diff options
Diffstat (limited to 'regress')
-rw-r--r-- | regress/cert-hostkey.sh | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 22ae4999d..7461beca6 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh | |||
@@ -3,6 +3,13 @@ | |||
3 | 3 | ||
4 | tid="certified host keys" | 4 | tid="certified host keys" |
5 | 5 | ||
6 | # used to disable ECC based tests on platforms without ECC | ||
7 | ecdsa="" | ||
8 | if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1 | ||
9 | then | ||
10 | ecdsa=ecdsa | ||
11 | fi | ||
12 | |||
6 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* | 13 | rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* |
7 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak | 14 | cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak |
8 | 15 | ||
@@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ | |||
18 | ) > $OBJ/known_hosts-cert | 25 | ) > $OBJ/known_hosts-cert |
19 | 26 | ||
20 | # Generate and sign host keys | 27 | # Generate and sign host keys |
21 | for ktype in rsa dsa ecdsa ; do | 28 | for ktype in rsa dsa $ecdsa ; do |
22 | verbose "$tid: sign host ${ktype} cert" | 29 | verbose "$tid: sign host ${ktype} cert" |
23 | # Generate and sign a host key | 30 | # Generate and sign a host key |
24 | ${SSHKEYGEN} -q -N '' -t ${ktype} \ | 31 | ${SSHKEYGEN} -q -N '' -t ${ktype} \ |
@@ -40,7 +47,7 @@ done | |||
40 | 47 | ||
41 | # Basic connect tests | 48 | # Basic connect tests |
42 | for privsep in yes no ; do | 49 | for privsep in yes no ; do |
43 | for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do | 50 | for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do |
44 | verbose "$tid: host ${ktype} cert connect privsep $privsep" | 51 | verbose "$tid: host ${ktype} cert connect privsep $privsep" |
45 | ( | 52 | ( |
46 | cat $OBJ/sshd_proxy_bak | 53 | cat $OBJ/sshd_proxy_bak |
@@ -80,7 +87,7 @@ done | |||
80 | cat $OBJ/cert_host_key_dsa_v00.pub | 87 | cat $OBJ/cert_host_key_dsa_v00.pub |
81 | ) > $OBJ/known_hosts-cert | 88 | ) > $OBJ/known_hosts-cert |
82 | for privsep in yes no ; do | 89 | for privsep in yes no ; do |
83 | for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do | 90 | for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do |
84 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" | 91 | verbose "$tid: host ${ktype} revoked cert privsep $privsep" |
85 | ( | 92 | ( |
86 | cat $OBJ/sshd_proxy_bak | 93 | cat $OBJ/sshd_proxy_bak |
@@ -107,7 +114,7 @@ done | |||
107 | echon "* " | 114 | echon "* " |
108 | cat $OBJ/host_ca_key.pub | 115 | cat $OBJ/host_ca_key.pub |
109 | ) > $OBJ/known_hosts-cert | 116 | ) > $OBJ/known_hosts-cert |
110 | for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do | 117 | for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do |
111 | verbose "$tid: host ${ktype} revoked cert" | 118 | verbose "$tid: host ${ktype} revoked cert" |
112 | ( | 119 | ( |
113 | cat $OBJ/sshd_proxy_bak | 120 | cat $OBJ/sshd_proxy_bak |
@@ -178,7 +185,7 @@ test_one "cert has constraints" failure "-h -Oforce-command=false" | |||
178 | 185 | ||
179 | # Check downgrade of cert to raw key when no CA found | 186 | # Check downgrade of cert to raw key when no CA found |
180 | for v in v01 v00 ; do | 187 | for v in v01 v00 ; do |
181 | for ktype in rsa dsa ecdsa ; do | 188 | for ktype in rsa dsa $ecdsa ; do |
182 | # v00 ecdsa certs do not exist. | 189 | # v00 ecdsa certs do not exist. |
183 | test "${v}${ktype}" = "v00ecdsa" && continue | 190 | test "${v}${ktype}" = "v00ecdsa" && continue |
184 | rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* | 191 | rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* |
@@ -217,7 +224,7 @@ done | |||
217 | cat $OBJ/host_ca_key.pub | 224 | cat $OBJ/host_ca_key.pub |
218 | ) > $OBJ/known_hosts-cert | 225 | ) > $OBJ/known_hosts-cert |
219 | for v in v01 v00 ; do | 226 | for v in v01 v00 ; do |
220 | for kt in rsa dsa ecdsa ; do | 227 | for kt in rsa dsa $ecdsa ; do |
221 | # v00 ecdsa certs do not exist. | 228 | # v00 ecdsa certs do not exist. |
222 | test "${v}${ktype}" = "v00ecdsa" && continue | 229 | test "${v}${ktype}" = "v00ecdsa" && continue |
223 | rm -f $OBJ/cert_host_key* | 230 | rm -f $OBJ/cert_host_key* |