];
-    int sz = 0, ret = 0;
-
-    node_t *temp_node = search_item(channel);
-
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "event: %d - fd: %d", revents, fd);
-
-    if (channel == NULL) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "channel does not exist.");
-        if (temp_node->protected == 0) {
-            close(fd);
-        }
-        return -1;
-    }
-
-    if (fcntl(fd, F_GETFD) == -1) {
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fcntl error. fd: %d", fd);
-        ssh_channel_close(channel);
-        return -1;
-    }
-
-    if ((revents & POLLIN) || (revents & POLLPRI)) {
-        sz = read(fd, buf, sizeof(buf));
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "sz: %d", sz);
-        if (sz > 0) {
-            ret = ssh_channel_write(channel, buf, sz);
-            _ssh_log(SSH_LOG_FUNCTIONS, __func__, "channel_write ret: %d", ret);
-        } else if (sz < 0) {
-            ssh_channel_close(channel);
-            return -1;
-        } else {
-            /* sz = 0. Why the hell I'm here? */
-            _ssh_log(SSH_LOG_FUNCTIONS, __func__,
-                     "Why the hell am I here?: sz: %d", sz);
-            if (temp_node->protected == 0) {
-                close(fd);
-            }
-            return -1;
-        }
-    }
-
-    if ((revents & POLLHUP) || (revents & POLLNVAL) || (revents & POLLERR)) {
-        ssh_channel_close(channel);
-        return -1;
-    }
-
-    return sz;
-}
-
-
-static int copy_channel_to_fd_callback(ssh_session session, ssh_channel channel,
-                                       void *data, uint32_t len, int is_stderr,
-                                       void *userdata)
-{
-    node_t *temp_node = NULL;
-    int fd, sz;
-
-    (void)session;
-    (void)is_stderr;
-    (void)userdata;
-
-    temp_node = search_item(channel);
-
-    fd = temp_node->fd_out;
-
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "len: %d - fd: %d - is_stderr: %d",
-             len, fd, is_stderr);
-
-    sz = write(fd, data, len);
-
-    return sz;
-}
-
-
-static void channel_close_callback(ssh_session session, ssh_channel channel,
-                                   void *userdata)
-{
-    node_t *temp_node = NULL;
-
-    (void)session;
-    (void)userdata;
-
-    temp_node = search_item(channel);
-
-    if (temp_node != NULL) {
-        int fd = temp_node->fd_in;
-
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "fd: %d", fd);
-
-        delete_item(channel);
-        ssh_event_remove_fd(event, fd);
-
-        if (temp_node->protected == 0) {
-            close(fd);
-        }
-    }
-}
-
-
-static ssh_channel x11_open_request_callback(ssh_session session,
-                                             const char *shost, int sport,
-                                             void *userdata)
-{
-    ssh_channel channel = NULL;
-    int sock, rv;
-
-    (void)shost;
-    (void)sport;
-    (void)userdata;
-
-    channel	= ssh_channel_new(session);
-
-    sock = x11_connect_display();
-
-    _ssh_log(SSH_LOG_FUNCTIONS, __func__, "sock: %d", sock);
-
-    rv = insert_item(channel, sock, sock, 0);
-    if (rv != 0) {
-        ssh_channel_free(channel);
-        return NULL;
-    }
-
-    ssh_event_add_fd(event, sock, events, copy_fd_to_channel_callback, channel);
-    ssh_event_add_session(event, session);
-
-    ssh_add_channel_callbacks(channel, &channel_cb);
-
-    return channel;
-}
-
-
-
-/*
- * MAIN LOOP
- */
-
-static int main_loop(ssh_channel channel)
-{
-    ssh_session session = ssh_channel_get_session(channel);
-    int rv;
-
-    rv = insert_item(channel, fileno(stdin), fileno(stdout), 1);
-    if (rv != 0) {
-        return -1;
-    }
-
-    ssh_callbacks_init(&channel_cb);
-    ssh_set_channel_callbacks(channel, &channel_cb);
-
-    event = ssh_event_new();
-    if (event == NULL) {
-        printf("Couldn't get a event\n");
-        return -1;
-    }
-
-    rv = ssh_event_add_fd(event, fileno(stdin), events,
-                          copy_fd_to_channel_callback, channel);
-    if (rv != SSH_OK) {
-        printf("Couldn't add an fd to the event\n");
-        return -1;
-    }
-
-    rv = ssh_event_add_session(event, session);
-    if (rv != SSH_OK) {
-        printf("Couldn't add the session to the event\n");
-        return -1;
-    }
-
-    do {
-        if (ssh_event_dopoll(event, 1000) == SSH_ERROR) {
-            printf("Error : %s\n", ssh_get_error(session));
-            /* fall through */
-        }
-    } while (!ssh_channel_is_closed(channel));
-
-    delete_item(channel);
-    ssh_event_remove_fd(event, fileno(stdin));
-    ssh_event_remove_session(event, session);
-    ssh_event_free(event);
-
-    return 0;
-}
-
-
-/*
- * USAGE
- */
-
-static void usage(void)
-{
-    fprintf(stderr,
-            "Usage : ssh-X11-client [options] [login@]hostname\n"
-            "sample X11 client - libssh-%s\n"
-            "Options :\n"
-            "  -l user : Specifies the user to log in as on the remote "
-            "machine.\n"
-            "  -p port : Port to connect to on the remote host.\n"
-            "  -v      : Verbose mode. Multiple -v options increase the "
-            "verbosity. The maximum is 5.\n"
-            "  -C      : Requests compression of all data.\n"
-            "  -x      : Disables X11 forwarding.\n"
-            "\n",
-            ssh_version(0));
-
-    exit(0);
-}
-
-static int opts(int argc, char **argv)
-{
-    int i;
-
-    while ((i = getopt(argc,argv,"x")) != -1) {
-        switch (i) {
-        case 'x':
-            enableX11 = 0;
-            break;
-        default:
-            fprintf(stderr, "Unknown option %c\n", optopt);
-            return -1;
-        }
-    }
-
-    if (optind < argc) {
-        hostname = argv[optind++];
-    }
-
-    if (hostname == NULL) {
-        return -1;
-    }
-
-    return 0;
-}
-
-/*
- * MAIN
- */
-
-int main(int argc, char **argv)
-{
-    char *password = NULL;
-
-    ssh_session session = NULL;
-    ssh_channel channel = NULL;
-
-    int ret;
-
-    const char *display = NULL;
-    char *proto = NULL, *cookie = NULL;
-
-    ssh_set_log_callback(_logging_callback);
-    ret = ssh_init();
-    if (ret != SSH_OK) {
-        return ret;
-    }
-
-    session = ssh_new();
-    if (session == NULL) {
-        exit(-1);
-    }
-
-    if (ssh_options_getopt(session, &argc, argv) || opts(argc, argv)) {
-        fprintf(stderr, "Error parsing command line: %s\n",
-                ssh_get_error(session));
-        ssh_free(session);
-        ssh_finalize();
-        usage();
-    }
-
-    if (ssh_options_set(session, SSH_OPTIONS_HOST, hostname) < 0) {
-        return -1;
-    }
-
-    ret = ssh_connect(session);
-    if (ret != SSH_OK) {
-        fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
-        exit(-1);
-    }
-
-    password = getpass("Password: ");
-    ret = ssh_userauth_password(session, NULL, password);
-    if (ret != SSH_AUTH_SUCCESS) {
-        fprintf(stderr, "Error authenticating with password: %s\n",
-                ssh_get_error(session));
-        exit(-1);
-    }
-
-    channel = ssh_channel_new(session);
-    if (channel == NULL) {
-        return SSH_ERROR;
-    }
-
-    ret = ssh_channel_open_session(channel);
-    if (ret != SSH_OK) {
-        return ret;
-    }
-
-    ret = ssh_channel_request_pty(channel);
-    if (ret != SSH_OK) {
-        return ret;
-    }
-
-    ret = ssh_channel_change_pty_size(channel, 80, 24);
-    if (ret != SSH_OK) {
-        return ret;
-    }
-
-    if (enableX11 == 1) {
-        display = getenv("DISPLAY");
-
-        _ssh_log(SSH_LOG_FUNCTIONS, __func__, "display: %s", display);
-
-        if (display) {
-            ssh_callbacks_init(&cb);
-            ret = ssh_set_callbacks(session, &cb);
-            if (ret != SSH_OK) {
-                return ret;
-            }
-
-            ret = x11_get_proto(display, &proto, &cookie);
-            if (ret != 0) {
-                _ssh_log(SSH_LOG_FUNCTIONS, __func__,
-                         "Using fake authentication data for X11 forwarding");
-                proto = NULL;
-                cookie = NULL;
-            }
-
-            _ssh_log(SSH_LOG_FUNCTIONS, __func__, "proto: %s - cookie: %s",
-                     proto, cookie);
-            /* See https://gitlab.com/libssh/libssh-mirror/-/blob/master/src/channels.c#L2062 for details. */
-            ret = ssh_channel_request_x11(channel, 0, proto, cookie, 0);
-            if (ret != SSH_OK) {
-                return ret;
-            }
-        }
-    }
-
-    ret = _enter_term_raw_mode();
-    if (ret != 0) {
-        exit(-1);
-    }
-
-    ret = ssh_channel_request_shell(channel);
-    if (ret != SSH_OK) {
-        return ret;
-    }
-
-    ret = main_loop(channel);
-    if (ret != SSH_OK) {
-        return ret;
-    }
-
-    _leave_term_raw_mode();
-
-    ssh_channel_close(channel);
-    ssh_channel_free(channel);
-    ssh_disconnect(session);
-    ssh_free(session);
-    ssh_finalize();
-}
--- a/examples/ssh_client.c
+++ b/examples/ssh_client.c
@@ -17,7 +17,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <limits.h>

