diff options
| author | Damien Miller <djm@mindrot.org> | 2013-01-18 11:51:56 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-01-18 11:51:56 +1100 |
| commit | ebafebda8570b2b013327cdc6627f9c5fb9733c1 (patch) | |
| tree | e08b1095cb132f11d9921427dd94ee0ed053b090 /regress/cert-userkey.sh | |
| parent | f3747bf4014a450c9aaf1d88b010f6e579d10072 (diff) | |
- djm@cvs.openbsd.org 2013/01/18 00:45:29
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
Tests for Key Revocation Lists (KRLs)
Diffstat (limited to 'regress/cert-userkey.sh')
| -rw-r--r-- | regress/cert-userkey.sh | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index aa85cd6cb..3bba9f8f2 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: cert-userkey.sh,v 1.9 2012/10/19 05:10:42 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.10 2013/01/18 00:45:29 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="certified user keys" | 4 | tid="certified user keys" |
| @@ -184,14 +184,32 @@ basic_tests() { | |||
| 184 | ( | 184 | ( |
| 185 | cat $OBJ/sshd_proxy_bak | 185 | cat $OBJ/sshd_proxy_bak |
| 186 | echo "UsePrivilegeSeparation $privsep" | 186 | echo "UsePrivilegeSeparation $privsep" |
| 187 | echo "RevokedKeys $OBJ/cert_user_key_${ktype}.pub" | 187 | echo "RevokedKeys $OBJ/cert_user_key_revoked" |
| 188 | echo "$extra_sshd" | 188 | echo "$extra_sshd" |
| 189 | ) > $OBJ/sshd_proxy | 189 | ) > $OBJ/sshd_proxy |
| 190 | cp $OBJ/cert_user_key_${ktype}.pub \ | ||
| 191 | $OBJ/cert_user_key_revoked | ||
| 190 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | 192 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ |
| 191 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 193 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
| 192 | if [ $? -eq 0 ]; then | 194 | if [ $? -eq 0 ]; then |
| 193 | fail "ssh cert connect succeeded unexpecedly" | 195 | fail "ssh cert connect succeeded unexpecedly" |
| 194 | fi | 196 | fi |
| 197 | verbose "$tid: ${_prefix} revoked via KRL" | ||
| 198 | rm $OBJ/cert_user_key_revoked | ||
| 199 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked \ | ||
| 200 | $OBJ/cert_user_key_${ktype}.pub | ||
| 201 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
| 202 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
| 203 | if [ $? -eq 0 ]; then | ||
| 204 | fail "ssh cert connect succeeded unexpecedly" | ||
| 205 | fi | ||
| 206 | verbose "$tid: ${_prefix} empty KRL" | ||
| 207 | ${SSHKEYGEN} -kqf $OBJ/cert_user_key_revoked | ||
| 208 | ${SSH} -2i $OBJ/cert_user_key_${ktype} \ | ||
| 209 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | ||
| 210 | if [ $? -ne 0 ]; then | ||
| 211 | fail "ssh cert connect failed" | ||
| 212 | fi | ||
| 195 | done | 213 | done |
| 196 | 214 | ||
| 197 | # Revoked CA | 215 | # Revoked CA |