diff options
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/krl.sh | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/regress/krl.sh b/regress/krl.sh index 287384b4a..a672e0daf 100644 --- a/regress/krl.sh +++ b/regress/krl.sh | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: krl.sh,v 1.3 2014/06/24 01:04:43 djm Exp $ | 1 | # $OpenBSD: krl.sh,v 1.4 2014/11/17 00:21:40 djm Exp $ |
| 2 | # Placed in the Public Domain. | 2 | # Placed in the Public Domain. |
| 3 | 3 | ||
| 4 | tid="key revocation lists" | 4 | tid="key revocation lists" |
| @@ -17,6 +17,8 @@ rm -f $OBJ/revoked-* $OBJ/krl-* | |||
| 17 | # Generate a CA key | 17 | # Generate a CA key |
| 18 | $SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null || | 18 | $SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null || |
| 19 | fatal "$SSHKEYGEN CA failed" | 19 | fatal "$SSHKEYGEN CA failed" |
| 20 | $SSHKEYGEN -t ed25519 -f $OBJ/revoked-ca2 -C "" -N "" > /dev/null || | ||
| 21 | fatal "$SSHKEYGEN CA2 failed" | ||
| 20 | 22 | ||
| 21 | # A specification that revokes some certificates by serial numbers | 23 | # A specification that revokes some certificates by serial numbers |
| 22 | # The serial pattern is chosen to ensure the KRL includes list, range and | 24 | # The serial pattern is chosen to ensure the KRL includes list, range and |
| @@ -93,13 +95,17 @@ $SSHKEYGEN $OPTS -kf $OBJ/krl-all $REVOKED_KEYS $REVOKED_CERTS \ | |||
| 93 | >/dev/null || fatal "$SSHKEYGEN KRL failed" | 95 | >/dev/null || fatal "$SSHKEYGEN KRL failed" |
| 94 | $SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \ | 96 | $SSHKEYGEN $OPTS -kf $OBJ/krl-ca $OBJ/revoked-ca.pub \ |
| 95 | >/dev/null || fatal "$SSHKEYGEN KRL failed" | 97 | >/dev/null || fatal "$SSHKEYGEN KRL failed" |
| 96 | # KRLs from serial/key-id spec need the CA specified. | 98 | # This should fail as KRLs from serial/key-id spec need the CA specified. |
| 97 | $SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \ | 99 | $SSHKEYGEN $OPTS -kf $OBJ/krl-serial $OBJ/revoked-serials \ |
| 98 | >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" | 100 | >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" |
| 99 | $SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \ | 101 | $SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \ |
| 100 | >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" | 102 | >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" |
| 101 | $SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \ | 103 | $SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \ |
| 102 | >/dev/null || fatal "$SSHKEYGEN KRL failed" | 104 | >/dev/null || fatal "$SSHKEYGEN KRL failed" |
| 105 | # Revoke the same serials with the second CA key to ensure a multi-CA | ||
| 106 | # KRL is generated. | ||
| 107 | $SSHKEYGEN $OPTS -kf $OBJ/krl-serial -u -s $OBJ/revoked-ca2 \ | ||
| 108 | $OBJ/revoked-serials >/dev/null || fatal "$SSHKEYGEN KRL failed" | ||
| 103 | $SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \ | 109 | $SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \ |
| 104 | >/dev/null || fatal "$SSHKEYGEN KRL failed" | 110 | >/dev/null || fatal "$SSHKEYGEN KRL failed" |
| 105 | } | 111 | } |