libssh2

Version 1.11.1 - October 16 2024

Enhancements and bugfixes

autotools: fix to update `LDFLAGS` for each detected dependency (d19b6190 #1384 #1381 #1377)
autotools: delete `--disable-tests` option, fix CI tests (e051ae34 #1271 #715 revert: 7483edfa)
autotools: show the default for `hidden-symbols` option (a3f5594a #1269)
autotools: enable `-Wunused-macros` with gcc (ecdf5199 #1262 #1227 #1224)
autotools: fix dotless gcc and Apple clang version detections (89ccc83c #1232 #1187)
autotools: show more clang/gcc version details (fb580161 #1230)
autotools: avoid warnings in libtool stub code (96682bd5 #1227 #1224)
autotools: sync warning enabler code with curl (5996fefe #1223)
autotools: rename variable (ce5f208a #1222)
autotools: picky warning options tidy-up (cdca8cff #1221)
autotools: fix `cp` to preserve attributes and timestamp in `Makefile.am` (f64e6318)
autotools: fix selecting WinCNG in cross-builds (and more) (00a3b88c #1187 #1186)
autotools: use comma separator in `Requires.private` of `libssh2.pc` (7f83de14 #1124)
autotools: remove `AB_INIT` from `configure.ac` (f4f52ccc)
autotools: improve libz position (c89174a7 #1077 #941 #1075 #1013 regr: 4f0f4bff)
autotools: skip tests requiring static lib if `--disable-static` (572c57c9 #1072 #663 #1056 regr: 83853f8a)
build: stop detecting `sys/param.h` header (2677d3b0 #1418 #1415)
build: silence warnings inside `FD_SET()`/`FD_ISSET()` macros (323a14b2 #1379)
build: drop `-Wformat-nonliteral` warning suppressions (c452c5cc #1342)
build: enable `-pedantic-errors` (3ec53f3e #1286)
build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute (f8c45794 #1287)
build: add `LIBSSH2_NO_DEPRECATED` option (b1414503 #1267 #1266 #1260 #1259)
build: enable missing OpenSSF-recommended warnings, with fixes (afa6b865 #1257)
build: enable more compiler warnings and fix them (7ecc309c #1224)
build: picky warning updates (328a96b3 #1219)
build: revert: respect autotools `DLL_EXPORT` in `libssh2.h` (481be044 #1141 #917 revert: fb1195cf)
build: stop requiring libssl from openssl (c84745e3 #1128)
build: tidy-up `libssh2.pc.in` variable names (5720dd9f #1125)
build: add/fix `Requires.private` packages in `libssh2.pc` (ef538069 #1123)
buildconf: drop (814a850c #1441 follow: fc5d7788)
checksrc: update, check all sources, fix fallouts (1117b677 #1457)
checksrc: sync with curl (8cd473c9 #1272)
checksrc: fix spelling in comment (a95d401f)
checksrc: modernise Perl file open (3d309f9b)
checksrc: switch to dot file (d67a91aa #1052)
ci: use Ninja with cmake (20ad047d #1458)
ci: disable dependency tracking in autotools builds (e44f0418 #1396)
ci: fix mbedtls runners on macOS (84411539 #1381)
ci: enable Unity mode for most CMake builds (1bfae57b #1367 #1034)
ci: add shellcheck job and script (d88b9bcd)
ci: verify build and install from tarball (a86e27e8 #1362)
ci: add reproducibility test for `maketgz` (2d765e45 #1360)
ci: use Linux runner for BSDs, add arm64 FreeBSD 14 job (6f86b196 #1343)
ci: do not parallelize `distcheck` job (5e65dd87 #1339)
ci: add FreeBSD 14 job, fix issues (46333adf #1277)
ci: add OmniOS job, fix issues (5e0ec991)
ci: show compiler in cross/cygwin job names (c9124088)
ci: add OpenBSD (v7.4) job + fix build error in example (0c9a8e35 #1250)
ci: add NetBSD (v9.3) job (65c7a7a5)
ci: update and speed up FreeBSD job (eee4e805)
ci: use absolute path in `CMAKE_INSTALL_PREFIX` (74948816 #1247)
ci: boost mbedTLS build speed (236e79a1 #1245)
ci: add BoringSSL job (cmake, gcc, amd64) (c9dd3566 #1233)
ci: fixup FreeBSD version, bump mbedTLS (fea6664e #1217)
ci: add FreeBSD 13.2 job (a7d2a573 #1215)
ci: mbedTLS 3.5.0 (5e190442 #1202)
ci: update actions, use shallow clones with appveyor (d468a33f #1199)
ci: replace `mv` + `chmod` with `install` in `Dockerfile` (5754fed6 #1175)
ci: set file mode early in `appveyor_docker.yml` (633db55f)
ci: add spellcheck (codespell) (a79218d3)
ci: add MSYS builds (autotools and cmake) (d43b8d9b #1162)
ci: add Cygwin builds (autotools and cmake) (f1e96e73 #1161)
ci: add mingw-w64 UWP build (1215aa5f #1155 #1147)
ci: add missing timeout to 'autotools distcheck' step (6265ffdb)
ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor (c6e137f7 #1074 #1072)
ci: prefer `=` operator in shell snippets (e5c03043 #1073)
ci: drop redundant/unused vars, sync var names (ab8e95bc #1059)
ci: add i386 Linux build (with mbedTLS) (abdf40c7 #1057 #1053)
ci/appveyor: reduce test runs (workaround for infrastructure permafails) (b5e68bdc #1461)
ci/appveyor: increase wait for SSH server on GHA (bf3af90b)
ci/appveyor: bump to OpenSSL 3.2.1 (53d9c1a6 #1363 #1348)
ci/appveyor: re-enable parallel mode (e190e5b2 #1294 #884 #867)
ci/appveyor: delete UWP job broken since Visual Studio upgrade (d0a7f1da #1275)
ci/appveyor: YAML/PowerShell formatting, shorten variable name (06fd721f #1200)
ci/appveyor: move to pure PowerShell (8a081fd9 #1197)
ci/GHA: revert concurrency and improve permissions (e4c042f6)
ci/GHA: FreeBSD 14.1, actions bump (ae04b1b9 #1424)
ci/GHA: fix wolfSSL-from-source AES-GCM tests (1c0b07a7 #1409 #1408)
ci/GHA: add Linux job with latest wolfSSL built from source (d4cea53f #1408 #1299 #1020)
ci/GHA: tidy up build-from-source steps (2c633033)
ci/GHA: show configure logs on failure and other tidy-ups (dab48398 #1403)
ci/GHA: bump parallel jobs to nproc+1 (6f3d3bc8 #1402)
ci/GHA: show test logs on failure (b8ffa7a5 #1401)
ci/GHA: fix `Dockerfile` failing after Ubuntu package update (839bb84e #1400)
ci/GHA: use ubuntu-latest with OmniOS job (50143d58)
ci/GHA: shell syntax tidy-up (3b23e039 #1390)
ci/GHA: bump NetBSD/OpenBSD, add NetBSD arm64 job (e980af72 #1388)
ci/GHA: tidy up wolfSSL autotools config on macOS (5953c1f1 #1383)
ci/GHA: shorter mbedTLS autotools workaround (736e3d7d #1382 #1381)
ci/GHA: fix gcrypt with autotools/macOS/Homebrew/ARM64 (ae2770de #1377)
ci/GHA: fix verbose option for autotools jobs (499b27ae #1376)
ci/GHA: dump `config.log` on failure for macOS autotools jobs (4fa69214 #1375)
ci/GHA: fix `autoreconf` failure on macOS/Homebrew (0b64b30b #1374)
