summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
Diffstat (limited to 'regress')
-rw-r--r--regress/cert-hostkey.sh19
1 files changed, 13 insertions, 6 deletions
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 22ae4999d..7461beca6 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -3,6 +3,13 @@
3 3
4tid="certified host keys" 4tid="certified host keys"
5 5
6# used to disable ECC based tests on platforms without ECC
7ecdsa=""
8if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1
9then
10 ecdsa=ecdsa
11fi
12
6rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* 13rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
7cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak 14cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
8 15
@@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\
18) > $OBJ/known_hosts-cert 25) > $OBJ/known_hosts-cert
19 26
20# Generate and sign host keys 27# Generate and sign host keys
21for ktype in rsa dsa ecdsa ; do 28for ktype in rsa dsa $ecdsa ; do
22 verbose "$tid: sign host ${ktype} cert" 29 verbose "$tid: sign host ${ktype} cert"
23 # Generate and sign a host key 30 # Generate and sign a host key
24 ${SSHKEYGEN} -q -N '' -t ${ktype} \ 31 ${SSHKEYGEN} -q -N '' -t ${ktype} \
@@ -40,7 +47,7 @@ done
40 47
41# Basic connect tests 48# Basic connect tests
42for privsep in yes no ; do 49for privsep in yes no ; do
43 for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 50 for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
44 verbose "$tid: host ${ktype} cert connect privsep $privsep" 51 verbose "$tid: host ${ktype} cert connect privsep $privsep"
45 ( 52 (
46 cat $OBJ/sshd_proxy_bak 53 cat $OBJ/sshd_proxy_bak
@@ -80,7 +87,7 @@ done
80 cat $OBJ/cert_host_key_dsa_v00.pub 87 cat $OBJ/cert_host_key_dsa_v00.pub
81) > $OBJ/known_hosts-cert 88) > $OBJ/known_hosts-cert
82for privsep in yes no ; do 89for privsep in yes no ; do
83 for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 90 for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
84 verbose "$tid: host ${ktype} revoked cert privsep $privsep" 91 verbose "$tid: host ${ktype} revoked cert privsep $privsep"
85 ( 92 (
86 cat $OBJ/sshd_proxy_bak 93 cat $OBJ/sshd_proxy_bak
@@ -107,7 +114,7 @@ done
107 echon "* " 114 echon "* "
108 cat $OBJ/host_ca_key.pub 115 cat $OBJ/host_ca_key.pub
109) > $OBJ/known_hosts-cert 116) > $OBJ/known_hosts-cert
110for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do 117for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
111 verbose "$tid: host ${ktype} revoked cert" 118 verbose "$tid: host ${ktype} revoked cert"
112 ( 119 (
113 cat $OBJ/sshd_proxy_bak 120 cat $OBJ/sshd_proxy_bak
@@ -178,7 +185,7 @@ test_one "cert has constraints" failure "-h -Oforce-command=false"
178 185
179# Check downgrade of cert to raw key when no CA found 186# Check downgrade of cert to raw key when no CA found
180for v in v01 v00 ; do 187for v in v01 v00 ; do
181 for ktype in rsa dsa ecdsa ; do 188 for ktype in rsa dsa $ecdsa ; do
182 # v00 ecdsa certs do not exist. 189 # v00 ecdsa certs do not exist.
183 test "${v}${ktype}" = "v00ecdsa" && continue 190 test "${v}${ktype}" = "v00ecdsa" && continue
184 rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* 191 rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
@@ -217,7 +224,7 @@ done
217 cat $OBJ/host_ca_key.pub 224 cat $OBJ/host_ca_key.pub
218) > $OBJ/known_hosts-cert 225) > $OBJ/known_hosts-cert
219for v in v01 v00 ; do 226for v in v01 v00 ; do
220 for kt in rsa dsa ecdsa ; do 227 for kt in rsa dsa $ecdsa ; do
221 # v00 ecdsa certs do not exist. 228 # v00 ecdsa certs do not exist.
222 test "${v}${ktype}" = "v00ecdsa" && continue 229 test "${v}${ktype}" = "v00ecdsa" && continue
223 rm -f $OBJ/cert_host_key* 230 rm -f $OBJ/cert_host_key*