修改提交

config.c

@@ -1892,7 +1892,7 @@ void setup_config_box(struct controlbox *b, bool midsession,
      * The Load/Save panel is available even in mid-session.
      */
     s = ctrl_getset(b, "会话", "savedsessions",
-                    midsession ? "当前保存的会话设置" :
+                    midsession ? "---保存当前会话设置---" :
                     "---加载/保存或者删除存储的会话---");
     ctrl_columns(s, 2, 75, 25);
     get_sesslist(&ssd->sesslist, true);

crypto/openssh-certs.c

@@ -969,12 +969,12 @@ static bool opensshcert_check_cert(
      */
     ca_key = opensshcert_ca_pub_key(ck, make_ptrlen(NULL, 0), NULL);
     if (!ca_key) {
-        put_fmt(error, "Certificate's signing key is invalid");
+        put_fmt(error, "证书的签名密钥无效");
         goto out;
     }
     if (ssh_key_alg(ca_key)->is_certificate) {
-        put_fmt(error, "Certificate is signed with a certified key "
-                "(forbidden by OpenSSH certificate specification)");
+        put_fmt(error, "证书使用认证密钥签名"
+                "(OpenSSH证书规范禁止该方式)");
         goto out;
     }
 
@@ -986,8 +986,8 @@ static bool opensshcert_check_cert(
     ssh_key_free(ca_key);
     ca_key = opensshcert_ca_pub_key(ck, signature, NULL);
     if (!ca_key) {
-        put_fmt(error, "Certificate's signing key does not match "
-                "signature type");
+        put_fmt(error, "证书的签名密钥与"
+                "签名类型不匹配");
         goto out;
     }
 
@@ -998,21 +998,21 @@ static bool opensshcert_check_cert(
     if ((sig_alg == &ssh_rsa && !opts->permit_rsa_sha1) ||
         (sig_alg == &ssh_rsa_sha256 && !opts->permit_rsa_sha256) ||
         (sig_alg == &ssh_rsa_sha512 && !opts->permit_rsa_sha512)) {
-        put_fmt(error, "Certificate signature uses '%s' signature type "
-                "(forbidden by user configuration)", sig_alg->ssh_id);
+        put_fmt(error, "证书签名使用 '%s' 签名类型"
+                "(用户配置禁止该方式)", sig_alg->ssh_id);
         goto out;
     }
 
     opensshcert_signature_preimage(ck, BinarySink_UPCAST(preimage));
 
     if (!ssh_key_verify(ca_key, signature, ptrlen_from_strbuf(preimage))) {
-        put_fmt(error, "Certificate's signature is invalid");
+        put_fmt(error, "证书签名无效");
         goto out;
     }
 
     uint32_t expected_type = host ? SSH_CERT_TYPE_HOST : SSH_CERT_TYPE_USER;
     if (ck->type != expected_type) {
-        put_fmt(error, "Certificate type is ");
+        put_fmt(error, "证书类型为 ");
         switch (ck->type) {
           case SSH_CERT_TYPE_HOST:
             put_fmt(error, "host");
@@ -1021,23 +1021,23 @@ static bool opensshcert_check_cert(
             put_fmt(error, "user");
             break;
           default:
-            put_fmt(error, "unknown value %" PRIu32, ck->type);
+            put_fmt(error, "未知类型 %" PRIu32, ck->type);
             break;
         }
-        put_fmt(error, "; expected %s", host ? "host" : "user");
+        put_fmt(error, ";应当是 %s", host ? "host" : "user");
         goto out;
     }
 