ci/GHA: fixup Homebrew location (for ARM runners) (6128aee0 #1373)
ci/GHA: review/fixup auto-cancel settings (b08cfbc9 #1292)
ci/GHA: restore curly braces in `if` (36748270 #1145)
ci/GHA: simplify `if` strings (cab3db58 #1140)
cmake: sync and improve Find modules, add `pkg-config` native detection (45064137 #1445 #1420)
cmake: generate `LIBSSH2_PC_LIBS_PRIVATE` dynamically (c87f1296 #1466)
cmake: add comment about `ibssh2.pc.in` variables (14b1b9d0)
cmake: support absolute `CMAKE_INSTALL_INCLUDEDIR`/`CMAKE_INSTALL_LIBDIR` (d70cee36 #1465)
cmake: rename two variables and initialize them (0fce9dcc #1464)
cmake: prefer `find_dependency()` in `libssh2-config.cmake` (d9c2e550 #1460)
cmake: tidy up syntax, minor improvements (9d9ee780 #1446)
cmake: rename mbedTLS and wolfSSL Find modules (570de0f2)
cmake: fixup version detection in mbedTLS Find module (8e3c40b2 #1444)
cmake: mbedTLS detection tidy-ups (6d1d13c2 #1438)
cmake: add quotes, delete ending dirseps (2bb46d44 #1437 #1166)
cmake: sync formatting in `cmake/Find*` modules (a0310699)
cmake: tidy up function name casing in `CopyRuntimeDependencies.cmake` (03547cb8)
cmake: use the imported target of FindOpenSSL module (82b09f9b #1322)
cmake: rename picky warnings script (64d6789f #1225)
cmake: fix multiple include of libssh2 package (932d6a32 #1216)
cmake: show crypto backend in feature summary (20387285 #1211)
cmake: simplify showing CMake version (fc00bdd7 #1203)
cmake: cleanup mbedTLS version detection more (4c241d5c #1196 #1192)
cmake: delete duplicate `include()` (30eef0a6)
cmake: improve/fix mbedTLS detection (41594675 #1192 #1191)
cmake: tidy-up `foreach()` syntax (4a64ca14 #1180)
cmake: verify `libssh2_VERSION` in integration tests (a20572e9)
cmake: show cmake versions in ci (87f5769b)
cmake: quote more strings (e9c7d3af #1173)
cmake: add `ExternalProject` integration test (aeaefaf6 #1171)
cmake: add integration tests (8715c3d5 #1170)
cmake: (re-)add aliases for `add_subdirectory()` builds (4ff64ae3 #1169)
cmake: style tidy-up (3fa5282d #1166)
cmake: add `LIB_NAME` variable (5453fc80 #1159)
cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` (ae7d5108 #1157)
cmake: replace `libssh2` literals with `PROJECT_NAME` variable (72fd2595 #1152)
cmake: fix `STREQUAL` check in error branch (42d3bf13 #1151)
cmake: cache more config values on Windows (11a03690 #1142)
cmake: streamline invocation (f58f77b5 #1138)
cmake: merge `set_target_properties()` calls (a9091007 #1132)
cmake: (re-)add zlib to `Libs.private` in `libssh2.pc` (64643018 #1131)
cmake: use `wolfssl/options.h` for detection, like autotools (c5ec6c49 #1130)
cmake: add openssl libs to `Libs.private` in `libssh2.pc` (5cfa59d3 #1127)
cmake: bump minimum CMake version to v3.7.0 (9cd18f45 #1126)
cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (0f396aa9 #1121)
cmake: tidy-ups (2fc36790 #1122)
cmake: re-add `Libssh2:libssh2` for compatibility + lowercase namespace (2da13c13 #1104 #731 #1103)
copyright: remove years from copyright headers (187d89bb #1082)
disable DSA by default (b7ab0faa #1435 #1433)
docs: update `INSTALL_AUTOTOOLS` (2f0efde3 #1316)
docs: replace SHA1 with SHA256 in CMake example (766bde9f)
example: restore `sys/time.h` for AIX (24503cb9 #1340 #1335 #1334 #1001 regr: e53aae0e)
example: use `libssh2_socket_t` in X11 example (3f60ccb7)
example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (8d69e63d #1258 follow: 6c84a426)
example: fix regression in `ssh2_exec.c` (279a2e57 #1106 #861 #846 #1105 regr: b13936bd)
example, tests: call `WSACleanup()` for each `WSAStartup()` (94b6bad3 #1283)
example, tests: fix/silence `-Wformat-truncation=2` gcc warnings (744e059f)
hostkey: do not advertise ssh-rsa when SHA1 is disabled (82d1b8ff #1093 #1092)
kex: prevent possible double free of hostkey (b3465418 #1452)
kex: always check for null pointers before calling _libssh2_bn_set_word (9f23a3bb #1423)
kex: fix a memory leak in key exchange (19101843 #1412 #1404)
kex: always add extension indicators to kex_algorithms (00e2a07e #1327 #1326)
libssh2.h: add deprecated function warnings (9839ebe5 #1289 #1260)
libssh2.h: add portable `LIBSSH2_SOCKET_CLOSE()` macro (28dbf016 #1278)
libssh2.h: use `_WIN32` for Windows detection instead of rolling our own (631e7734 #1238)
libssh2.pc: reference mbedcrypto pkgconfig (c149a127 #1405)
libssh2.pc: re-add & extend support for static-only libssh2 builds (624abe27 #1119 #1114)
libssh2.pc: don't put `@LIBS@` in pc file (1209c16d)
mac: add empty hash functions for `mac_method_hmac_aesgcm` to not crash when e.g. setting `LIBSSH2_METHOD_CRYPT_CS` (b2738391 #1321)
mac: handle low-level errors (f64885b6 #1297)
Makefile.mk: delete Windows-focused raw GNU Make build (43485579 #1204)
maketgz: reproducible tarballs/zip, display tarball hashes (d52fe1b4 #1357 #1359)
maketgz: `set -eu`, reproducibility, improve zip, add CI test (cba7f975 #1353)
man: improve `libssh2_userauth_publickey_from*` manpages (581b72aa #1347 #1308 #652)
man: fix double spaces and dash escaping (a3ffc422 #1210)
man: add description to `libssh2_session_get_blocking.3` (67e39091 #1185)
mbedtls: always init ECDSA mbedtls_pk_context (a50d7deb #1430)
mbedtls: correctly initialize values (ECDSA) (1701d5c0 #1428 #1421)
mbedtls: expose `mbedtls_pk_load_file()` for our use (1628f6ca #1421 #1393 #1349 follow: e973493f)
mbedtls: add workaround + FIXME to build with 3.6.0 (2e4c5ec4 #1349)
mbedtls: improve disabling `-Wredundant-decls` (ecec68a2 #1226 #1224)
mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER` (9d7bc253 #1095 #1094)
mbedtls: use more `size_t` to sync up with `crypto.h` (1153ebde #1054 #879 #846 #1053)
md5: allow disabling old-style encrypted private keys at build-time (eb9f9de2 #1181)
mingw: fix printf mask for 64-bit integers (36c1e1d1 #1091 #876 #846 #1090)
misc: flatten `_libssh2_explicit_zero` if tree (74e74288 #1149)
NMakefile: delete (c515eed3 #1134 #1129)
openssl: free allocated resources when using openssl3 (b942bad1 #1459)