 #include <sys/select.h>
 #include <sys/time.h>
@@ -39,19 +38,20 @@

 #include <libssh/callbacks.h>
 #include <libssh/libssh.h>
+#include <libssh/sftp.h>
+

 #include "examples_common.h"
 #define MAXCMD 10

-static char *host = NULL;
-static char *user = NULL;
+static char *host;
+static char *user;
 static char *cmds[MAXCMD];
-static char *config_file = NULL;
 static struct termios terminal;

 static char *pcap_file = NULL;

-static char *proxycommand = NULL;
+static char *proxycommand;

 static int auth_callback(const char *prompt,
                         char *buf,
@@ -81,29 +81,27 @@ static void add_cmd(char *cmd)
        return;
    }

-    cmds[n] = cmd;
+    cmds[n] = strdup(cmd);
 }

 static void usage(void)
 {
-    fprintf(
-        stderr,
-        "Usage : ssh [options] [login@]hostname\n"
-        "sample client - libssh-%s\n"
-        "Options :\n"
-        "  -l user : log in as user\n"
-        "  -p port : connect to port\n"
-        "  -o option : set configuration option (e.g., -o Compression=yes)\n"
-        "  -r : use RSA to verify host public key\n"
-        "  -F file : parse configuration file instead of default one\n"
+    fprintf(stderr,
+            "Usage : ssh [options] [login@]hostname\n"
+            "sample client - libssh-%s\n"
+            "Options :\n"
+            "  -l user : log in as user\n"
+            "  -p port : connect to port\n"
+            "  -d : use DSS to verify host public key\n"
+            "  -r : use RSA to verify host public key\n"
 #ifdef WITH_PCAP
-        "  -P file : create a pcap debugging file\n"
+            "  -P file : create a pcap debugging file\n"
 #endif
 #ifndef _WIN32
-        "  -T proxycommand : command to execute as a socket proxy\n"
+            "  -T proxycommand : command to execute as a socket proxy\n"
 #endif
-        "\n",
-        ssh_version(0));
+            "\n",
+            ssh_version(0));

    exit(0);
 }
@@ -112,14 +110,11 @@ static int opts(int argc, char **argv)
 {
    int i;

-    while ((i = getopt(argc, argv, "T:P:F:")) != -1) {
-        switch (i) {
+    while((i = getopt(argc,argv,"T:P:")) != -1) {
+        switch(i){
        case 'P':
            pcap_file = optarg;
            break;
-        case 'F':
-            config_file = optarg;
-            break;
 #ifndef _WIN32
        case 'T':
            proxycommand = optarg;
@@ -127,7 +122,7 @@ static int opts(int argc, char **argv)
 #endif
        default:
            fprintf(stderr, "Unknown option %c\n", optopt);
-            return -1;
+            usage();
        }
    }
    if (optind < argc) {
@@ -139,7 +134,7 @@ static int opts(int argc, char **argv)
    }

    if (host == NULL) {
-        return -1;
+        usage();
    }

    return 0;
@@ -159,38 +154,37 @@ static void cfmakeraw(struct termios *termios_p)

 static void do_cleanup(int i)
 {
-    (void)i;
+  /* unused variable */
+  (void) i;

-    tcsetattr(0, TCSANOW, &terminal);
+  tcsetattr(0, TCSANOW, &terminal);
 }

 static void do_exit(int i)
 {
-    (void)i;
+    /* unused variable */
+    (void) i;

    do_cleanup(0);
    exit(0);
 }

+static ssh_channel chan;
 static int signal_delayed = 0;

-#ifdef SIGWINCH
 static void sigwindowchanged(int i)
 {
-    (void)i;
+    (void) i;
    signal_delayed = 1;
 }
-#endif

 static void setsignal(void)
 {
-#ifdef SIGWINCH
    signal(SIGWINCH, sigwindowchanged);
-#endif
    signal_delayed = 0;
 }

-static void sizechanged(ssh_channel chan)
+static void sizechanged(void)
 {
    struct winsize win = {
        .ws_row = 0,
@@ -211,24 +205,24 @@ static void select_loop(ssh_session session,ssh_channel channel)
    /* stdin */
    connector_in = ssh_connector_new(session);
    ssh_connector_set_out_channel(connector_in, channel, SSH_CONNECTOR_STDINOUT);
-    ssh_connector_set_in_fd(connector_in, STDIN_FILENO);
+    ssh_connector_set_in_fd(connector_in, 0);
    ssh_event_add_connector(event, connector_in);

    /* stdout */
    connector_out = ssh_connector_new(session);
-    ssh_connector_set_out_fd(connector_out, STDOUT_FILENO);
+    ssh_connector_set_out_fd(connector_out, 1);
    ssh_connector_set_in_channel(connector_out, channel, SSH_CONNECTOR_STDINOUT);
    ssh_event_add_connector(event, connector_out);

    /* stderr */
    connector_err = ssh_connector_new(session);
-    ssh_connector_set_out_fd(connector_err, STDERR_FILENO);
+    ssh_connector_set_out_fd(connector_err, 2);
    ssh_connector_set_in_channel(connector_err, channel, SSH_CONNECTOR_STDERR);
    ssh_event_add_connector(event, connector_err);

    while (ssh_channel_is_open(channel)) {
        if (signal_delayed) {
-            sizechanged(channel);
+            sizechanged();
        }
        rc = ssh_event_dopoll(event, 60000);
        if (rc == SSH_ERROR) {
@@ -249,9 +243,9 @@ static void select_loop(ssh_session session,ssh_channel channel)

 static void shell(ssh_session session)
 {
-    ssh_channel channel = NULL;
+    ssh_channel channel;
    struct termios terminal_local;
-    int interactive = isatty(0);
+    int interactive=isatty(0);

    channel = ssh_channel_new(session);
    if (channel == NULL) {
@@ -268,9 +262,10 @@ static void shell(ssh_session session)
        ssh_channel_free(channel);
        return;
    }
+    chan = channel;
    if (interactive) {
        ssh_channel_request_pty(channel);
-        sizechanged(channel);
+        sizechanged();
    }

    if (ssh_channel_request_shell(channel)) {
@@ -295,41 +290,27 @@ static void shell(ssh_session session)
 static void batch_shell(ssh_session session)
 {
    ssh_channel channel;
-    char *buffer = NULL;
-    size_t i, s, n;
+    char buffer[1024];
+    size_t i;
+    int s = 0;
+
+    for (i = 0; i < MAXCMD && cmds[i]; ++i) {
+        s += snprintf(buffer + s, sizeof(buffer) - s, "%s ", cmds[i]);
+        free(cmds[i]);
+        cmds[i] = NULL;
+    }

    channel = ssh_channel_new(session);
    if (channel == NULL) {
        return;
    }