     /*
      * Check the time bounds on the certificate.
      */
     if (time < ck->valid_after) {
-        put_fmt(error, "Certificate is not valid until ");
+        put_fmt(error, "证书有效期到 ");
         opensshcert_time_to_iso8601(BinarySink_UPCAST(error), time);
         goto out;
     }
     if (time >= ck->valid_before) {
-        put_fmt(error, "Certificate expired at ");
+        put_fmt(error, "证书已过期 ");
         opensshcert_time_to_iso8601(BinarySink_UPCAST(error), time);
         goto out;
     }
@@ -1056,8 +1056,8 @@ static bool opensshcert_check_cert(
         while (get_avail(src)) {
             ptrlen valid_principal = get_string(src);
             if (get_err(src)) {
-                put_fmt(error, "Certificate's valid principals list is "
-                        "incorrectly formatted");
+                put_fmt(error, "证书的有效主体列表"
+                        "格式不正确");
                 goto out;
             }
             if (ptrlen_eq_ptrlen(valid_principal, principal))
@@ -1075,8 +1075,8 @@ static bool opensshcert_check_cert(
          * I was trying to match it against 'foo'", rather than just
          * "Computer says no".)
          */
-        put_fmt(error, "Certificate's %s list [",
-                host ? "hostname" : "username");
+        put_fmt(error, "证书的%s列表 [",
+                host ? "主机名" : "用户名");
         BinarySource_BARE_INIT_PL(
             src, ptrlen_from_strbuf(ck->valid_principals));
         const char *sep = "";
@@ -1087,8 +1087,8 @@ static bool opensshcert_check_cert(
             put_fmt(error, "\"");
             sep = ", ";
         }
-        put_fmt(error, "] does not contain expected %s \"",
-                host ? "hostname" : "username");
+        put_fmt(error, "] 不包含指定的%s \"",
+                host ? "主机名" : "用户名");
         put_c_string_literal(error, principal);
         put_fmt(error, "\"");
         goto out;
@@ -1106,8 +1106,8 @@ static bool opensshcert_check_cert(
             ptrlen option = get_string(src);
             ptrlen data = get_string(src);
             if (get_err(src)) {
-                put_fmt(error, "Certificate's critical options list is "
-                        "incorrectly formatted");
+                put_fmt(error, "证书的扩展选项列表"
+                        "格式不正确");
                 goto out;
             }
 
@@ -1126,8 +1126,8 @@ static bool opensshcert_check_cert(
             /*
              * Report an unrecognised literal.
              */
-            put_fmt(error, "Certificate specifies an unsupported critical "
-                    "option \"");
+            put_fmt(error, "证书指定了不受支持的"
+                    "扩展选项\"");
             put_c_string_literal(error, option);
             put_fmt(error, "\"");
             goto out;

proxy/proxy.c

@@ -279,7 +279,7 @@ static void plug_proxy_sent (Plug *p, size_t bufsize)
 static int plug_proxy_accepting(Plug *p,
                                 accept_fn_t constructor, accept_ctx_t ctx)
 {
-    unreachable("ProxySockets never create listening Sockets");
+    unreachable("ProxySockets从不创建侦听套接字");
 }
 
 /*
@@ -565,7 +565,7 @@ Socket *new_connection(SockAddr *addr, const char *hostname,
             vt = &telnet_proxy_negotiator_vt;
             break;
           default:
-            ps->error = "Proxy error: Unknown proxy method";
+            ps->error = "代理错误：未知代理方法";
             return &ps->sock;
         }
         ps->pn = proxy_negotiator_new(vt);
@@ -581,7 +581,7 @@ Socket *new_connection(SockAddr *addr, const char *hostname,
 
         {
             char *logmsg = dupprintf("将使用 %s 代理在 %s:%d 进行连接"
-                                     " to %s:%d", vt->type,
+                                     "到 %s:%d", vt->type,
                                      conf_get_str(conf, CONF_proxy_host),
                                      conf_get_int(conf, CONF_proxy_port),
                                      hostname, port);
@@ -602,7 +602,7 @@ Socket *new_connection(SockAddr *addr, const char *hostname,
                                    &proxy_canonical_name,
                                    conf_get_int(conf, CONF_addressfamily));
         if (sk_addr_error(proxy_addr) != NULL) {
-            ps->error = "Proxy error: Unable to resolve proxy host name";
+            ps->error = "代理错误：无法解析代理主机名";
             sk_addr_free(proxy_addr);
             return &ps->sock;
         }
@@ -611,7 +611,7 @@ Socket *new_connection(SockAddr *addr, const char *hostname,
         {
             char addrbuf[256], *logmsg;
             sk_getaddr(proxy_addr, addrbuf, lenof(addrbuf));
-            logmsg = dupprintf("Connecting to %s proxy at %s port %d",
+            logmsg = dupprintf("正在连接到 %s 通过代理在 %s 端口 %d",
                                vt->type, addrbuf,
                                conf_get_int(conf, CONF_proxy_port));
             plug_log(plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg, 0);

ssh/common.c

@@ -945,9 +945,9 @@ SeatPromptResult verify_ssh_host_key(
             text, SDT_DISPLAY, "%s (端口号 %d)", host, port);
         if (ca_count) {
             seat_dialog_text_append(
-                text, SDT_PARA, "由来自另"
-                "一个 %s %s 证书颁发机构配置"
-                "为信任此服务器。", ca_count > 1 ? "ones" : "one",
+                text, SDT_PARA, "由来自不相同"
+                "%scn%s证书颁发机构配置"
+                "为信任此服务器。", ca_count > 1 ? "的" : "的一个",
                 appname);
             if (storage_status == 2) {
                 seat_dialog_text_append(

ssh/kex2-client.c

@@ -911,8 +911,8 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
             if (ssh_key_alg(s->hkey)->is_certificate) {
                 char *base_fp = ssh2_fingerprint(
                     s->hkey, ssh_fptype_to_cert(fptype_default));
-                ppl_logevent("主机密钥是一个证书."
-                             "Hash包含证书:");
+                ppl_logevent("主机密钥是一个证书,"
+                             "Hash值(包含证书)：");
                 ppl_logevent("%s", base_fp);
                 sfree(base_fp);
 