openssl: fix memory leaks in `_libssh2_ecdsa_curve_name_with_octal_new` and `_libssh2_ecdsa_verify` (8d3bc19b #1449)
openssl: fix calculating DSA public key with OpenSSL 3 (8b3c6e9d #1380)
openssl: initialize BIGNUMs to NULL in `gen_publickey_from_dsa` for OpenSSL 3 (f1133c75 #1320)
openssl: fix cppcheck found NULL dereferences (f2945905 #1304)
openssl: delete internal `read_openssh_private_key_from_memory()` (34aff5ff #1306)
openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job (363dcbf4 #1243 #1235 #1207)
openssl: make a function static, add `#ifdef` comments (efee9133 #1246 #248 follow: 03092292)
openssl: fix DSA code to use OpenSSL 3 API (82581941 #1244 #1207)
openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build (487152f4 #1236 #1235 #1207)
openssl: use non-deprecated APIs with OpenSSL 3.x (b0ab005f #1207)
openssl: silence `-Wunused-value` warnings (bf285500 #1205)
openssl: use automatic initialization with LibreSSL 2.7.0+ (d79047c9 #1146 #302)
openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use (4a42f42e #1117 #1115)
os400: drop vsprintf() use (40e817ff #1462 #1457)
os400: Add two recent files to the distribution (e4c65e5b #1364)
os400: fix shellcheck warnings in scripts (fixups) (81341e1e #1366 #1364 #1358)
os400: fix shellcheck warnings in scripts (c6625707 #1358)
os400: maintain up to date (8457c37a #1309)
packet: properly bounds check packet_authagent_open() (88a960a8 #1179)
pem: fix private keys encrypted with AES-GCM methods (e87bdefa #1133)
reuse: upgrade to `REUSE.toml` (70b8bf31 #1419)
reuse: fix duplicate copyright warning (b9a4ed83)
reuse: comply with 3.1 spec and 2.0.0 checker (fe6239a1 #1102 #1101 #1098)
reuse: provide SPDX identifiers (f6aa31f4 #1084)
scp: fix missing cast for targets without large file support (c317e06f #1060 #1057 #1002 regr: 5db836b2)
session: support server banners up to 8192 bytes (was: 256) (1a9e8811 #1443 #1442)
session: add `libssh2_session_callback_set2()` (c0f69548 #1285)
session: handle EINTR from send/recv/poll/select to try again as the error is not fatal (798ed4a7 #1058 #955)
sftp: increase SFTP_HANDLE_MAXLEN back to 4092 (75de6a37 #1422)
sftp: implement posix-rename@openssh.com (fb652746 #1386)
src: implement chacha20-poly1305@openssh.com (492bc543 #1426 #584)
src: use `UINT32_MAX` (dc206408 #1413)
src: fix type warning in `libssh2_sftp_unlink` macro (ac2e8c73 #1406)
src: check the return value from `_libssh2_bn_*()` functions (95c824d5 #1354)
src: support RSA-SHA2 cert-based authentication (rsa-sha2-512_cert and rsa-sha2-256_cert) (3a6ab70d #1314)
src: check hash update/final success (4718ede4 #1303 #1301)
src: check hash init success (2ed9eb92 #1301)
src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" (d34d9258 #1291 #1290)
src: disable `-Wsign-conversion` warnings, add option to re-enable (6e451669 #1284 #1257)
src: fix gcc 13 `-Wconversion` warning on Darwin (8cca7b77 #1209 follow: 08354e0a)
src: drop a redundant `#include` (1f0174d0 #1153)
src: improve MSVC C4701 warning fix (8b924999 #1086 #876 #1083)
src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD` (8b917d76 #1076)
src: bump DSA and ECDSA sign `hash_len` to `size_t` (7b8e0225 #1055)
tests: avoid using `MAXPATHLEN`, for portability (12427f4f #1415 #198 #1414)
tests: fix excluding AES-GCM tests (fbd9d192 #1410)
tests: drop default cygpath option `-u` (38e50aa0)
tests: fix shellcheck issues in `test_sshd.test` (a2ac8c55)
tests: sync port number type with the rest of codebase (eb996af8)
tests: fall back to `$LOGNAME` for username (5326a5ce #1241 #1240)
tests: show cmake version used in integration tests (2cd2f40e #1201)
tests: formatting and tidy-ups (e61987a3)
tests: replace FIXME with comments (1a99a86a)
tests: add aes256-gcm encrypted key test (802336cf #1135 #1133)
tests: trap signals in scripts (b2916b28 #1098)
tests: cast to avoid `-Wchar-subscripts` with Cygwin (43df6a46 #1081 #1080)
test_read: make it run without Docker (57e9d18e #1139)
test_sshd.test: show sshd and test connect logs on harness failure (299c2040 #1097)
test_sshd.test: set a safe PID directory (e8cabdcf #1089)
test_sshd.test: minor cleanups (d29eea1d)
tidy-up: link updates (c905bfd2 #1434)
tidy-up: typo in comment (792e1b6f)
tidy-up: fix typo found by codespell (706ec36d)
tidy-up: bump casts from int to long for large C99 types in printfs (2e5a8719 #1264 #1257)
tidy-up: `unsigned` -> `unsigned int` (b136c379)
tidy-up: stop using leading underscores in macro names (c6589b88 #1248)
tidy-up: around `stdint.h` (bfa00f1b #1212)
tidy-up: fix typo in `readme.vms` (a9a79e7a)
tidy-up: use built-in `_WIN32` macro to detect Windows (6fbc9505 #1195)
tidy-up: drop `www.` from `www.libssh2.org` (6e3e8839 #1172)
tidy-up: delete duplicate word from comment (76307435)
tidy-up: avoid exclamations, prefer single quotes, in outputs (003fb454 #1079)
TODO: disable or drop weak algos (0b4bdc85 #1261)
transport: fix unstable connections over non-blocking sockets (de004875 #1454 #720 #1431 #1397)
transport: check ETM on remote end when receiving (bde10825 #1332 #1331)
transport: fix incorrect byte offset in debug message (2388a3aa #1096)
userauth: avoid oob with huge interactive kbd response (f3a85cad #1337)
userauth: add a new structure to separate memory read and file read (63b4c20e #773)
userauth: check whether `*key_method` is a NULL pointer instead of `key_method` (bec57c40)
wincng: fix `DH_GEX_MAXGROUP` set higher than supported (48584671 #1372 #493)
wincng: add to ci/GHA, add `./configure` option `--enable-ecdsa-wincng` (3f98bfb0 #1368 #1315)
wincng: add ECDSA support for host and user authentication (3e723437 #1315)
wincng: prefer `ULONG`/`DWORD` over `unsigned long` (186c1d63 #1165)
wincng: tidy-ups (7bb669b5 #1164)
wolfssl: drop header path hack (8ae1b2d7 #1439)
wolfssl: fix `EVP_Cipher()` use with v5.6.0 and older (a5b0fac2 #1407 #1394 #797 #1299 #1020)
wolfssl: bump version in upstream issue comment (5cab802c)
wolfssl: require v5.4.0 for AES-GCM (260a721c #1411 #1299 #1020)
wolfssl: enable debug logging in wolfSSL when compiled in (76e7a68a #1310)