-    n = 0;
-    for (i = 0; i < MAXCMD && cmds[i]; ++i) {
-        /* Including space after cmds[i] */
-        n += strlen(cmds[i]) + 1;
-    }
-    /* Trailing \0 */
-    n += 1;
-
-    buffer = malloc(n);
-    if (buffer == NULL) {
-        ssh_channel_free(channel);
-        return;
-    }
-
-    s = 0;
-    for (i = 0; i < MAXCMD && cmds[i]; ++i) {
-        s += snprintf(buffer + s, n - s, "%s ", cmds[i]);
-    }
-
    ssh_channel_open_session(channel);
    if (ssh_channel_request_exec(channel, buffer)) {
        printf("Error executing '%s' : %s\n", buffer, ssh_get_error(session));
-        free(buffer);
        ssh_channel_free(channel);
        return;
    }
-    free(buffer);
    select_loop(session, channel);
    ssh_channel_free(channel);
 }
@@ -337,7 +318,7 @@ static void batch_shell(ssh_session session)
 static int client(ssh_session session)
 {
    int auth = 0;
-    char *banner = NULL;
+    char *banner;
    int state;

    if (user) {
@@ -345,7 +326,7 @@ static int client(ssh_session session)
            return -1;
        }
    }
-    if (ssh_options_set(session, SSH_OPTIONS_HOST, host) < 0) {
+    if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0) {
        return -1;
    }
    if (proxycommand != NULL) {
@@ -353,11 +334,7 @@ static int client(ssh_session session)
            return -1;
        }
    }
-    /* Parse configuration file if specified: The command-line options will
-     * overwrite items loaded from configuration file */
-    if (ssh_options_parse_config(session, config_file) < 0) {
-        return -1;
-    }
+    ssh_options_parse_config(session, NULL);

    if (ssh_connect(session)) {
        fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
@@ -419,22 +396,20 @@ static void cleanup_pcap(void)

 int main(int argc, char **argv)
 {
-    ssh_session session = NULL;
+    ssh_session session;

-    ssh_init();
    session = ssh_new();

    ssh_callbacks_init(&cb);
    ssh_set_callbacks(session,&cb);

-    if (ssh_options_getopt(session, &argc, argv) || opts(argc, argv)) {
+    if (ssh_options_getopt(session, &argc, argv)) {
        fprintf(stderr,
                "Error parsing command line: %s\n",
                ssh_get_error(session));
-        ssh_free(session);
-        ssh_finalize();
        usage();
    }
+    opts(argc, argv);
    signal(SIGTERM, do_exit);

