From 1e94afdfa8df774ab7dd3bad52912b636dc31bbd Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 25 Jul 2019 08:28:15 +0000 Subject: upstream: Make certificate tests work with the supported key algorithms. Allows tests to pass when built without OpenSSL. OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc --- regress/cert-hostkey.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'regress/cert-hostkey.sh') diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 3ce777967..86ea62504 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cert-hostkey.sh,v 1.17 2018/10/31 11:09:27 dtucker Exp $ +# $OpenBSD: cert-hostkey.sh,v 1.18 2019/07/25 08:28:15 dtucker Exp $ # Placed in the Public Domain. tid="certified host keys" @@ -7,6 +7,7 @@ rm -f $OBJ/known_hosts-cert* $OBJ/host_ca_key* $OBJ/host_revoked_* rm -f $OBJ/cert_host_key* $OBJ/host_krl_* # Allow all hostkey/pubkey types, prefer certs for the client +rsa=0 types="" for i in `$SSH -Q key`; do if [ -z "$types" ]; then @@ -19,6 +20,7 @@ for i in `$SSH -Q key`; do types="rsa-sha2-256-cert-v01@openssh.com,$i,$types" types="rsa-sha2-512-cert-v01@openssh.com,$types";; *rsa*) + rsa=1 types="$types,rsa-sha2-512,rsa-sha2-256,$i";; # Prefer certificate to plain keys. *cert*) types="$i,$types";; @@ -51,10 +53,12 @@ kh_revoke() { } # Create a CA key and add it to known hosts. Ed25519 chosen for speed. -# RSA for testing RSA/SHA2 signatures. +# RSA for testing RSA/SHA2 signatures if supported. +ktype2=ed25519 +[ "x$rsa" = "x1" ] && ktype2=rsa ${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/host_ca_key ||\ fail "ssh-keygen of host_ca_key failed" -${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key2 ||\ +${SSHKEYGEN} -q -N '' -t $ktype2 -f $OBJ/host_ca_key2 ||\ fail "ssh-keygen of host_ca_key failed" kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig @@ -214,7 +218,7 @@ test_one() { result=$2 sign_opts=$3 - for kt in rsa ed25519 ; do + for kt in $PLAIN_TYPES; do case $ktype in rsa-sha2-*) tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;; *) tflag=""; ca="$OBJ/host_ca_key" ;; -- cgit v1.2.3