Version 1.11.0 - May 30 2023

Enhancements and bugfixes

Adds support for encrypt-then-mac (ETM) MACs
Adds support for AES-GCM crypto protocols
Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
Adds support for RSA certificate authentication
Adds FIDO support with *_sk() functions
Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
Adds Agent Forwarding and libssh2_agent_sign()
Adds support for Channel Signal message libssh2_channel_signal_ex()
Adds support to get the user auth banner message libssh2_userauth_banner()
Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
Adds wolfSSL support to CMake file
Adds mbedTLS 3.x support
Adds LibreSSL 3.5 support
Adds support for CMake "unity" builds
Adds CMake support for building shared and static libs in a single pass
Adds symbol hiding support to CMake
Adds support for libssh2.rc for all build tools
Adds .zip, .tar.xz and .tar.bz2 release tarballs
Enables ed25519 key support for LibreSSL 3.7.0 or higher
Improves OpenSSL 1.1 and 3 compatibility
Now requires OpenSSL 1.0.2 or newer
Now requires CMake 3.1 or newer
SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
SFTP: No longer has a packet limit when reading a directory
SFTP: now parses attribute extensions if they exist
SFTP: no longer will busy loop if SFTP fails to initialize
SFTP: now clear various errors as expected
SFTP: no longer skips files if the line buffer is too small
SCP: add option to not quote paths
SCP: Enables 64-bit offset support unconditionally
Now skips leading \r and \n characters in banner_receive()
Enables secure memory zeroing with all build tools on all platforms
No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
Speed up base64 encoding by 7x
Assert if there is an attempt to write a value that is too large
WinCNG: fix memory leak in _libssh2_dh_secret()
Added protection against possible null pointer dereferences
Agent now handles overly large comment lengths
Now ensure KEX replies don't include extra bytes
Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
Fixed possible buffer overflow in keyboard interactive code path
Fixed overlapping memcpy()
Fixed Windows UWP builds
Fixed DLL import name
Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
Support for building with gcc versions older than 8
Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
Restores ANSI C89 compliance
Enabled new compiler warnings and fixed/silenced them
Improved error messages
Now uses CIFuzz
Numerous minor code improvements
Improvements to CI builds
Improvements to unit tests
Improvements to doc files
Improvements to example files
Removed "old gex" build option
Removed no-encryption/no-mac builds
Removed support for NetWare and Watcom wmake build files