    set_pcap(session);
--- a/examples/ssh_server.c
+++ b/examples/ssh_server.c
--- a/examples/ssh_server_fork.c
+++ b/examples/ssh_server_fork.c
@@ -0,0 +1,775 @@
+/* This is a sample implementation of a libssh based SSH server */
+/*
+Copyright 2014 Audrius Butkevicius
+
+This file is part of the SSH Library
+
+You are free to copy this file, modify it in any way, consider it being public
+domain. This does not apply to the rest of the library though, but it is
+allowed to cut-and-paste working code from this file to any license of
+program.
+The goal is to show the API in action.
+*/
+
+#include "config.h"
+
+#include <libssh/callbacks.h>
+#include <libssh/server.h>
+
+#include <poll.h>
+#ifdef HAVE_ARGP_H
+#include <argp.h>
+#endif
+#include <fcntl.h>
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#endif
+#include <signal.h>
+#include <stdlib.h>
+#ifdef HAVE_UTMP_H
+#include <utmp.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#include <sys/ioctl.h>
+#include <sys/wait.h>
+#include <sys/stat.h>
+#include <stdio.h>
+
+#ifndef KEYS_FOLDER
+#ifdef _WIN32
+#define KEYS_FOLDER
+#else
+#define KEYS_FOLDER "/etc/ssh/"
+#endif
+#endif
+
+#define USER "myuser"
+#define PASS "mypassword"
+#define BUF_SIZE 1048576
+#define SESSION_END (SSH_CLOSED | SSH_CLOSED_ERROR)
+#define SFTP_SERVER_PATH "/usr/lib/sftp-server"
+
+static void set_default_keys(ssh_bind sshbind,
+                             int rsa_already_set,
+                             int dsa_already_set,
+                             int ecdsa_already_set) {
+    if (!rsa_already_set) {
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY,
+                             KEYS_FOLDER "ssh_host_rsa_key");
+    }
+    if (!dsa_already_set) {
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY,
+                             KEYS_FOLDER "ssh_host_dsa_key");
+    }
+    if (!ecdsa_already_set) {
+        ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY,
+                             KEYS_FOLDER "ssh_host_ecdsa_key");
+    }
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY,
+                         KEYS_FOLDER "ssh_host_ed25519_key");
+}
+#define DEF_STR_SIZE 1024
+char authorizedkeys[DEF_STR_SIZE] = {0};
+#ifdef HAVE_ARGP_H
+const char *argp_program_version = "libssh server example "
+SSH_STRINGIFY(LIBSSH_VERSION);
+const char *argp_program_bug_address = "<libssh@libssh.org>";
+
+/* Program documentation. */
+static char doc[] = "libssh -- a Secure Shell protocol implementation";
+
+/* A description of the arguments we accept. */
+static char args_doc[] = "BINDADDR";
+
+/* The options we understand. */
+static struct argp_option options[] = {
+    {
+        .name  = "port",
+        .key   = 'p',
+        .arg   = "PORT",
+        .flags = 0,
+        .doc   = "Set the port to bind.",
+        .group = 0
+    },
+    {
+        .name  = "hostkey",
+        .key   = 'k',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set a host key.  Can be used multiple times.  "
+                 "Implies no default keys.",
+        .group = 0
+    },
+    {
+        .name  = "dsakey",
+        .key   = 'd',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set the dsa key.",
+        .group = 0
+    },
+    {
+        .name  = "rsakey",
+        .key   = 'r',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set the rsa key.",
+        .group = 0
+    },
+    {
+        .name  = "ecdsakey",
+        .key   = 'e',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set the ecdsa key.",
+        .group = 0
+    },
+    {
+        .name  = "authorizedkeys",
+        .key   = 'a',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set the authorized keys file.",
+        .group = 0
+    },
+    {
+        .name  = "no-default-keys",
+        .key   = 'n',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Do not set default key locations.",
+        .group = 0
+    },
+    {
+        .name  = "verbose",
+        .key   = 'v',
+        .arg   = NULL,
+        .flags = 0,
+        .doc   = "Get verbose output.",
+        .group = 0
+    },
+    {NULL, 0, NULL, 0, NULL, 0}
+};
+
+/* Parse a single option. */
+static error_t parse_opt (int key, char *arg, struct argp_state *state) {
+    /* Get the input argument from argp_parse, which we
+     * know is a pointer to our arguments structure. */
+    ssh_bind sshbind = state->input;
+    static int no_default_keys = 0;
+    static int rsa_already_set = 0, dsa_already_set = 0, ecdsa_already_set = 0;
+
+    switch (key) {
+        case 'n':
+            no_default_keys = 1;
+            break;
+        case 'p':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
+            break;
+        case 'd':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
+            dsa_already_set = 1;
+            break;
+        case 'k':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
+            /* We can't track the types of keys being added with this
+               option, so let's ensure we keep the keys we're adding
+               by just not setting the default keys */
+            no_default_keys = 1;
+            break;
+        case 'r':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
+            rsa_already_set = 1;
+            break;
+        case 'e':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_ECDSAKEY, arg);
+            ecdsa_already_set = 1;
+            break;
+        case 'a':
+            strncpy(authorizedkeys, arg, DEF_STR_SIZE-1);
+            break;
+        case 'v':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR,
+                                 "3");
+            break;
+        case ARGP_KEY_ARG:
+            if (state->arg_num >= 1) {
+                /* Too many arguments. */
+                argp_usage (state);
+            }
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, arg);
+            break;
+        case ARGP_KEY_END:
+            if (state->arg_num < 1) {
+                /* Not enough arguments. */
+                argp_usage (state);
+            }
+
+            if (!no_default_keys) {
+                set_default_keys(sshbind,
+                                 rsa_already_set,
+                                 dsa_already_set,
+                                 ecdsa_already_set);
+            }
+
+            break;
+        default:
+            return ARGP_ERR_UNKNOWN;
+    }
+    return 0;
+}
+
+/* Our argp parser. */
+static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
+#endif /* HAVE_ARGP_H */
+
+/* A userdata struct for channel. */
+struct channel_data_struct {
+    /* pid of the child process the channel will spawn. */
+    pid_t pid;
+    /* For PTY allocation */
+    socket_t pty_master;
+    socket_t pty_slave;
+    /* For communication with the child process. */
+    socket_t child_stdin;
+    socket_t child_stdout;
+    /* Only used for subsystem and exec requests. */
+    socket_t child_stderr;
+    /* Event which is used to poll the above descriptors. */
+    ssh_event event;
+    /* Terminal size struct. */
+    struct winsize *winsize;
+};
+
+/* A userdata struct for session. */
+struct session_data_struct {
+    /* Pointer to the channel the session will allocate. */
+    ssh_channel channel;
+    int auth_attempts;
+    int authenticated;
+};
+
+static int data_function(ssh_session session, ssh_channel channel, void *data,
+                         uint32_t len, int is_stderr, void *userdata) {
+    struct channel_data_struct *cdata = (struct channel_data_struct *) userdata;
+
+    (void) session;
+    (void) channel;
+    (void) is_stderr;
+
+    if (len == 0 || cdata->pid < 1 || kill(cdata->pid, 0) < 0) {
+        return 0;
+    }
+
+    return write(cdata->child_stdin, (char *) data, len);
+}
+
+static int pty_request(ssh_session session, ssh_channel channel,
+                       const char *term, int cols, int rows, int py, int px,
+                       void *userdata) {
+    struct channel_data_struct *cdata = (struct channel_data_struct *)userdata;
+
+    (void) session;
+    (void) channel;
+    (void) term;
+
+    cdata->winsize->ws_row = rows;
+    cdata->winsize->ws_col = cols;
+    cdata->winsize->ws_xpixel = px;
+    cdata->winsize->ws_ypixel = py;
+
+    if (openpty(&cdata->pty_master, &cdata->pty_slave, NULL, NULL,
+                cdata->winsize) != 0) {
+        fprintf(stderr, "Failed to open pty\n");
+        return SSH_ERROR;
+    }
+    return SSH_OK;
+}
+
+static int pty_resize(ssh_session session, ssh_channel channel, int cols,
+                      int rows, int py, int px, void *userdata) {
+    struct channel_data_struct *cdata = (struct channel_data_struct *)userdata;
+
+    (void) session;
+    (void) channel;
+
+    cdata->winsize->ws_row = rows;
+    cdata->winsize->ws_col = cols;
+    cdata->winsize->ws_xpixel = px;
+    cdata->winsize->ws_ypixel = py;
+
+    if (cdata->pty_master != -1) {
+        return ioctl(cdata->pty_master, TIOCSWINSZ, cdata->winsize);
+    }
+
+    return SSH_ERROR;
+}
+
+static int exec_pty(const char *mode, const char *command,
+                    struct channel_data_struct *cdata) {
+    switch(cdata->pid = fork()) {
+        case -1:
+            close(cdata->pty_master);
+            close(cdata->pty_slave);
+            fprintf(stderr, "Failed to fork\n");
+            return SSH_ERROR;
+        case 0:
+            close(cdata->pty_master);
+            if (login_tty(cdata->pty_slave) != 0) {
+                exit(1);
+            }
+            execl("/bin/sh", "sh", mode, command, NULL);
+            exit(0);
+        default:
+            close(cdata->pty_slave);
+            /* pty fd is bi-directional */
+            cdata->child_stdout = cdata->child_stdin = cdata->pty_master;
+    }
+    return SSH_OK;
+}
+
+static int exec_nopty(const char *command, struct channel_data_struct *cdata) {
+    int in[2], out[2], err[2];
+
+    /* Do the plumbing to be able to talk with the child process. */
+    if (pipe(in) != 0) {
+        goto stdin_failed;
+    }
+    if (pipe(out) != 0) {
+        goto stdout_failed;
+    }
+    if (pipe(err) != 0) {
+        goto stderr_failed;
+    }
+
+    switch(cdata->pid = fork()) {
+        case -1:
+            goto fork_failed;
+        case 0:
+            /* Finish the plumbing in the child process. */
+            close(in[1]);
+            close(out[0]);
+            close(err[0]);
+            dup2(in[0], STDIN_FILENO);
+            dup2(out[1], STDOUT_FILENO);
+            dup2(err[1], STDERR_FILENO);
+            close(in[0]);
+            close(out[1]);
+            close(err[1]);
+            /* exec the requested command. */
+            execl("/bin/sh", "sh", "-c", command, NULL);
+            exit(0);
+    }
+
+    close(in[0]);
+    close(out[1]);
+    close(err[1]);
+
+    cdata->child_stdin = in[1];
+    cdata->child_stdout = out[0];
+    cdata->child_stderr = err[0];
+
+    return SSH_OK;
+
+fork_failed:
+    close(err[0]);
+    close(err[1]);
+stderr_failed:
+    close(out[0]);
+    close(out[1]);
+stdout_failed:
+    close(in[0]);
+    close(in[1]);
+stdin_failed:
+    return SSH_ERROR;
+}
+
+static int exec_request(ssh_session session, ssh_channel channel,
+                        const char *command, void *userdata) {
+    struct channel_data_struct *cdata = (struct channel_data_struct *) userdata;
+
+
+    (void) session;
+    (void) channel;
+
+    if(cdata->pid > 0) {
+        return SSH_ERROR;
+    }
+
+    if (cdata->pty_master != -1 && cdata->pty_slave != -1) {
+        return exec_pty("-c", command, cdata);
+    }
+    return exec_nopty(command, cdata);
+}
+
+static int shell_request(ssh_session session, ssh_channel channel,
+                         void *userdata) {
+    struct channel_data_struct *cdata = (struct channel_data_struct *) userdata;
+
+    (void) session;
