Age | Commit message (Collapse) | Author |
|
this test was broken in at least two ways, such that it
wasn't checking that a KRL was not excluding valid keys
|
|
be a bit more careful in these tests to ensure that
known_hosts is clean
|
|
regression test for known_host file editing using
ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok
markus@
|
|
more and better key tests
test signatures and verification
test certificate generation
flesh out nested cert test
removes most of the XXX todo markers
|
|
make the signature fuzzing test much more rigorous:
ensure that the fuzzed input cases do not match the original (using new
fuzz_matches_original() function) and check that the verification fails in
each case
|
|
add a fuzz_matches_original() function to the fuzzer to
detect fuzz cases that are identical to the original data. Hacky
implementation, but very useful when you need the fuzz to be different, e.g.
when verifying signature
|
|
better dumps from the fuzzer (shown on errors) -
include the original data as well as the fuzzed copy.
|
|
enable hostkey-agent.sh test
|
|
unit test for hostkeys in ssh-agent
|
|
add kex unit tests
|
|
|
|
unit tests for KRL bitmap
|
|
re-add comment about full path
|
|
don't reset to the installed sshd; connect before
reconfigure, too
|
|
implement a SIGINFO handler so we can discern a stuck
fuzz test from a merely glacial one; prompted by and ok markus
|
|
use $SSH instead of installed ssh to allow override;
spotted by markus@
|
|
regress test for PubkeyAcceptedKeyTypes; ok markus@
|
|
unbreak parsing of pubkey comments; with gerhard; ok
djm/deraadt
|
|
fatal if soft-PKCS11 library is missing rather (rather
than continue and fail with a more cryptic error)
|
|
let this test all supporte key types; pointed out/ok
markus@
|
|
|
|
adjust for sshkey_load_file() API change
|
|
|
|
regression test for multiple required pubkey authentication;
ok markus@
|
|
make this slightly easier to diff against portable
|
|
|
|
adjust for new SHA256 key fingerprints and
slightly-different MD5 hex fingerprint format
|
|
poll changes to netcat (usr.bin/netcat.c r1.125) broke
this test; fix it by ensuring more stdio fds are sent to devnull
|
|
add tests for new client RevokedHostKeys option; refactor
to make it a bit more readable
|
|
Nuke yet more obvious #include duplications.
ok deraadt@
|
|
fix KRL generation when multiple CAs are in use
We would generate an invalid KRL when revoking certs by serial
number for multiple CA keys due to a section being written out
twice.
Also extend the regress test to catch this case by having it
produce a multi-CA KRL.
Reported by peter AT pean.org
|
|
[regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
[regress/unittests/sshkey/common.c]
[regress/unittests/sshkey/test_file.c]
[regress/unittests/sshkey/test_fuzz.c]
[regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
on !ECC OpenSSL systems
|
|
don't set __progname. Diagnosed by Tom Christensen.
|
|
nc from stdin, it's more portable
|
|
is closed; avoid regress failures when stdin is /dev/null
|
|
a better solution, but this will have to do for now.
|
|
pointed out by Christian Hesse
|
|
[regress/unittests/sshkey/testdata/*]
Regenerate test keys with certs signed with ed25519 instead of ecdsa.
These can be used in -portable on platforms that don't support ECDSA.
|
|
[regress/unittests/sshkey/mktestdata.sh]
Add $OpenBSD tag to make syncs easier
|
|
[regress/unittests/sshkey/mktestdata.sh]
Sign test certs with ed25519 instead of ecdsa so that they'll work in
-portable on platforms that don't have ECDSA in their OpenSSL. ok djm
|
|
[regress/multiplex.sh]
change the test for still-open Unix domain sockets to be robust against
nc implementations that produce error messages. from -portable
(Id sync only)
|
|
specific tests inside OPENSSL_HAS_ECC.
|
|
domain sockets to be robust against nc implementations that produce
error messages.
|
|
put it back
|
|
|
|
[forwarding.sh multiplex.sh]
Add support for Unix domain socket forwarding. A remote TCP port
may be forwarded to a local Unix domain socket and vice versa or
both ends may be a Unix domain socket. This is a reimplementation
of the streamlocal patches by William Ahern from:
http://www.25thandclement.com/~william/projects/streamlocal.html
OK djm@ markus@
|
|
{common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in
ifdefs.
|
|
[multiplex.sh]
remove forced-fatal that I stuck in there to test the new cleanup
logic and forgot to remove...
|
|
[multiplex.sh test-exec.sh]
add a hook to the cleanup() function to kill $SSH_PID if it is set
use it to kill the mux master started in multiplex.sh (it was being left
around on fatal failures)
|
|
|