Version 1.10.0 - August 29 2021

libssh2 1.10.0 GPG sig

Enhancements and bugfixes

adds agent forwarding support
adds OpenSSH Agent support on Windows
adds ECDSA key support using the Mbed TLS backend
adds ECDSA cert authentication
adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges
adds support for PKIX key reading when using ed25519 with OpenSSL
adds support for EWOULDBLOCK on VMS systems
adds support for building with OpenSSL 3
adds support for using FIPS mode in OpenSSL
adds debug symbols when building with MSVC
adds support for building on the 3DS
adds unicode build support on Windows
restores os400 building
increases min, max and opt Diffie Hellman group values
improves portiablity of the make file
improves timeout behavior with 2FA keyboard auth
various improvements to the Wincng backend
fixes reading partial packet replies when using an agent
fixes Diffie Hellman key exchange on Windows 1903+ builds
fixes building tests with older versions of OpenSSL
fixes possible multiple definition warnings
fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
fixes potential use after free if libssh2_init() is called twice
improved linking when using Mbed TLS
fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
fixes crash when loading public keys with no id
fixes possible out of bounds read when exchanging keys
fixes possible out of bounds read when reading packets
fixes possible out of bounds read when opening an X11 connection
fixes possible out of bounds read when ecdh host keys
fixes possible hang when trying to read a disconnected socket
fixes a crash when using the delayed compression option
fixes read error with large known host entries
fixes various warnings
fixes various small memory leaks
improved error handling, various detailed errors will now be reported
builds are now using OSS-Fuzz
builds now use autoreconf instead of a custom build script
cmake now respects install directory
improved CI backend
updated HACKING-CRYPTO documentation
use markdown file extensions
improved unit tests

Version 1.9.0 - June 20 2019

libssh2 1.9.0 GPG sig

Enhancements and bugfixes

adds ECDSA keys and host key support when using OpenSSL
adds ED25519 key and host key support when using OpenSSL 1.1.1
adds OpenSSH style key file reading
adds AES CTR mode support when using WinCNG
adds PEM passphrase protected file support for Libgcrypt and WinCNG
adds SHA256 hostkey fingerprint
adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
adds explicit zeroing of sensitive data in memory
adds additional bounds checks to network buffer reads
adds the ability to use the server default permissions when creating sftp directories
adds support for building with OpenSSL no engine flag
adds support for building with LibreSSL
increased sftp packet size to 256k
fixed oversized packet handling in sftp
fixed building with OpenSSL 1.1
fixed a possible crash if sftp stat gets an unexpected response
fixed incorrect parsing of the KEX preference string value
fixed conditional RSA and AES-CTR support
fixed a small memory leak during the key exchange process
fixed a possible memory leak of the ssh banner string
fixed various small memory leaks in the backends
fixed possible out of bounds read when parsing public keys from the server
fixed possible out of bounds read when parsing invalid PEM files
no longer null terminates the scp remote exec command
now handle errors when diffie hellman key pair generation fails
fixed compiling on Windows with the flag STDCALL=ON
improved building instructions
improved unit tests

Version 1.8.2 - March 25 2019

libssh2 1.8.2 GPG sig

Bug fixes:

Fixed the misapplied userauth patch that broke 1.8.1
moved the MAX size declarations from the public header

Version 1.8.1 - March 18 2019

libssh2 1.8.1 GPG sig

Bug fixes:

Version 1.8.0 - October 25 2016

libssh2 1.8.0 GPG sig

Changes:

added a basic dockerised test suite
crypto: add support for the mbedTLS backend

Bug fixes:

libgcrypt: fixed a NULL pointer dereference on OOM
VMS: can't use %zd for off_t format
VMS: update vms/libssh2_config.h
windows: link with crypt32.lib
libssh2_channel_open: spelling error fixed in channel error message
msvc: fixed 14 compilation warnings
tests: HAVE_NETINET_IN_H was not defined correctly
openssl: add OpenSSL 1.1.0 compatibility
cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
configure: make the --with-* options override the OpenSSL default
libssh2_wait_socket: set err_msg on errors
libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds

Version 1.7.0 - February 23 2016

libssh2 1.7.0 GPG sig

Changes:

libssh2_session_set_last_error: Add function
mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
WinCNG: support for SHA256/512 HMAC
kex: Added diffie-hellman-group-exchange-sha256 support
OS/400 crypto library QC3 support

