implementation when it's not found. SO_TIMESTAMP was added in CVS rev 1.85
by henning@.

do not have it, and a getifaddrs substitute for Solaris 10.

Thanks to pbhenson for noticing this.

There are crypto hash function symbol overlaps between libmd and libcrypto on
FreeBSD, which causes hashing of the certificates store to fail as a
side-effect when using TLS constraints. Since all we really need is MD5, just
use the embedded OpenBSD versions instead.

This is used to ensure that the time is written to the RTC when it is
synced. Problem noticed and patched by Christian Weisgerber.

Remove unneeded AC_SUBST's, call AC_DEFINE for default and user-specified
cases.
Thanks to naddy@ for reporting and suggesting the fixes.

from naddy@

While this still doesn't affect the behavior of the daemon, the
configuration option can at least be set to check the correct privsep
directory for permissions. Revisit in 5.8 as a possible extension to the
runtime check instead to remove the 'knob'.

I could not find a lot of precedence for this, because most time
daemons do not actually look at the value of olddelta. Account for
olddelta getting stuck at 1ms, and for a NULL value of delta being
treated as an error condition.

Document CA path option.

this is only necessary if constraints are enabled

This has effectively been a no-op during the 5.7 release series and
nobody has yelped (other than being slightly confused about its
purpose). Remove it as an option, since the home dir of the privsep user
is always used as the actual privsep directory anyway.

found this testing on OpenBSD itself :)

replace "this this" by "like this"

- add closefrom fallback for OS X / Linux systems, extracted from sudo,
but without the optimized versions, since they cannot work in a
chroot environment (and we're not performance critical here.)
- enable detecting libtls
- conditionally enable https constraint support

Layout build machinery closer to LibreSSL to make code sharing easier.
Split the big Makefile.am into src/compat.

This could come back some other time, for now its just an arbitrary
difference with upstream.

These do not exist on all systems in sys/cdefs.h, and they are unneeded
since the header is being used privately anyway.

Thanks to @chneukirchen for the suggestion.

Make a copy of __progname on start to avoid setproctitle clobbering it
later. Check if the OS supports __progname and emulate if unavailable.
- from OpenSSH.
Thanks to Paul B. Henson for reporting the setproctitle emulation issue
and Jonas 'Sortie' Termansen for suggesting __progname emulation.