tweak the x509 code a little so hpn patches cleanly

--- servconf.c
+++ servconf.c
@@ -335,6 +335,7 @@
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
 	sUsePrivilegeSeparation,
+	sDeprecated, sUnsupported
-	sHostbasedAlgorithms,
+	,sHostbasedAlgorithms,
 	sPubkeyAlgorithms,
 	sX509KeyAlgorithm,
@@ -345,7 +346,6 @@
 	sCAldapVersion, sCAldapURL,
 	sVAType, sVACertificateFile,
-	sVAOCSPResponderURL,
+	sVAOCSPResponderURL
-	sDeprecated, sUnsupported
 } ServerOpCodes;
 
 /* Textual representation of the tokens. */
@@ -446,6 +446,7 @@
 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
 	{ "acceptenv", sAcceptEnv },
+	{ "permittunnel", sPermitTunnel },
 	{ "hostbasedalgorithms", sHostbasedAlgorithms },
 	{ "pubkeyalgorithms", sPubkeyAlgorithms },
 	{ "x509rsasigtype", sDeprecated },
@@ -462,7 +463,6 @@
 	{ "vatype", sVAType },
 	{ "vacertificatefile", sVACertificateFile },
 	{ "vaocspresponderurl", sVAOCSPResponderURL },
-	{ "permittunnel", sPermitTunnel },
 	{ NULL, sBadOption }
 };