Bug fixes:

diffie_hellman_sha256: convert bytes to bits CVE-2016-0787
SFTP: Increase speed and datasize in SFTP read
openssl: make libssh2_sha1 return error code
openssl: fix memleak in _libssh2_dsa_sha1_verify()
cmake: include CMake files in the release tarballs
Fix builds with Visual Studio 2015
hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
GNUmakefile: add -m64 CFLAGS when targeting mingw64
kex: free server host key before allocating it (again)
SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
channel: Detect bad usage of libssh2_channel_process_startup
userauth: Fix off by one error when reading public key file
kex: removed dupe entry from libssh2_kex_methods
_libssh2_error: Support allocating the error message
hostkey: fix invalid memory access if libssh2_dsa_new fails
hostkey: align code path of ssh_rsa_init to ssh_dss_init
libssh2.pc.in: fix the output of pkg-config --libs
wincng: fixed possible memory leak in _libssh2_wincng_hash
wincng: fixed _libssh2_wincng_hash_final return value
add OpenSSL 1.1.0-pre2 compatibility
agent_disconnect_unix: unset the agent fd after closing it
sftp: stop reading when buffer is full
sftp: Send at least one read request before reading
sftp: Don't return EAGAIN if data was written to buffer
sftp: Check read packet file offset
configure: build "silent" if possible
openssl: add OpenSSL 1.1.0-pre3-dev compatibility
GNUmakefile: list system libs after user libs

Version 1.6.0 - June 12 2015

libssh2 1.6.0 GPG sig

Changes:

Added CMake build system
Added libssh2_userauth_publickey_frommemory()

Bug fixes:

wait_socket: wrong use of difftime()
userauth: Fixed prompt text no longer being copied to the prompts struct
mingw build: allow to pass custom CFLAGS
Let mansyntax.sh work regardless of where it is called from
Init HMAC_CTX before using it
direct_tcpip: Fixed channel write
WinCNG: fixed backend breakage
OpenSSL: caused by introducing libssh2_hmac_ctx_init
userauth.c: fix possible dereferences of a null pointer
wincng: Added explicit clear memory feature to WinCNG backend
openssl.c: fix possible segfault in case EVP_DigestInit fails
wincng: fix return code of libssh2_md5_init()
kex: do not ignore failure of libssh2_sha1_init()
scp: fix that scp_send may transmit not initialised memory
scp.c: improved command length calculation
nonblocking examples: fix warning about unused tvdiff on Mac OS X
configure: make clear-memory default but WARN if backend unsupported
OpenSSL: Enable use of OpenSSL that doesn't have DSA
OpenSSL: Use correct no-blowfish #define
kex: fix libgcrypt memory leaks of bignum
libssh2_channel_open: more detailed error message
wincng: fixed memleak in (block) cipher destructor

Version 1.5.0 - March 11 2015

libssh2 1.5.0 GPG sig

Changes:

Added Windows Cryptography API: Next Generation based backend

Bug fixes:

Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782
missing _libssh2_error in _libssh2_channel_write
knownhost: Fix DSS keys being detected as unknown.
knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.
libssh2.h: on Windows, a socket is of type SOCKET, not int
libssh2_priv.h: a 1 bit bit-field should be unsigned
windows build: do not export externals from static library
Fixed two potential use-after-frees of the payload buffer
Fixed a few memory leaks in error paths
userauth: Fixed an attempt to free from stack on error
agent_list_identities: Fixed memory leak on OOM
knownhosts: Abort if the hosts buffer is too small
sftp_close_handle: ensure the handle is always closed
channel_close: Close the channel even in the case of errors
docs: added missing libssh2_session_handshake.3 file
docs: fixed a bunch of typos
userauth_password: pass on the underlying error code
_libssh2_channel_forward_cancel: accessed struct after free
_libssh2_packet_add: avoid using uninitialized memory
_libssh2_channel_forward_cancel: avoid memory leaks on error
_libssh2_channel_write: client spins on write when window full
windows build: fix build errors
publickey_packet_receive: avoid junk in returned pointers
channel_receive_window_adjust: store windows size always
userauth_hostbased_fromfile: zero assign to avoid uninitialized use
configure: change LIBS not LDFLAGS when checking for libs
agent_connect_unix: make sure there's a trailing zero
MinGW build: Fixed redefine warnings.
sftpdir.c: added authentication method detection.
Watcom build: added support for WinCNG build.
configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
sftp_statvfs: fix for servers not supporting statfvs extension
knownhost.c: use LIBSSH2_FREE macro instead of free
Fixed compilation using mingw-w64
knownhost.c: fixed that 'key_type_len' may be used uninitialized
configure: Display individual crypto backends on separate lines
examples on Windows: check for WSAStartup return code
examples on Windows: check for socket return code
agent.c: check return code of MapViewOfFile
kex.c: fix possible NULL pointer de-reference with session->kex
packet.c: fix possible NULL pointer de-reference within listen_state
tests on Windows: check for WSAStartup return code
userauth.c: improve readability and clarity of for-loops
examples on Windows: use native SOCKET-type instead of int
packet.c: i < 256 was always true and i would overflow to 0
kex.c: make sure mlist is not set to NULL
session.c: check return value of session_nonblock in debug mode
session.c: check return value of session_nonblock during startup
userauth.c: make sure that sp_len is positive and avoid overflows
knownhost.c: fix use of uninitialized argument variable wrote
openssl: initialise the digest context before calling EVP_DigestInit()
libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET
configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib
configure.ac: Rework crypto library detection
configure.ac: Reorder --with-* options in --help output
configure.ac: Call zlib zlib and not libz in text but keep option names
Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
sftp: seek: Don't flush buffers on same offset
sftp: statvfs: Along error path, reset the correct 'state' variable.
sftp: Add support for fsync (OpenSSH extension).
_libssh2_channel_read: fix data drop when out of window
comp_method_zlib_decomp: Improve buffer growing algorithm
_libssh2_channel_read: Honour window_size_initial
window_size: redid window handling for flow control reasons
knownhosts: handle unknown key types

Version 1.4.3 - November 27 2012

libssh2 1.4.3 GPG sig (685712 bytes)

Changes:

compression: add support for zlib@openssh.com

Bug fixes:

sftp_read: return error if a too large package arrives
libssh2_hostkey_hash.3: update the description of return value
Fixed MSVC NMakefile
examples: use stderr for messages, stdout for data
openssl: do not leak memory when handling errors
improved handling of disabled MD5 algorithm in OpenSSL
known_hosts: Fail when parsing unknown keys in known_hosts file
configure: gcrypt doesn't come with pkg-config support
session_free: wrong variable used for keeping state
libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating

