Age | Commit message (Collapse) | Author |
|
in portable and it's long gone in openbsd.
|
|
[regress/rekey.sh]
add tests for RekeyLimit parsing
|
|
[regress/rekey.sh]
add server-side rekey test
|
|
[regress/rekey.sh]
test rekeying when there's no data being transferred
|
|
[rekey.sh]
Add test for time-based rekeying
|
|
[modpipe.c]
sync some portability changes from portable OpenSSH (id sync only)
|
|
[multiplex.sh]
Add tests for -Oforward and -Ocancel for local and remote forwards
|
|
[multiplex.sh]
Write mux master logs to regress.log instead of ssh.log to keep separate
|
|
[Makefile regress/sftp-chroot.sh]
test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
|
|
[regress/Makefile regress/rekey.sh regress/integrity.sh
regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
save the output from any failing tests. If a test fails the debug output
from ssh and sshd for the failing tests (and only the failing tests) should
be available in failed-ssh{,d}.log.
|
|
[regress/rekey.sh regress/test-exec.sh regress/integrity.sh
regress/multiplex.sh Makefile regress/cfgmatch.sh]
Split the regress log into 3 parts: the debug output from ssh, the debug
log from sshd and the output from the client command (ssh, scp or sftp).
Somewhat functional now, will become more useful when ssh/sshd -E is added.
|
|
[test-exec.sh]
Only regenerate host keys if they don't exist or if ssh-keygen has changed
since they were. Reduces test runtime by 5-30% depending on machine
speed.
|
|
[regress/proxy-connect.sh]
repeat test with a style appended to the username
|
|
openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
portability code to getopt_long.c and switch over Makefile and the ugly
hack in modpipe.c. Fixes bz#1448.
|
|
Improve portability of cipher-speed test, based mostly on a patch from
Iain Morgan.
|
|
connection to start so that the test works on slower machines.
|
|
HP/UX. Spotted by Kevin Brott
|
|
|
|
|
|
|
|
|
|
for UsePAM=yes configuration
|
|
[integrity.sh]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
|
|
|
|
[regress/modpipe.c]
s/Id/OpenBSD/ in RCS tag
|
|
[regress/integrity.sh regress/modpipe.c]
Add an option to modpipe that warns if the modification offset it not
reached in it's stream and turn it on for t-integrity. This should catch
cases where the session is not fuzzed for being too short (cf. my last
"oops" commit)
|
|
err.h include from krl.c. Additional portability fixes for modpipe. OK djm
|
|
|
|
lack support for SHA2.
|
|
[integrity.sh]
oops, forgot to increase the output of the ssh command to ensure that
we actually reach $offset
|
|
[integrity.sh]
crank the offset yet again; it was still fuzzing KEX one of Darren's
portable test hosts at 2800
|
|
[integrity.sh]
make the ssh command generates some output to ensure that there are at
least offset+tries bytes in the stream.
|
|
[integrity.sh]
make sure the fuzz offset is actually past the end of KEX for all KEX
types. diffie-hellman-group-exchange-sha256 requires an offset around
2700. Noticed via test failures in portable OpenSSH on platforms that
lack ECC and this the more byte-frugal ECDH KEX algorithms.
|
|
of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
Iain Morgan
|
|
|
|
|
|
|
|
[try-ciphers.sh]
remove acss here too
|
|
|
|
[regress/Makefile regress/cert-userkey.sh regress/krl.sh]
Tests for Key Revocation Lists (KRLs)
|
|
check for GCM support before testing GCM ciphers.
|
|
|
|
[regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
test AES-GCM modes; feedback markus@
|
|
|
|
|
|
work on platforms without 'jot'
|
|
[try-ciphers.sh]
add hmac-ripemd160-etm@openssh.com
|
|
[regress/Makefile regress/modpipe.c regress/integrity.sh]
test the integrity of the packets; with djm@
|
|
[regress/try-ciphers.sh]
add etm modes
|
|
[regress/keys-command.sh]
Fix some problems with the keys-command test:
- use string comparison rather than numeric comparison
- check for existing KEY_COMMAND file and don't clobber if it exists
- clean up KEY_COMMAND file if we do create it.
- check that KEY_COMMAND is executable (which it won't be if eg /var/run
is mounted noexec).
ok djm.
|