+    (void) channel;
+
+    if(cdata->pid > 0) {
+        return SSH_ERROR;
+    }
+
+    if (cdata->pty_master != -1 && cdata->pty_slave != -1) {
+        return exec_pty("-l", NULL, cdata);
+    }
+    /* Client requested a shell without a pty, let's pretend we allow that */
+    return SSH_OK;
+}
+
+static int subsystem_request(ssh_session session, ssh_channel channel,
+                             const char *subsystem, void *userdata) {
+    /* subsystem requests behave simillarly to exec requests. */
+    if (strcmp(subsystem, "sftp") == 0) {
+        return exec_request(session, channel, SFTP_SERVER_PATH, userdata);
+    }
+    return SSH_ERROR;
+}
+
+static int auth_password(ssh_session session, const char *user,
+                         const char *pass, void *userdata) {
+    struct session_data_struct *sdata = (struct session_data_struct *) userdata;
+
+    (void) session;
+
+    if (strcmp(user, USER) == 0 && strcmp(pass, PASS) == 0) {
+        sdata->authenticated = 1;
+        return SSH_AUTH_SUCCESS;
+    }
+
+    sdata->auth_attempts++;
+    return SSH_AUTH_DENIED;
+}
+
+static int auth_publickey(ssh_session session,
+                          const char *user,
+                          struct ssh_key_struct *pubkey,
+                          char signature_state,
+                          void *userdata)
+{
+    struct session_data_struct *sdata = (struct session_data_struct *) userdata;
+
+    (void) user;
+    (void) session;
+
+    if (signature_state == SSH_PUBLICKEY_STATE_NONE) {
+        return SSH_AUTH_SUCCESS;
+    }
+
+    if (signature_state != SSH_PUBLICKEY_STATE_VALID) {
+        return SSH_AUTH_DENIED;
+    }
+
+    // valid so far.  Now look through authorized keys for a match
+    if (authorizedkeys[0]) {
+        ssh_key key = NULL;
+        int result;
+        struct stat buf;
+
+        if (stat(authorizedkeys, &buf) == 0) {
+            result = ssh_pki_import_pubkey_file( authorizedkeys, &key );
+            if ((result != SSH_OK) || (key==NULL)) {
+                fprintf(stderr,
+                        "Unable to import public key file %s\n",
+                        authorizedkeys);
+            } else {
+                result = ssh_key_cmp( key, pubkey, SSH_KEY_CMP_PUBLIC );
+                ssh_key_free(key);
+                if (result == 0) {
+                    sdata->authenticated = 1;
+                    return SSH_AUTH_SUCCESS;
+                }
+            }
+        }
+    }
+
+    // no matches
+    sdata->authenticated = 0;
+    return SSH_AUTH_DENIED;
+}
+
+static ssh_channel channel_open(ssh_session session, void *userdata) {
+    struct session_data_struct *sdata = (struct session_data_struct *) userdata;
+
+    sdata->channel = ssh_channel_new(session);
+    return sdata->channel;
+}
+
+static int process_stdout(socket_t fd, int revents, void *userdata) {
+    char buf[BUF_SIZE];
+    int n = -1;
+    ssh_channel channel = (ssh_channel) userdata;
+
+    if (channel != NULL && (revents & POLLIN) != 0) {
+        n = read(fd, buf, BUF_SIZE);
+        if (n > 0) {
+            ssh_channel_write(channel, buf, n);
+        }
+    }
+
+    return n;
+}
+
+static int process_stderr(socket_t fd, int revents, void *userdata) {
+    char buf[BUF_SIZE];
+    int n = -1;
+    ssh_channel channel = (ssh_channel) userdata;
+
+    if (channel != NULL && (revents & POLLIN) != 0) {
+        n = read(fd, buf, BUF_SIZE);
+        if (n > 0) {
+            ssh_channel_write_stderr(channel, buf, n);
+        }
+    }
+
+    return n;
+}
+
+static void handle_session(ssh_event event, ssh_session session) {
+    int n;
+    int rc = 0;
+
+    /* Structure for storing the pty size. */
+    struct winsize wsize = {
+        .ws_row = 0,
+        .ws_col = 0,
+        .ws_xpixel = 0,
+        .ws_ypixel = 0
+    };
+
+    /* Our struct holding information about the channel. */
+    struct channel_data_struct cdata = {
+        .pid = 0,
+        .pty_master = -1,
+        .pty_slave = -1,
+        .child_stdin = -1,
+        .child_stdout = -1,
+        .child_stderr = -1,
+        .event = NULL,
+        .winsize = &wsize
+    };
+
+    /* Our struct holding information about the session. */
+    struct session_data_struct sdata = {
+        .channel = NULL,
+        .auth_attempts = 0,
+        .authenticated = 0
+    };
+
+    struct ssh_channel_callbacks_struct channel_cb = {
+        .userdata = &cdata,
+        .channel_pty_request_function = pty_request,
+        .channel_pty_window_change_function = pty_resize,
+        .channel_shell_request_function = shell_request,
+        .channel_exec_request_function = exec_request,
+        .channel_data_function = data_function,
+        .channel_subsystem_request_function = subsystem_request
+    };
+
+    struct ssh_server_callbacks_struct server_cb = {
+        .userdata = &sdata,
+        .auth_password_function = auth_password,
+        .channel_open_request_session_function = channel_open,
+    };
+
+    if (authorizedkeys[0]) {
+        server_cb.auth_pubkey_function = auth_publickey;
+        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_PUBLICKEY);
+    } else
+        ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD);
+
+    ssh_callbacks_init(&server_cb);
+    ssh_callbacks_init(&channel_cb);
+
+    ssh_set_server_callbacks(session, &server_cb);
+
+    if (ssh_handle_key_exchange(session) != SSH_OK) {
+        fprintf(stderr, "%s\n", ssh_get_error(session));
+        return;
+    }
+
+    ssh_event_add_session(event, session);
+
+    n = 0;
+    while (sdata.authenticated == 0 || sdata.channel == NULL) {
+        /* If the user has used up all attempts, or if he hasn't been able to
+         * authenticate in 10 seconds (n * 100ms), disconnect. */
+        if (sdata.auth_attempts >= 3 || n >= 100) {
+            return;
+        }
+
+        if (ssh_event_dopoll(event, 100) == SSH_ERROR) {
+            fprintf(stderr, "%s\n", ssh_get_error(session));
+            return;
+        }
+        n++;
+    }
+
+    ssh_set_channel_callbacks(sdata.channel, &channel_cb);
+
+    do {
+        /* Poll the main event which takes care of the session, the channel and
+         * even our child process's stdout/stderr (once it's started). */
+        if (ssh_event_dopoll(event, -1) == SSH_ERROR) {
+          ssh_channel_close(sdata.channel);
+        }
+
+        /* If child process's stdout/stderr has been registered with the event,
+         * or the child process hasn't started yet, continue. */
+        if (cdata.event != NULL || cdata.pid == 0) {
+            continue;
+        }
+        /* Executed only once, once the child process starts. */
+        cdata.event = event;
+        /* If stdout valid, add stdout to be monitored by the poll event. */
+        if (cdata.child_stdout != -1) {
+            if (ssh_event_add_fd(event, cdata.child_stdout, POLLIN, process_stdout,
+                                 sdata.channel) != SSH_OK) {
+                fprintf(stderr, "Failed to register stdout to poll context\n");
+                ssh_channel_close(sdata.channel);
+            }
+        }
+
+        /* If stderr valid, add stderr to be monitored by the poll event. */
+        if (cdata.child_stderr != -1){
+            if (ssh_event_add_fd(event, cdata.child_stderr, POLLIN, process_stderr,
+                                 sdata.channel) != SSH_OK) {
+                fprintf(stderr, "Failed to register stderr to poll context\n");
+                ssh_channel_close(sdata.channel);
+            }
+        }
+    } while(ssh_channel_is_open(sdata.channel) &&
+            (cdata.pid == 0 || waitpid(cdata.pid, &rc, WNOHANG) == 0));
+
+    close(cdata.pty_master);
+    close(cdata.child_stdin);
+    close(cdata.child_stdout);
+    close(cdata.child_stderr);
+
+    /* Remove the descriptors from the polling context, since they are now
+     * closed, they will always trigger during the poll calls. */
+    ssh_event_remove_fd(event, cdata.child_stdout);
+    ssh_event_remove_fd(event, cdata.child_stderr);
+
+    /* If the child process exited. */
+    if (kill(cdata.pid, 0) < 0 && WIFEXITED(rc)) {
+        rc = WEXITSTATUS(rc);
+        ssh_channel_request_send_exit_status(sdata.channel, rc);
+    /* If client terminated the channel or the process did not exit nicely,
+     * but only if something has been forked. */
+    } else if (cdata.pid > 0) {
+        kill(cdata.pid, SIGKILL);
+    }
+
+    ssh_channel_send_eof(sdata.channel);
+    ssh_channel_close(sdata.channel);
+
+    /* Wait up to 5 seconds for the client to terminate the session. */
+    for (n = 0; n < 50 && (ssh_get_status(session) & SESSION_END) == 0; n++) {
+        ssh_event_dopoll(event, 100);
+    }
+}
+
+/* SIGCHLD handler for cleaning up dead children. */
+static void sigchld_handler(int signo) {
+    (void) signo;
+    while (waitpid(-1, NULL, WNOHANG) > 0);
+}
+
+int main(int argc, char **argv) {
+    ssh_bind sshbind;
+    ssh_session session;
+    ssh_event event;
+    struct sigaction sa;
+    int rc;
+
+    /* Set up SIGCHLD handler. */
+    sa.sa_handler = sigchld_handler;
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = SA_RESTART | SA_NOCLDSTOP;
+    if (sigaction(SIGCHLD, &sa, NULL) != 0) {
+        fprintf(stderr, "Failed to register SIGCHLD handler\n");
+        return 1;
+    }
+
+    rc = ssh_init();
+    if (rc < 0) {
+        fprintf(stderr, "ssh_init failed\n");
+        return 1;
+    }
+
+    sshbind = ssh_bind_new();
+    if (sshbind == NULL) {
+        fprintf(stderr, "ssh_bind_new failed\n");
+        return 1;
+    }
+
+#ifdef HAVE_ARGP_H
+    argp_parse(&argp, argc, argv, 0, 0, sshbind);
+#else
+    (void) argc;
+    (void) argv;
+
+    set_default_keys(sshbind, 0, 0, 0);
+#endif /* HAVE_ARGP_H */
+
+    if(ssh_bind_listen(sshbind) < 0) {
+        fprintf(stderr, "%s\n", ssh_get_error(sshbind));
+        return 1;
+    }
+
+    while (1) {
+        session = ssh_new();
+        if (session == NULL) {
+            fprintf(stderr, "Failed to allocate session\n");
+            continue;
+        }
+
+        /* Blocks until there is a new incoming connection. */
+        if(ssh_bind_accept(sshbind, session) != SSH_ERROR) {
+            switch(fork()) {
+                case 0:
+                    /* Remove the SIGCHLD handler inherited from parent. */
+                    sa.sa_handler = SIG_DFL;
+                    sigaction(SIGCHLD, &sa, NULL);
+                    /* Remove socket binding, which allows us to restart the
+                     * parent process, without terminating existing sessions. */
+                    ssh_bind_free(sshbind);
+
+                    event = ssh_event_new();
+                    if (event != NULL) {
+                        /* Blocks until the SSH session ends by either
+                         * child process exiting, or client disconnecting. */
+                        handle_session(event, session);
+                        ssh_event_free(event);
+                    } else {
+                        fprintf(stderr, "Could not create polling context\n");
+                    }
+                    ssh_disconnect(session);
+                    ssh_free(session);
+
+                    exit(0);
+                case -1:
+                    fprintf(stderr, "Failed to fork\n");
+            }
+        } else {
+            fprintf(stderr, "%s\n", ssh_get_error(sshbind));
+        }
+        /* Since the session has been passed to a child fork, do some cleaning
+         * up at the parent process. */
+        ssh_disconnect(session);
+        ssh_free(session);
+    }
+
+    ssh_bind_free(sshbind);
+    ssh_finalize();
+    return 0;
+}
--- a/examples/sshd_direct-tcpip.c
+++ b/examples/sshd_direct-tcpip.c
@@ -15,7 +15,7 @@ clients must be made or how a client should react.

