diff options
Diffstat (limited to 'regress/cert-userkey.sh')
-rw-r--r-- | regress/cert-userkey.sh | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh index 9588e0b6b..874915205 100644 --- a/regress/cert-userkey.sh +++ b/regress/cert-userkey.sh | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: cert-userkey.sh,v 1.1 2010/02/26 20:33:21 djm Exp $ | 1 | # $OpenBSD: cert-userkey.sh,v 1.2 2010/03/03 00:47:23 djm Exp $ |
2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
3 | 3 | ||
4 | tid="certified user keys" | 4 | tid="certified user keys" |
@@ -24,7 +24,6 @@ for ktype in rsa dsa ; do | |||
24 | "regress user key for $USER" \ | 24 | "regress user key for $USER" \ |
25 | -n $USER $OBJ/cert_user_key_${ktype} || | 25 | -n $USER $OBJ/cert_user_key_${ktype} || |
26 | fail "couldn't sign cert_user_key_${ktype}" | 26 | fail "couldn't sign cert_user_key_${ktype}" |
27 | |||
28 | done | 27 | done |
29 | 28 | ||
30 | # Basic connect tests | 29 | # Basic connect tests |
@@ -86,4 +85,19 @@ test_one "cert valid interval" success "-V-1w:+2w" | |||
86 | test_one "wrong source-address" failure "-Osource-address=10.0.0.0/8" | 85 | test_one "wrong source-address" failure "-Osource-address=10.0.0.0/8" |
87 | test_one "force-command" failure "-Oforce-command=false" | 86 | test_one "force-command" failure "-Oforce-command=false" |
88 | 87 | ||
88 | # Wrong certificate | ||
89 | for ktype in rsa dsa ; do | ||
90 | # Self-sign | ||
91 | ${SSHKEYGEN} -q -s $OBJ/cert_user_key_${ktype} -I \ | ||
92 | "regress user key for $USER" \ | ||
93 | -n $USER $OBJ/cert_user_key_${ktype} || | ||
94 | fail "couldn't sign cert_user_key_${ktype}" | ||
95 | verbose "$tid: user ${ktype} connect wrong cert" | ||
96 | ${SSH} -2i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \ | ||
97 | somehost true >/dev/null 2>&1 | ||
98 | if [ $? -eq 0 ]; then | ||
99 | fail "ssh cert connect $ident succeeded unexpectedly" | ||
100 | fi | ||
101 | done | ||
102 | |||
89 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* | 103 | rm -f $OBJ/authorized_keys_$USER $OBJ/user_ca_key* $OBJ/cert_user_key* |