diff options
Diffstat (limited to 'regress/cert-hostkey.sh')
-rw-r--r-- | regress/cert-hostkey.sh | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 86ea62504..097bf8463 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-hostkey.sh,v 1.18 2019/07/25 08:28:15 dtucker Exp $ | 1 | # $OpenBSD: cert-hostkey.sh,v 1.23 2020/01/03 03:02:26 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
@@ -9,7 +9,7 @@ rm -f $OBJ/cert_host_key* $OBJ/host_krl_* | |||
9 | # Allow all hostkey/pubkey types, prefer certs for the client | 9 | # Allow all hostkey/pubkey types, prefer certs for the client |
10 | rsa=0 | 10 | rsa=0 |
11 | types="" | 11 | types="" |
12 | for i in `$SSH -Q key`; do | 12 | for i in `$SSH -Q key | maybe_filter_sk`; do |
13 | if [ -z "$types" ]; then | 13 | if [ -z "$types" ]; then |
14 | types="$i" | 14 | types="$i" |
15 | continue | 15 | continue |
@@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain | |||
70 | touch $OBJ/host_revoked_cert | 70 | touch $OBJ/host_revoked_cert |
71 | cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca | 71 | cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca |
72 | 72 | ||
73 | PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` | 73 | PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'` |
74 | 74 | ||
75 | if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then | 75 | if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then |
76 | PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" | 76 | PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" |
@@ -131,7 +131,7 @@ attempt_connect() { | |||
131 | } | 131 | } |
132 | 132 | ||
133 | # Basic connect and revocation tests. | 133 | # Basic connect and revocation tests. |
134 | for privsep in yes sandbox ; do | 134 | for privsep in yes ; do |
135 | for ktype in $PLAIN_TYPES ; do | 135 | for ktype in $PLAIN_TYPES ; do |
136 | verbose "$tid: host ${ktype} cert connect privsep $privsep" | 136 | verbose "$tid: host ${ktype} cert connect privsep $privsep" |
137 | ( | 137 | ( |
@@ -169,7 +169,7 @@ for ktype in $PLAIN_TYPES ; do | |||
169 | kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig | 169 | kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig |
170 | done | 170 | done |
171 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert | 171 | cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert |
172 | for privsep in yes sandbox ; do | 172 | for privsep in yes ; do |
173 | for ktype in $PLAIN_TYPES ; do | 173 | for ktype in $PLAIN_TYPES ; do |
174 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" | 174 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" |
175 | ( | 175 | ( |
@@ -252,7 +252,7 @@ test_one() { | |||
252 | test_one "user-certificate" failure "-n $HOSTS" | 252 | test_one "user-certificate" failure "-n $HOSTS" |
253 | test_one "empty principals" success "-h" | 253 | test_one "empty principals" success "-h" |
254 | test_one "wrong principals" failure "-h -n foo" | 254 | test_one "wrong principals" failure "-h -n foo" |
255 | test_one "cert not yet valid" failure "-h -V20200101:20300101" | 255 | test_one "cert not yet valid" failure "-h -V20300101:20320101" |
256 | test_one "cert expired" failure "-h -V19800101:19900101" | 256 | test_one "cert expired" failure "-h -V19800101:19900101" |
257 | test_one "cert valid interval" success "-h -V-1w:+2w" | 257 | test_one "cert valid interval" success "-h -V-1w:+2w" |
258 | test_one "cert has constraints" failure "-h -Oforce-command=false" | 258 | test_one "cert has constraints" failure "-h -Oforce-command=false" |