From 303af5803bd74bf05d375c04e1a83b40c30b2be5 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 3 Jul 2018 11:43:49 +0000
Subject: upstream: some magic for RSA-SHA2 checks

OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4
---
 regress/cert-hostkey.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'regress/cert-hostkey.sh')

diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 3d5732a5d..d2ecd318b 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-hostkey.sh,v 1.15 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: cert-hostkey.sh,v 1.16 2018/07/03 11:43:49 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified host keys"
@@ -14,6 +14,13 @@ for i in `$SSH -Q key`; do
 		continue
 	fi
 	case "$i" in
+	# Special treatment for RSA keys.
+	*rsa*cert*)
+		types="rsa-sha2-256-cert-v01@openssh.com,$i,$types"
+		types="rsa-sha2-512-cert-v01@openssh.com,$types";;
+	*rsa*)
+		types="$types,rsa-sha2-512,rsa-sha2-256,$i";;
+	# Prefer certificate to plain keys.
 	*cert*)	types="$i,$types";;
 	*)	types="$types,$i";;
 	esac
-- 
cgit v1.2.3