Version 1.4.2 - May 18 2012

libssh2 1.4.2 GPG sig (679992 bytes)

Bug fixes:

Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
userauth.c: fread() from public key file to correctly detect any errors
configure.ac: Add option to disable build of the example applications
Added 'Requires.private:' line to libssh2.pc
SFTP: filter off incoming "zombie" responses
gettimeofday: no need for a replacement under cygwin
SSH_MSG_CHANNEL_REQUEST: default to want_reply
win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB

Version 1.4.1 - April 4 2012

libssh2 1.4.1 GPG sig (658507 bytes)

Bug fixes:

build error with gcrypt backend
always do "forced" window updates to avoid corner case stalls
aes: the init function fails when OpenSSL has AES support
transport_send: Finish in-progress key exchange before sending data
channel_write: acknowledge transport errors
examples/x11.c: Make sure sizeof passed to read operation is correct
examples/x11.c:,Fix suspicious sizeof usage
sftp_packet_add: verify the packet before accepting it
SFTP: preserve the original error code more
sftp_packet_read: adjust window size as necessary
Use safer snprintf rather then sprintf in several places
Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
sftp_write: cannot return acked data *and* EAGAIN
sftp_read: avoid data *and* EAGAIN
libssh2.h: Add missing prototype for libssh2_session_banner_set()

Version 1.4.0 - January 31 2012

libssh2 1.4.0 GPG sig (653514 bytes)

Changes:

Added libssh2_session_supported_algs()
Added libssh2_session_banner_get()
Added libssh2_sftp_get_channel()
libssh2.h: bump the default window size to 256K

Bug fixes:

sftp-seek: clear EOF flag
userauth: Provide more information if ssh pub key extraction fails
ssh2_exec: skip error outputs for EAGAIN
LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000
knownhost_check(): Don't dereference ext if NULL is passed
knownhost_add: Avoid dereferencing uninitialized memory on error path
OpenSSL EVP: fix threaded use of structs
_libssh2_channel_read: react on errors from receive_window_adjust
sftp_read: cap the read ahead maximum amount
_libssh2_channel_read: fix non-blocking window adjusting

Version 1.3.0 - September 6 2011

libssh2 1.3.0 GPG sig (639262 bytes)

Changes:

Added custom callbacks for performing low level socket I/O

Bug fixes:

sftp_read: advance offset correctly for buffered copies
libssh2_sftp_seek64: flush packetlist and buffered data
_libssh2_packet_add: adjust window size when truncating
sftp_read: a short read is not end of file

Version 1.2.9 - August 16 2011

libssh2 1.2.9 GPG sig (642150 bytes)

Changes:

Added libssh2_session_set_timeout() and libssh2_session_get_timeout() to make blocking calls get a timeout

Bug fixes:

configure and pkg-config: fix $VERSION
s/\.NF/.nf/ to fix wrong macro name caught by man --warnings
keepalive: add first basic man pages
sftp_write: flush the packetlist on error
sftp_write: clean offsets on error
msvcproj: added libs and debug stuff
SCP: fix incorrect error code
session_startup: init state properly
sftp_write_sliding: send the complete file
userauth_keyboard_interactive: skip code on zero length auth
_libssh2_wait_socket: fix timeouts for poll() uses
agent_list_identities: fix out of scope access
_libssh2_recv(): handle ENOENT error as EAGAIN
userauth_keyboard_interactive: fix buffer overflow
removed man pages for non-existing functions!
gettimeofday: fix name space pollution
_libssh2_channel_write: handle window_size == 0 better

Version 1.2.8 - April 5 2011

libssh2 1.2.8 GPG sig (637707 bytes)

Changes:

added libssh2_free, libssh2_channel_get_exit_signal and libssh2_session_handshake
SFTP read/write remade and now MUCH faster, especially on high latency connections
added new examples: ssh2_echo.c, sftp_append.c and sftp_write_sliding.c
userauth: derive publickey from private
NEWS: now generated from git

Bug fixes:

Support unlimited number of host names in a single line of the known_hosts file.
fix memory leak in userauth_keyboard_interactive()
fix memory leaks (two times cipher_data) for each sftp session
session_startup: manage server data before server identification
SCP: allow file names with bytes > 126
scp_recv: improved treatment of channel_read() returning zero
libssh2_userauth_authenticated: make it work as documented
variable size cleanup: match internal variable sizes better with the sizes of the fields used on the wire
channel_request_pty_size: fix reqPTY_state
sftp_symlink: return error if receive buffer too small
sftp_readdir: return error if buffer is too small
libssh2_knownhost_readfile.3: clarify return value
configure: stop using the deprecated AM_INIT_AUTOMAKE syntax
Fixed Win32 makefile which was now broken at resource build
kex_agree_hostkey: fix NULL pointer dereference
_libssh2_ntohu64: fix conversion from network bytes to uint64
ssize_t: proper typedef with MSVC compilers
zlib: Add debug tracing of zlib errors
decomp: increase decompression buffer sizes

Version 1.2.7 - August 17 2010

libssh2 1.2.7 GPG sig (583105 bytes)

Changes:

Added Watcom makefile

Bug fixes:

Better handling of invalid key files
inputchecks: make lots of API functions check for NULL pointers
libssh2_session_callback_set: extended the man page
SFTP: limit write() to not produce overly large packets
agent: make libssh2_agent_userauth() work blocking properly
_libssh2_userauth_publickey: reject method names longer than the data
channel_free: ignore problems with channel_close()
typedef: make ssize_t get typedef without LIBSSH2_WIN32
_libssh2_wait_socket: poll needs milliseconds
libssh2_wait_socket: reset error code to "leak" EAGAIN less
Added include for sys/select.h to get fd.set on some platforms
session_free: free more data to avoid memory leaks
openssl: make use of the EVP interface
Fix underscore typo for 64-bit printf format specifiers on Windows
Make libssh2_debug() create a correctly terminated string
userauth_hostbased_fromfile: packet length too short
handshake: Compression enabled at the wrong time
Don't overflow MD5 server hostkey