 /*
 Example:
-  ./sshd_direct-tcpip -v -p 2022 -r serverkey.rsa 127.0.0.1
+  ./sshd_direct-tcpip -v -p 2022 -d serverkey.dsa -r serverkey.rsa 127.0.0.1
 */

 #include "config.h"
@@ -27,9 +27,6 @@ clients must be made or how a client should react.
 #ifdef HAVE_ARGP_H
 #include <argp.h>
 #endif
-#ifndef _WIN32
-#include <netinet/in.h>
-#endif
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <stdbool.h>
@@ -38,10 +35,6 @@ clients must be made or how a client should react.
 #include <stdio.h>
 #include <poll.h>

-#ifndef BUF_SIZE
-#define BUF_SIZE 16384
-#endif
-
 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)

 #ifndef __unused__
@@ -94,11 +87,8 @@ cleanup_push(struct cleanup_node_struct** head_ref,
 {
    // Allocate memory for node
    struct cleanup_node_struct *new_node = malloc(sizeof *new_node);
-    if (new_node == NULL) {
-        return;
-    }

-    if (*head_ref != NULL) {
+    if (head_ref != NULL) {
        new_node->next = *head_ref;
    } else {
        new_node->next = NULL;
@@ -203,7 +193,7 @@ subsystem_request(UNUSED_PARAM(ssh_session session),
                  UNUSED_PARAM(void *userdata))
 {
    _ssh_log(SSH_LOG_PROTOCOL,
-             "=== subsystem_request", "Channel subsystem request: %s",
+             "=== subsystem_request", "Channel subsystem reqeuest: %s",
             subsystem);
    return 0;
 }
@@ -299,7 +289,7 @@ my_channel_eof_function(ssh_session session,

    _ssh_log(SSH_LOG_PROTOCOL,
             "=== my_channel_eof_function",
-             "Got EOF on channel. Shutting down write on socket (fd = %d).",
+             "Got EOF on channel. Shuting down write on socket (fd = %d).",
             *event_fd_data->p_fd);

    stack_socket_close(session, event_fd_data);
@@ -361,9 +351,9 @@ my_fd_data_function(UNUSED_PARAM(socket_t fd),
 {
    struct event_fd_data_struct *event_fd_data = (struct event_fd_data_struct *)userdata;
    ssh_channel channel = event_fd_data->channel;
-    ssh_session session = NULL;
+    ssh_session session;
    int len, i, wr;
-    char buf[BUF_SIZE];
+    char buf[16384];
    int blocking;

    if (channel == NULL) {
@@ -428,7 +418,7 @@ my_fd_data_function(UNUSED_PARAM(socket_t fd),
                    break;
                }
                wr += i;
-                _ssh_log(SSH_LOG_FUNCTIONS, "=== my_fd_data_function", "ssh_channel_write (%d from %d)", wr, len);
+                _ssh_log(SSH_LOG_FUNCTIONS, "=== my_fd_data_function", "channel_write (%d from %d)", wr, len);
            } while (i > 0 && wr < len);
        }
        else {
@@ -455,8 +445,8 @@ open_tcp_socket(ssh_message msg)
 {
    struct sockaddr_in sin;
    int forwardsock = -1;
-    struct hostent *host = NULL;
-    const char *dest_hostname = NULL;
+    struct hostent *host;
+    const char *dest_hostname;
    int dest_port;

    forwardsock = socket(AF_INET, SOCK_STREAM, 0);
@@ -499,8 +489,8 @@ message_callback(UNUSED_PARAM(ssh_session session),
                 UNUSED_PARAM(void *userdata))
 {
    ssh_channel channel;
-    int socket_fd, *pFd = NULL;
-    struct ssh_channel_callbacks_struct *cb_chan = NULL;
+    int socket_fd, *pFd;
+    struct ssh_channel_callbacks_struct *cb_chan;
    struct event_fd_data_struct *event_fd_data;

    _ssh_log(SSH_LOG_PACKET, "=== message_callback", "Message type: %d",
@@ -526,13 +516,12 @@ message_callback(UNUSED_PARAM(ssh_session session),
                }

                pFd = malloc(sizeof *pFd);
-                cb_chan = calloc(1, sizeof *cb_chan);
+                cb_chan = malloc(sizeof *cb_chan);
                event_fd_data = malloc(sizeof *event_fd_data);
                if (pFd == NULL || cb_chan == NULL || event_fd_data == NULL) {
                    SAFE_FREE(pFd);
                    SAFE_FREE(cb_chan);
                    SAFE_FREE(event_fd_data);
-                    close(socket_fd);
                    return 1;
                }

@@ -589,12 +578,20 @@ static struct argp_option options[] = {
        .doc   = "Set the host key.",
        .group = 0
    },
+    {
+        .name  = "dsakey",
+        .key   = 'd',
+        .arg   = "FILE",
+        .flags = 0,
+        .doc   = "Set the dsa key.",
+        .group = 0
+    },
    {
        .name  = "rsakey",
        .key   = 'r',
        .arg   = "FILE",
        .flags = 0,
-        .doc   = "Set the rsa key (deprecated alias for 'k').",
+        .doc   = "Set the rsa key.",
        .group = 0
    },
    {
@@ -621,10 +618,15 @@ parse_opt (int key, char *arg, struct argp_state *state)
        case 'p':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT_STR, arg);
            break;
-        case 'r':
+        case 'd':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, arg);
+            break;
        case 'k':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, arg);
            break;
+        case 'r':
+            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, arg);
+            break;
        case 'v':
            ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY_STR, "1");
            break;
@@ -655,8 +657,8 @@ static struct argp argp = {options, parse_opt, args_doc, doc, NULL, NULL, NULL};
 int
 main(int argc, char **argv)
 {
-    ssh_session session = NULL;
-    ssh_bind sshbind = NULL;
+    ssh_session session;
+    ssh_bind sshbind;
    struct ssh_server_callbacks_struct cb = {
        .userdata = NULL,
        .auth_password_function = auth_password,
@@ -675,7 +677,8 @@ main(int argc, char **argv)
    session = ssh_new();
    mainloop = ssh_event_new();

-    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, KEYS_FOLDER "ssh_host_rsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_DSAKEY, KEYS_FOLDER "ssh_host_dsa_key");
+    ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_RSAKEY, KEYS_FOLDER "ssh_host_rsa_key");

 #ifdef HAVE_ARGP_H
    /*
--- a/examples/sshnetcat.c
+++ b/examples/sshnetcat.c
@@ -34,242 +34,222 @@ clients must be made or how a client should react.
 #include <fcntl.h>

 #include "examples_common.h"
-
-#ifndef BUF_SIZE
-#define BUF_SIZE 4096
-#endif
-
-char *host = NULL;
-const char *desthost = "localhost";
-const char *port = "22";
+char *host;
+const char *desthost="localhost";
+const char *port="22";

 #ifdef WITH_PCAP
 #include <libssh/pcap.h>
-char *pcap_file = NULL;
+char *pcap_file=NULL;
 #endif

 static void usage(void)
 {
-    fprintf(stderr,
-            "Usage : sshnetcat [user@]host forwarded_host forwarded_port\n");
-    exit(1);
+  fprintf(stderr,"Usage : sshnetcat [user@]host forwarded_host forwarded_port\n");
+  exit(1);
 }

-static int opts(int argc, char **argv)
-{
+static int opts(int argc, char **argv){
    int i;
-    while ((i = getopt(argc, argv, "P:")) != -1) {
-        switch (i) {
+    while((i=getopt(argc,argv,"P:"))!=-1){
+        switch(i){
 #ifdef WITH_PCAP
-        case 'P':
-            pcap_file = optarg;
-            break;
+        	case 'P':
+        		pcap_file=optarg;
+        		break;
 #endif
-        default:
-            fprintf(stderr, "unknown option %c\n", optopt);
-            usage();
+            default:
+                fprintf(stderr,"unknown option %c\n",optopt);
+                usage();
        }
    }
-    if (optind < argc)
-        host = argv[optind++];
-    if (optind < argc)
-        desthost = argv[optind++];
-    if (optind < argc)
-        port = argv[optind++];
-    if (host == NULL)
+    if(optind < argc)
+        host=argv[optind++];
+    if(optind < argc)
+        desthost=argv[optind++];
+    if(optind < argc)
+        port=argv[optind++];
+    if(host==NULL)
        usage();
    return 0;
 }

