diff options
Diffstat (limited to 'regress/cert-hostkey.sh')
-rw-r--r-- | regress/cert-hostkey.sh | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index baaa35b2c..51685dc2b 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,9 +1,9 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.10 2014/12/04 22:31:50 djm Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.11 2015/01/19 06:01:32 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
5 | 5 | ||
6 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/host_revoked_* | 6 | rm -f $OBJ/known_hosts-cert* $OBJ/host_ca_key* $OBJ/host_revoked_* |
7 | rm -f $OBJ/cert_host_key* $OBJ/host_krl_* | 7 | rm -f $OBJ/cert_host_key* $OBJ/host_krl_* |
8 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 8 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
9 | 9 | ||
@@ -16,7 +16,8 @@ ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/host_ca_key ||\ | |||
16 | printf '@cert-authority ' | 16 | printf '@cert-authority ' |
17 | printf "$HOSTS " | 17 | printf "$HOSTS " |
18 | cat $OBJ/host_ca_key.pub | 18 | cat $OBJ/host_ca_key.pub |
19 | ) > $OBJ/known_hosts-cert | 19 | ) > $OBJ/known_hosts-cert.orig |
20 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
20 | 21 | ||
21 | # Plain text revocation files | 22 | # Plain text revocation files |
22 | touch $OBJ/host_revoked_empty | 23 | touch $OBJ/host_revoked_empty |
@@ -79,6 +80,7 @@ attempt_connect() { | |||
79 | _expect_success="$2" | 80 | _expect_success="$2" |
80 | shift; shift | 81 | shift; shift |
81 | verbose "$tid: $_ident expect success $_expect_success" | 82 | verbose "$tid: $_ident expect success $_expect_success" |
83 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
82 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 84 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
83 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 85 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
84 | "$@" -F $OBJ/ssh_proxy somehost true | 86 | "$@" -F $OBJ/ssh_proxy somehost true |
@@ -135,7 +137,8 @@ done | |||
135 | test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey" | 137 | test -f "$OBJ/cert_host_key_${ktype}.pub" || fatal "no pubkey" |
136 | printf "@revoked * `cat $OBJ/cert_host_key_${ktype}.pub`\n" | 138 | printf "@revoked * `cat $OBJ/cert_host_key_${ktype}.pub`\n" |
137 | done | 139 | done |
138 | ) > $OBJ/known_hosts-cert | 140 | ) > $OBJ/known_hosts-cert.orig |
141 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
139 | for privsep in yes no ; do | 142 | for privsep in yes no ; do |
140 | for ktype in $PLAIN_TYPES rsa_v00 dsa_v00; do | 143 | for ktype in $PLAIN_TYPES rsa_v00 dsa_v00; do |
141 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" | 144 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" |
@@ -146,6 +149,7 @@ for privsep in yes no ; do | |||
146 | echo UsePrivilegeSeparation $privsep | 149 | echo UsePrivilegeSeparation $privsep |
147 | ) > $OBJ/sshd_proxy | 150 | ) > $OBJ/sshd_proxy |
148 | 151 | ||
152 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
149 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 153 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
150 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 154 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
151 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 155 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
@@ -163,7 +167,8 @@ done | |||
163 | printf '@revoked ' | 167 | printf '@revoked ' |
164 | printf "* " | 168 | printf "* " |
165 | cat $OBJ/host_ca_key.pub | 169 | cat $OBJ/host_ca_key.pub |
166 | ) > $OBJ/known_hosts-cert | 170 | ) > $OBJ/known_hosts-cert.orig |
171 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
167 | for ktype in $PLAIN_TYPES rsa_v00 dsa_v00 ; do | 172 | for ktype in $PLAIN_TYPES rsa_v00 dsa_v00 ; do |
168 | verbose "$tid: host ${ktype} revoked cert" | 173 | verbose "$tid: host ${ktype} revoked cert" |
169 | ( | 174 | ( |
@@ -171,6 +176,7 @@ for ktype in $PLAIN_TYPES rsa_v00 dsa_v00 ; do | |||
171 | echo HostKey $OBJ/cert_host_key_${ktype} | 176 | echo HostKey $OBJ/cert_host_key_${ktype} |
172 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub | 177 | echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub |
173 | ) > $OBJ/sshd_proxy | 178 | ) > $OBJ/sshd_proxy |
179 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
174 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 180 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
175 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 181 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
176 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 182 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
@@ -184,7 +190,8 @@ done | |||
184 | printf '@cert-authority ' | 190 | printf '@cert-authority ' |
185 | printf "$HOSTS " | 191 | printf "$HOSTS " |
186 | cat $OBJ/host_ca_key.pub | 192 | cat $OBJ/host_ca_key.pub |
187 | ) > $OBJ/known_hosts-cert | 193 | ) > $OBJ/known_hosts-cert.orig |
194 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
188 | 195 | ||
189 | test_one() { | 196 | test_one() { |
190 | ident=$1 | 197 | ident=$1 |
@@ -209,6 +216,7 @@ test_one() { | |||
209 | echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub | 216 | echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub |
210 | ) > $OBJ/sshd_proxy | 217 | ) > $OBJ/sshd_proxy |
211 | 218 | ||
219 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
212 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 220 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
213 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 221 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
214 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 | 222 | -F $OBJ/ssh_proxy somehost true >/dev/null 2>&1 |
@@ -271,7 +279,8 @@ done | |||
271 | printf '@cert-authority ' | 279 | printf '@cert-authority ' |
272 | printf "$HOSTS " | 280 | printf "$HOSTS " |
273 | cat $OBJ/host_ca_key.pub | 281 | cat $OBJ/host_ca_key.pub |
274 | ) > $OBJ/known_hosts-cert | 282 | ) > $OBJ/known_hosts-cert.orig |
283 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
275 | for v in v01 v00 ; do | 284 | for v in v01 v00 ; do |
276 | for kt in $PLAIN_TYPES ; do | 285 | for kt in $PLAIN_TYPES ; do |
277 | type_has_legacy $kt || continue | 286 | type_has_legacy $kt || continue |
@@ -291,6 +300,7 @@ for v in v01 v00 ; do | |||
291 | echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub | 300 | echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub |
292 | ) > $OBJ/sshd_proxy | 301 | ) > $OBJ/sshd_proxy |
293 | 302 | ||
303 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | ||
294 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ | 304 | ${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \ |
295 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ | 305 | -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \ |
296 | -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1 | 306 | -F $OBJ/ssh_proxy -q somehost true >/dev/null 2>&1 |
@@ -300,4 +310,4 @@ for v in v01 v00 ; do | |||
300 | done | 310 | done |
301 | done | 311 | done |
302 | 312 | ||
303 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* | 313 | rm -f $OBJ/known_hosts-cert* $OBJ/host_ca_key* $OBJ/cert_host_key* |