diff options
author | Damien Miller <djm@mindrot.org> | 2010-03-04 21:57:21 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-03-04 21:57:21 +1100 |
commit | 017d1e777ef197eab866b9d0046e000a46baf10b (patch) | |
tree | 9fd0ffce102946db33980cc92cc2c17b568d6bfb /regress/cert-hostkey.sh | |
parent | 1aed65eb27feec505997c98621bdf158f9ab8b99 (diff) |
- djm@cvs.openbsd.org 2010/03/03 00:47:23
[regress/cert-hostkey.sh regress/cert-userkey.sh]
add an extra test to ensure that authentication with the wrong
certificate fails as it should (and it does)
Diffstat (limited to 'regress/cert-hostkey.sh')
-rw-r--r-- | regress/cert-hostkey.sh | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 9539a927f..9097a1359 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.1 2010/02/26 20:33:21 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.2 2010/03/03 00:47:23 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
@@ -119,4 +119,31 @@ for ktype in rsa dsa ; do | |||
119 | fi | 119 | fi |
120 | done | 120 | done |
121 | 121 | ||
122 | # Wrong certificate | ||
123 | ( | ||
124 | echon '@cert-authority ' | ||
125 | echon "$HOSTS " | ||
126 | cat $OBJ/host_ca_key.pub | ||
127 | ) > $OBJ/known_hosts-cert | ||
128 | for ktype in rsa dsa ; do | ||
129 | # Self-sign key | ||
130 | ${SSHKEYGEN} -h -q -s $OBJ/cert_host_key_${ktype} \ | ||
131 | -I "regress host key for $USER" \ | ||
132 | -n $HOSTS $OBJ/cert_host_key_${ktype} || | ||
133 | fail "couldn't sign cert_host_key_${ktype}" | ||
134 | verbose "$tid: host ${ktype} connect wrong cert" | ||
135 | ( | ||
136 | cat $OBJ/sshd_proxy_bak | ||
137 | echo HostKey $OBJ/cert_host_key_${ktype} | ||
138 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub | ||
139 | ) > $OBJ/sshd_proxy | ||
140 | |||
141 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | ||
142 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | ||
143 | -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1 | ||
144 | if [ $? -eq 0 ]; then | ||
145 | fail "ssh cert connect $ident succeeded unexpectedly" | ||
146 | fi | ||
147 | done | ||
148 | |||
122 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* | 149 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* |