-static void select_loop(ssh_session session, ssh_channel channel)
-{
-    fd_set fds;
-    struct timeval timeout;
-    char buffer[BUF_SIZE];
-    /* channels will be set to the channels to poll.
-     * outchannels will contain the result of the poll
-     */
-    ssh_channel channels[2], outchannels[2];
-    int lus;
-    int eof = 0;
-    int maxfd;
-    int ret;
-    while (channel) {
-        do {
+static void select_loop(ssh_session session,ssh_channel channel){
+	fd_set fds;
+	struct timeval timeout;
+	char buffer[4096];
+	/* channels will be set to the channels to poll.
+	 * outchannels will contain the result of the poll
+	 */
+	ssh_channel channels[2], outchannels[2];
+	int lus;
+	int eof=0;
+	int maxfd;
+	int ret;
+	while(channel){
+		do{
            int fd;

            ZERO_STRUCT(fds);
-            FD_ZERO(&fds);
-            if (!eof)
-                FD_SET(0, &fds);
-            timeout.tv_sec = 30;
-            timeout.tv_usec = 0;
+			FD_ZERO(&fds);
+			if(!eof)
+				FD_SET(0,&fds);
+			timeout.tv_sec=30;
+			timeout.tv_usec=0;

            fd = ssh_get_fd(session);
            if (fd == -1) {
-                fprintf(stderr,
-                        "Error getting the session file descriptor: %s\n",
-                        ssh_get_error(session));
+                fprintf(stderr, "Error getting the session file descriptor: %s\n",
+                                ssh_get_error(session));
                return;
            }
            FD_SET(fd, &fds);
            maxfd = fd + 1;

-            channels[0] = channel; // set the first channel we want to read from
-            channels[1] = NULL;
-            ret = ssh_select(channels, outchannels, maxfd, &fds, &timeout);
-            if (ret == EINTR)
-                continue;
-            if (FD_ISSET(0, &fds)) {
-                lus = read(0, buffer, sizeof(buffer));
-                if (lus)
-                    ssh_channel_write(channel, buffer, lus);
-                else {
-                    eof = 1;
-                    ssh_channel_send_eof(channel);
-                }
-            }
-            if (channel && ssh_channel_is_closed(channel)) {
-                ssh_channel_free(channel);
-                channel = NULL;
-                channels[0] = NULL;
-            }
-            if (outchannels[0]) {
-                while (channel && ssh_channel_is_open(channel) &&
-                       ssh_channel_poll(channel, 0)) {
-                    lus = ssh_channel_read(channel, buffer, sizeof(buffer), 0);
-                    if (lus == -1) {
-                        fprintf(stderr,
-                                "Error reading channel: %s\n",
-                                ssh_get_error(session));
-                        return;
+			channels[0]=channel; // set the first channel we want to read from
+			channels[1]=NULL;
+			ret=ssh_select(channels,outchannels,maxfd,&fds,&timeout);
+			if(ret==EINTR)
+				continue;
+			if(FD_ISSET(0,&fds)){
+				lus=read(0,buffer,sizeof(buffer));
+				if(lus)
+					ssh_channel_write(channel,buffer,lus);
+				else {
+					eof=1;
+					ssh_channel_send_eof(channel);
+				}
+			}
+			if(channel && ssh_channel_is_closed(channel)){
+				ssh_channel_free(channel);
+				channel=NULL;
+				channels[0]=NULL;
+			}
+			if(outchannels[0]){
+				while(channel && ssh_channel_is_open(channel) && ssh_channel_poll(channel,0)){
+					lus = ssh_channel_read(channel,buffer,sizeof(buffer),0);
+					if(lus==-1){
+						fprintf(stderr, "Error reading channel: %s\n",
+								ssh_get_error(session));
+						return;
+					}
+					if(lus==0){
+						ssh_channel_free(channel);
+						channel=channels[0]=NULL;
+					} else {
+						ret = write(1, buffer, lus);
+						if (ret < 0) {
+							fprintf(stderr, "Error writing to stdin: %s",
+								strerror(errno));
+							return;
+						}
+					}
+				}
+				while(channel && ssh_channel_is_open(channel) && ssh_channel_poll(channel,1)){ /* stderr */
+					lus = ssh_channel_read(channel, buffer, sizeof(buffer), 1);
+					if(lus==-1){
+						fprintf(stderr, "Error reading channel: %s\n",
+								ssh_get_error(session));
+						return;
+					}
+					if(lus==0){
+						ssh_channel_free(channel);
+						channel=channels[0]=NULL;
+					} else {
+						ret = write(2, buffer, lus);
+						if (ret < 0) {
+							fprintf(stderr, "Error writing to stderr: %s",
+								strerror(errno));
+							return;
+						}
                    }
-                    if (lus == 0) {
-                        ssh_channel_free(channel);
-                        channel = channels[0] = NULL;
-                    } else {
-                        ret = write(1, buffer, lus);
-                        if (ret < 0) {
-                            fprintf(stderr,
-                                    "Error writing to stdin: %s",
-                                    strerror(errno));
-                            return;
-                        }
-                    }
-                }
-                while (channel && ssh_channel_is_open(channel) &&
-                       ssh_channel_poll(channel, 1)) { /* stderr */
-                    lus = ssh_channel_read(channel, buffer, sizeof(buffer), 1);
-                    if (lus == -1) {
-                        fprintf(stderr,
-                                "Error reading channel: %s\n",
-                                ssh_get_error(session));
-                        return;
-                    }
-                    if (lus == 0) {
-                        ssh_channel_free(channel);
-                        channel = channels[0] = NULL;
-                    } else {
-                        ret = write(2, buffer, lus);
-                        if (ret < 0) {
-                            fprintf(stderr,
-                                    "Error writing to stderr: %s",
-                                    strerror(errno));
-                            return;
-                        }
-                    }
-                }
-            }
-            if (channel && ssh_channel_is_closed(channel)) {
-                ssh_channel_free(channel);
-                channel = NULL;
-            }
-        } while (ret == EINTR || ret == SSH_EINTR);
-    }
+				}
+			}
+			if(channel && ssh_channel_is_closed(channel)){
+				ssh_channel_free(channel);
+				channel=NULL;
+			}
+		} while (ret==EINTR || ret==SSH_EINTR);
+
+	}
 }

-static void forwarding(ssh_session session)
-{
+static void forwarding(ssh_session session){
    ssh_channel channel;
    int r;
    channel = ssh_channel_new(session);
    r = ssh_channel_open_forward(channel, desthost, atoi(port), "localhost", 22);
-    if (r < 0) {
-        printf("error forwarding port : %s\n", ssh_get_error(session));
+    if(r<0) {
+        printf("error forwarding port : %s\n",ssh_get_error(session));
        return;
    }
-    select_loop(session, channel);
+    select_loop(session,channel);
 }

-static int client(ssh_session session)
-{
-    int auth = 0;
-    char *banner = NULL;
-    int state;
+static int client(ssh_session session){
+  int auth=0;
+  char *banner;
+  int state;

-    if (ssh_options_set(session, SSH_OPTIONS_HOST, host) < 0)
-        return -1;
-    ssh_options_parse_config(session, NULL);
+  if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
+    return -1;
+  ssh_options_parse_config(session, NULL);

-    if (ssh_connect(session)) {
-        fprintf(stderr, "Connection failed : %s\n", ssh_get_error(session));
-        return -1;
-    }
-    state = verify_knownhost(session);
-    if (state != 0)
-        return -1;
-    ssh_userauth_none(session, NULL);
-    banner = ssh_get_issue_banner(session);
-    if (banner) {
-        printf("%s\n", banner);
-        free(banner);
-    }
-    auth = authenticate_console(session);
-    if (auth != SSH_AUTH_SUCCESS) {
-        return -1;
-    }
-    forwarding(session);
-    return 0;
+  if(ssh_connect(session)){
+      fprintf(stderr,"Connection failed : %s\n",ssh_get_error(session));
+      return -1;
+  }
+  state=verify_knownhost(session);
+  if (state != 0)
+  	return -1;
+  ssh_userauth_none(session, NULL);
+  banner=ssh_get_issue_banner(session);
+  if(banner){
+      printf("%s\n",banner);
+      free(banner);
+  }
+  auth=authenticate_console(session);
+  if(auth != SSH_AUTH_SUCCESS){
+  	return -1;
+  }
+ 	forwarding(session);
+  return 0;
 }

