summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog2
-rw-r--r--regress/cert-hostkey.sh19
2 files changed, 15 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 13f619a60..990a7e536 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
120101024 120101024
2 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 2 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
3 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
4 which don't have ECC support in libcrypto.
3 - (dtucker) OpenBSD CVS Sync 5 - (dtucker) OpenBSD CVS Sync
4 - sthen@cvs.openbsd.org 2010/10/23 22:06:12 6 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
5 [sftp.c] 7 [sftp.c]
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 22ae4999d..7461beca6 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -3,6 +3,13 @@
3 3
4tid="certified host keys" 4tid="certified host keys"
5 5
6# used to disable ECC based tests on platforms without ECC
7ecdsa=""
8if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1
9then
10 ecdsa=ecdsa
11fi
12
6rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* 13rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 14cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
8 15
@@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\
18) > $OBJ/known_hosts-cert 25) > $OBJ/known_hosts-cert
19 26
20# Generate and sign host keys 27# Generate and sign host keys
21for ktype in rsa dsa ecdsa ; do 28for ktype in rsa dsa $ecdsa ; do
22 verbose "$tid: sign host ${ktype} cert" 29 verbose "$tid: sign host ${ktype} cert"
23 # Generate and sign a host key 30 # Generate and sign a host key
24 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 31 ${SSHKEYGEN} -q -N '' -t ${ktype} \
@@ -40,7 +47,7 @@ done
40 47
41# Basic connect tests 48# Basic connect tests
42for privsep in yes no ; do 49for privsep in yes no ; do
43 for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 50 for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
44 verbose "$tid: host ${ktype} cert connect privsep $privsep" 51 verbose "$tid: host ${ktype} cert connect privsep $privsep"
45 ( 52 (
46 cat $OBJ/sshd_proxy_bak 53 cat $OBJ/sshd_proxy_bak
@@ -80,7 +87,7 @@ done
80 cat $OBJ/cert_host_key_dsa_v00.pub 87 cat $OBJ/cert_host_key_dsa_v00.pub
81) > $OBJ/known_hosts-cert 88) > $OBJ/known_hosts-cert
82for privsep in yes no ; do 89for privsep in yes no ; do
83 for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 90 for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
84 verbose "$tid: host ${ktype} revoked cert privsep $privsep" 91 verbose "$tid: host ${ktype} revoked cert privsep $privsep"
85 ( 92 (
86 cat $OBJ/sshd_proxy_bak 93 cat $OBJ/sshd_proxy_bak
@@ -107,7 +114,7 @@ done
107 echon "* " 114 echon "* "
108 cat $OBJ/host_ca_key.pub 115 cat $OBJ/host_ca_key.pub
109) > $OBJ/known_hosts-cert 116) > $OBJ/known_hosts-cert
110for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do 117for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
111 verbose "$tid: host ${ktype} revoked cert" 118 verbose "$tid: host ${ktype} revoked cert"
112 ( 119 (
113 cat $OBJ/sshd_proxy_bak 120 cat $OBJ/sshd_proxy_bak
@@ -178,7 +185,7 @@ test_one "cert has constraints" failure "-h -Oforce-command=false"
178 185
179# Check downgrade of cert to raw key when no CA found 186# Check downgrade of cert to raw key when no CA found
180for v in v01 v00 ; do 187for v in v01 v00 ; do
181 for ktype in rsa dsa ecdsa ; do 188 for ktype in rsa dsa $ecdsa ; do
182 # v00 ecdsa certs do not exist. 189 # v00 ecdsa certs do not exist.
183 test "${v}${ktype}" = "v00ecdsa" && continue 190 test "${v}${ktype}" = "v00ecdsa" && continue
184 rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* 191 rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
@@ -217,7 +224,7 @@ done
217 cat $OBJ/host_ca_key.pub 224 cat $OBJ/host_ca_key.pub
218) > $OBJ/known_hosts-cert 225) > $OBJ/known_hosts-cert
219for v in v01 v00 ; do 226for v in v01 v00 ; do
220 for kt in rsa dsa ecdsa ; do 227 for kt in rsa dsa $ecdsa ; do
221 # v00 ecdsa certs do not exist. 228 # v00 ecdsa certs do not exist.
222 test "${v}${ktype}" = "v00ecdsa" && continue 229 test "${v}${ktype}" = "v00ecdsa" && continue
223 rm -f $OBJ/cert_host_key* 230 rm -f $OBJ/cert_host_key*