Version 1.2.6 - June 10 2010

libssh2 1.2.6 GPG sig (579590 bytes)

Changes:

Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs()
Added libssh2_knownhost_checkp()
Added libssh2_scp_send64()

Bug fixes:

wait_socket: make c89 compliant and use two fd_sets for select()
OpenSSL AES-128-CTR detection
proper keyboard-interactive user dialog in the sftp.c example
build procedure for VMS
fixed libssh2.dsw to use the generated libssh2.dsp
several Windows-related build fixes
fail to init SFTP if session isn't already authenticated
many tiny fixes that address clang-analyzer warnings
sftp_open: deal with short channel_write calls
libssh2_publickey_init: fixed to work better non-blocking
sftp_close_handle: add precation to not access NULL pointer
sftp_readdir: simplified and bugfixed
channel_write: if data has been sent, don't return EAGAIN

Version 1.2.5 - April 13 2010

libssh2 1.2.5 GPG sig (559553 bytes)

Changes:

Added Add keep-alive support: libssh2_keepalive_config() and libssh2_keepalive_send()
Added libssh2_knownhost_addc(), libssh2_init() and libssh2_exit()
Added LIBSSH2_SFTP_S_IS***() macros

Bug fixes:

fix memory leak in libssh2_session_startup()
added missing error codes - shown as hangs in blocking mode
fix memory leak in userauth_keyboard_interactive()
libssh2_knownhost_del: fix write to freed memory
Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE
Use AES-CTR from OpenSSL when available
Fixed gettimeofday to compile with Visual C++ 6
NULL dereference when window adjusting a non-existing channel
avoid using poll on interix and mac os x systems
fix scp memory leak
Correctly clear blocking flag after sending multipart packet
Reduce used window sizes by factor 10
libssh2_userauth_publickey_fromfile_ex() handles a NULL password
sftp_init() deal with _libssh2_channel_write() short returns

Version 1.2.4 - February 13 2010

libssh2 1.2.4 GPG sig (547675 bytes)

Bug fixes:

Resolve compile issues on Solaris x64 and UltraSPARC
Allow compiling with OpenSSL when AES isn't available
Fix Tru64 socklen_t compile issue with example/direct_tcpip.c

Version 1.2.3 - February 3 2010

libssh2 1.2.3 GPG sig (547652 bytes)

Changes:

ssh-agent support with the new libssh2_agent_* functions
Added libssh2_trace_sethandler()
Added the direct_tcpip.c and ssh2_agent.c examples

Bug fixes:

Fixed memory leak in userauth_publickey
Fixed publickey authentication regression
Silenced several compiler warnings
avoid returning data to memory already freed
transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors
Fixed padding in ssh-dss signature blob encoding
Fixed direction blocking flag problems
Fixed memory leak in sftp_fstat()

Version 1.2.2 - November 16 2009

libssh2 1.2.2 GPG sig (535430 bytes)

Changes:

Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
Support for the "arcfour128" cipher

Bug fixes:

Fix crash when server sends an invalid SSH_MSG_IGNORE message

Version 1.2.1 - September 28 2009

libssh2 1.2.1 GPG sig (533302 bytes)

Changes:

generate and install libssh2.pc

Bug fixes:

proper return codes returned from several functions
return EAGAIN internal cleanup
added knownhost.c to windows makefiles
pass private-key to OpenSSL as a filename with BIO_new_file().
make libssh2_scp_send/recv do blocking mode correctly
libssh2_channel_wait_closed() could hang
libssh2_channel_read_ex() must return 0 when closed
added gettimeofday() function for win32 for the debug trace outputs
transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors
scp examples now loop correctly over libssh2_channel_write()

Version 1.2 - August 10 2009

libssh2 1.2 GPG sig (532299 bytes)

Changes:

we've switched to using git for source code control
the libssh2-devel mailing list moved to cool.haxx.se<
libssh2_poll() and libssh2_poll_channel_read() are now deprecated
a range of libssh2_knownhost_*() functions were added to the API to work with OpenSSH style known_hosts files etc
added libssh2_session_hostkey()
added an X11 forwarding example
the makefile now generate MSVS project files

Bug fixes:

bad 0-return from libssh2_channel_read
failure to "drain" the transport data caused badness
memory leak in libssh2_sftp_shutdown()
fixed stroll() #if condition
build thread-safe on Solaris
error when including libssh2.h in two files on Windows fixed
custom memory function extra argument was wrong
transport now checks for and bail out on packets claing to be zero sized
fixed a number of compiler warnings
buildconf runs on Mac OS X
public headers includable on their own
bad debugdump() caused SIGSEGV at times (when libssh2_trace() was used)
possible data loss when send_existing() failed to send its buffer
passing FILE*s across DLL boundaries (OpenSSL) caused crashes on Windows

Version 1.1 - April 2 2009

libssh2 1.1 GPG sig

Downloads using SCP or SFTP are now significantly faster
Added a Libtool -export-symbols-regex flag to reduce the number of exported symbols in shared libraries.
Added a bunch of new man pages and renamed some of the previous ones
Enhanced download performance
Made libssh2_scp_recv() and libssh2_scp_send() deal with spaces in filenames
Fixed the bad randomness and off-by-one in libssh2_channel_x11_req_ex()
Added libssh2_version()
Fixed libssh2_channel_direct_tcpip_ex() to not fail when called a second time
Fixed libssh2_channel_write_ex problems in blocking situations
'make check' runs fine on cygwin
Added libssh2_channel_receive_window_adjust2() and deprecated libssh2_channel_receive_window_adjust()
better socket error handling internally on win32
libssh2 now always set the socket non-blocking internally and deals with the interface as blocking or non-blocking set by libssh2_session_set_blocking.