 #ifdef WITH_PCAP
 ssh_pcap_file pcap;
 void set_pcap(ssh_session session);
-void set_pcap(ssh_session session)
-{
-    if (!pcap_file)
-        return;
-    pcap = ssh_pcap_file_new();
-    if (ssh_pcap_file_open(pcap, pcap_file) == SSH_ERROR) {
-        printf("Error opening pcap file\n");
-        ssh_pcap_file_free(pcap);
-        pcap = NULL;
-        return;
-    }
-    ssh_set_pcap_file(session, pcap);
+void set_pcap(ssh_session session){
+	if(!pcap_file)
+		return;
+	pcap=ssh_pcap_file_new();
+	if(ssh_pcap_file_open(pcap,pcap_file) == SSH_ERROR){
+		printf("Error opening pcap file\n");
+		ssh_pcap_file_free(pcap);
+		pcap=NULL;
+		return;
+	}
+	ssh_set_pcap_file(session,pcap);
 }

 void cleanup_pcap(void);
-void cleanup_pcap(void)
-{
-    ssh_pcap_file_free(pcap);
-    pcap = NULL;
+void cleanup_pcap(){
+	ssh_pcap_file_free(pcap);
+	pcap=NULL;
 }
 #endif

-int main(int argc, char **argv)
-{
-    ssh_session session = NULL;
+int main(int argc, char **argv){
+    ssh_session session;

    session = ssh_new();

-    if (ssh_options_getopt(session, &argc, argv)) {
-        fprintf(stderr,
-                "error parsing command line :%s\n",
-                ssh_get_error(session));
-        usage();
+    if(ssh_options_getopt(session, &argc, argv)) {
+      fprintf(stderr, "error parsing command line :%s\n",
+          ssh_get_error(session));
+      usage();
    }
-    opts(argc, argv);
+    opts(argc,argv);
 #ifdef WITH_PCAP
    set_pcap(session);
 #endif
--- a/include/libssh/CMakeLists.txt
+++ b/include/libssh/CMakeLists.txt
@@ -20,22 +20,8 @@ if (WITH_SERVER)
    ${libssh_HDRS}
    server.h
  )
-
-  if (WITH_SFTP)
-    set(libssh_HDRS
-        ${libssh_HDRS}
-        sftpserver.h
-    )
-  endif (WITH_SFTP)
 endif (WITH_SERVER)

-if (WITH_FIDO2)
-    set(libssh_HDRS
-        ${libssh_HDRS}
-        sk_api.h
-    )
-endif (WITH_FIDO2)
-
 install(
  FILES
    ${libssh_HDRS}
--- a/include/libssh/agent.h
+++ b/include/libssh/agent.h
@@ -70,10 +70,6 @@
 #define SSH_AGENT_RSA_SHA2_256                   0x02
 #define SSH_AGENT_RSA_SHA2_512                   0x04

-#ifdef __cplusplus
-extern "C" {
-#endif
-
 struct ssh_agent_struct {
  struct ssh_socket_struct *sock;
  ssh_buffer ident;
@@ -81,6 +77,7 @@ struct ssh_agent_struct {
  ssh_channel channel;
 };

+#ifndef _WIN32
 /* agent.c */
 /**
 * @brief Create a new ssh agent structure.
@@ -118,9 +115,6 @@ ssh_key ssh_agent_get_first_ident(struct ssh_session_struct *session,
 ssh_string ssh_agent_sign_data(ssh_session session,
                               const ssh_key pubkey,
                               struct ssh_buffer_struct *data);
-
-#ifdef __cplusplus
-}
 #endif

 #endif /* __AGENT_H */
--- a/include/libssh/auth.h
+++ b/include/libssh/auth.h
@@ -23,10 +23,6 @@
 #include "config.h"
 #include "libssh/callbacks.h"

-#ifdef __cplusplus
-extern "C" {
-#endif
-
 SSH_PACKET_CALLBACK(ssh_packet_userauth_banner);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_failure);
 SSH_PACKET_CALLBACK(ssh_packet_userauth_success);
@@ -52,45 +48,42 @@ typedef struct ssh_kbdint_struct* ssh_kbdint;
 ssh_kbdint ssh_kbdint_new(void);
 void ssh_kbdint_clean(ssh_kbdint kbd);
 void ssh_kbdint_free(ssh_kbdint kbd);
-int ssh_userauth_gssapi_keyex(ssh_session session);

 /** @internal
 * States of authentication in the client-side. They describe
 * what was the last response from the server
 */
 enum ssh_auth_state_e {
-    /** No authentication asked */
-    SSH_AUTH_STATE_NONE = 0,
-    /** Last authentication response was a partial success */
-    SSH_AUTH_STATE_PARTIAL,
-    /** Last authentication response was a success */
-    SSH_AUTH_STATE_SUCCESS,
-    /** Last authentication response was failed */
-    SSH_AUTH_STATE_FAILED,
-    /** Last authentication was erroneous */
-    SSH_AUTH_STATE_ERROR,
-    /** Last state was a keyboard-interactive ask for info */
-    SSH_AUTH_STATE_INFO,
-    /** Last state was a public key accepted for authentication */
-    SSH_AUTH_STATE_PK_OK,
-    /** We asked for a keyboard-interactive authentication */
-    SSH_AUTH_STATE_KBDINT_SENT,
-    /** We have sent an userauth request with gssapi-with-mic */
-    SSH_AUTH_STATE_GSSAPI_REQUEST_SENT,
-    /** We are exchanging tokens until authentication */
-    SSH_AUTH_STATE_GSSAPI_TOKEN,
-    /** We have sent the MIC and expecting to be authenticated */
-    SSH_AUTH_STATE_GSSAPI_MIC_SENT,
-    /** We have offered a pubkey to check if it is supported */
-    SSH_AUTH_STATE_PUBKEY_OFFER_SENT,
-    /** We have sent pubkey and signature expecting to be authenticated */
-    SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
-    /** We have sent a password expecting to be authenticated */
-    SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
-    /** We have sent a request without auth information (method 'none') */
-    SSH_AUTH_STATE_AUTH_NONE_SENT,
-    /** We have sent the MIC and expecting to be authenticated */
-    SSH_AUTH_STATE_GSSAPI_KEYEX_MIC_SENT,
+  /** No authentication asked */
+  SSH_AUTH_STATE_NONE=0,
+  /** Last authentication response was a partial success */
+  SSH_AUTH_STATE_PARTIAL,
+  /** Last authentication response was a success */
+  SSH_AUTH_STATE_SUCCESS,
+  /** Last authentication response was failed */
+  SSH_AUTH_STATE_FAILED,
+  /** Last authentication was erroneous */
+  SSH_AUTH_STATE_ERROR,
+  /** Last state was a keyboard-interactive ask for info */
+  SSH_AUTH_STATE_INFO,
+  /** Last state was a public key accepted for authentication */
+  SSH_AUTH_STATE_PK_OK,
+  /** We asked for a keyboard-interactive authentication */
+  SSH_AUTH_STATE_KBDINT_SENT,
+  /** We have sent an userauth request with gssapi-with-mic */
+  SSH_AUTH_STATE_GSSAPI_REQUEST_SENT,
+  /** We are exchanging tokens until authentication */
+  SSH_AUTH_STATE_GSSAPI_TOKEN,
+  /** We have sent the MIC and expecting to be authenticated */
+  SSH_AUTH_STATE_GSSAPI_MIC_SENT,
+  /** We have offered a pubkey to check if it is supported */
+  SSH_AUTH_STATE_PUBKEY_OFFER_SENT,
+  /** We have sent pubkey and signature expecting to be authenticated */
+  SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
+  /** We have sent a password expecting to be authenticated */
+  SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
+  /** We have sent a request without auth information (method 'none') */
+  SSH_AUTH_STATE_AUTH_NONE_SENT,
 };

 /** @internal
@@ -107,8 +100,4 @@ enum ssh_auth_service_state_e {
  SSH_AUTH_SERVICE_DENIED,
 };

-#ifdef __cplusplus
-}
-#endif
-
 #endif /* AUTH_H_ */
--- a/include/libssh/bignum.h
+++ b/include/libssh/bignum.h
@@ -25,17 +25,9 @@
 #include "libssh/libgcrypt.h"
 #include "libssh/libmbedcrypto.h"

-#ifdef __cplusplus
-extern "C" {
-#endif
-
 bignum ssh_make_string_bn(ssh_string string);
 ssh_string ssh_make_bignum_string(bignum num);
-ssh_string ssh_make_padded_bignum_string(bignum num, size_t pad_len);
 void ssh_print_bignum(const char *which, const_bignum num);

-#ifdef __cplusplus
-}
-#endif

 #endif /* BIGNUM_H_ */
--- a/Show More
+++ b/Show More