2 files changed, 15 insertions, 6 deletions

diff --git a/ChangeLog b/ChangeLog
index 13f619a60..990a7e536 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 20101024
  - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
+ - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
+   which don't have ECC support in libcrypto.
  - (dtucker) OpenBSD CVS Sync
    - sthen@cvs.openbsd.org 2010/10/23 22:06:12
      [sftp.c]
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 22ae4999d..7461beca6 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -3,6 +3,13 @@
 
 tid="certified host keys"
 
+# used to disable ECC based tests on platforms without ECC
+ecdsa=""
+if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1
+then
+        ecdsa=ecdsa
+fi
+
 rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 
@@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa  -f $OBJ/host_ca_key ||\
 ) > $OBJ/known_hosts-cert
 
 # Generate and sign host keys
-for ktype in rsa dsa ecdsa ; do 
+for ktype in rsa dsa $ecdsa ; do 
         verbose "$tid: sign host ${ktype} cert"
         # Generate and sign a host key
         ${SSHKEYGEN} -q -N '' -t ${ktype} \
@@ -40,7 +47,7 @@ done
 
 # Basic connect tests
 for privsep in yes no ; do
-        for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 
+        for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do 
                 verbose "$tid: host ${ktype} cert connect privsep $privsep"
                 (
                         cat $OBJ/sshd_proxy_bak
@@ -80,7 +87,7 @@ done
         cat $OBJ/cert_host_key_dsa_v00.pub
 ) > $OBJ/known_hosts-cert
 for privsep in yes no ; do
-        for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 
+        for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do 
                 verbose "$tid: host ${ktype} revoked cert privsep $privsep"
                 (
                         cat $OBJ/sshd_proxy_bak
@@ -107,7 +114,7 @@ done
         echon "* "
         cat $OBJ/host_ca_key.pub
 ) > $OBJ/known_hosts-cert
-for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do 
+for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do 
         verbose "$tid: host ${ktype} revoked cert"
         (
                 cat $OBJ/sshd_proxy_bak
@@ -178,7 +185,7 @@ test_one "cert has constraints"	failure "-h -Oforce-command=false"
 
 # Check downgrade of cert to raw key when no CA found
 for v in v01 v00 ;  do 
-        for ktype in rsa dsa ecdsa ; do 
+        for ktype in rsa dsa $ecdsa ; do 
                 # v00 ecdsa certs do not exist.
                 test "${v}${ktype}" = "v00ecdsa" && continue
                 rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
@@ -217,7 +224,7 @@ done
         cat $OBJ/host_ca_key.pub
 ) > $OBJ/known_hosts-cert
 for v in v01 v00 ;  do 
-        for kt in rsa dsa ecdsa ; do 
+        for kt in rsa dsa $ecdsa ; do 
                 # v00 ecdsa certs do not exist.
                 test "${v}${ktype}" = "v00ecdsa" && continue
                 rm -f $OBJ/cert_host_key*