@@ -957,10 +957,10 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
                 if (cert_ok) {
                     strbuf_free(error);
                     ssh2_free_all_fingerprints(fingerprints);
-                    ppl_logevent("接受的证书");
+                    ppl_logevent("证书被接受");
                     goto host_key_ok;
                 } else {
-                    ppl_logevent("被拒绝的主机密钥证书：%s",
+                    ppl_logevent("主机密钥证书被拒绝：%s",
                                  error->s);
                     strbuf_free(error);
                     /* now fall through into normal host key checking */

ssh/transport2.c

@@ -1496,7 +1496,7 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
 
     if (s->warn_kex) {
         s->spr = ssh2_transport_confirm_weak_crypto_primitive(
-            s, "key-exchange algorithm", s->kex_alg->name, s->kex_alg);
+            s, "密钥交换算法", s->kex_alg->name, s->kex_alg);
         crMaybeWaitUntilV(s->spr.kind != SPRK_INCOMPLETE);
         if (spr_is_abort(s->spr)) {
             ssh_spr_close(s->ppl.ssh, s->spr, "密钥警告");
@@ -1550,7 +1550,7 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
             /* If none exist, use the more general 'weak crypto'
              * warning prompt */
             s->spr = ssh2_transport_confirm_weak_crypto_primitive(
-                s, "host key type", s->hostkey_alg->ssh_id,
+                s, "主机密钥类型", s->hostkey_alg->ssh_id,
                 s->hostkey_alg);
         }
         crMaybeWaitUntilV(s->spr.kind != SPRK_INCOMPLETE);
@@ -1562,22 +1562,22 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
 
     if (s->warn_cscipher) {
         s->spr = ssh2_transport_confirm_weak_crypto_primitive(
-            s, "client-to-server cipher", s->out.cipher->ssh2_id,
+            s, " client-to-server 加密", s->out.cipher->ssh2_id,
             s->out.cipher);
         crMaybeWaitUntilV(s->spr.kind != SPRK_INCOMPLETE);
         if (spr_is_abort(s->spr)) {
-            ssh_spr_close(s->ppl.ssh, s->spr, "密码警告");
+            ssh_spr_close(s->ppl.ssh, s->spr, "加密警告");
             return;
         }
     }
 
     if (s->warn_sccipher) {
         s->spr = ssh2_transport_confirm_weak_crypto_primitive(
-            s, "server-to-client cipher", s->in.cipher->ssh2_id,
+            s, " server-to-client 加密", s->in.cipher->ssh2_id,
             s->in.cipher);
         crMaybeWaitUntilV(s->spr.kind != SPRK_INCOMPLETE);
         if (spr_is_abort(s->spr)) {
-            ssh_spr_close(s->ppl.ssh, s->spr, "密码警告");
+            ssh_spr_close(s->ppl.ssh, s->spr, "加密警告");
             return;
         }
     }
@@ -2145,7 +2145,7 @@ static void ssh2_transport_gss_update(struct ssh2_transport_state *s,
          * it shouldn't pop up all the time regardless.
          */
         if (definitely_rekeying)
-            ppl_logevent("没有GSSAPI安全可用的上下文");
+            ppl_logevent("没有GSSAPI安全可用的使用条件");
 
         return;
     }
@@ -2336,12 +2336,12 @@ static void ssh2_transport_reconfigure(PacketProtocolLayer *ppl, Conf *conf)
     for (i = 0; i < CIPHER_MAX; i++)
         if (conf_get_int_int(s->conf, CONF_ssh_cipherlist, i) !=
             conf_get_int_int(conf, CONF_ssh_cipherlist, i)) {
-            rekey_reason = "密码设置已更改";
+            rekey_reason = "加密设置已更改";
             rekey_mandatory = true;
         }
     if (conf_get_bool(s->conf, CONF_ssh2_des_cbc) !=
         conf_get_bool(conf, CONF_ssh2_des_cbc)) {
-        rekey_reason = "密码设置已更改";
+        rekey_reason = "加密设置已更改";
         rekey_mandatory = true;
     }