From 9c01e0ae9889c05bfe68b2f1f1c5e5019e63ff0b Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Thu, 30 Aug 2018 00:58:56 +0100 Subject: Work around conch interoperability failure Twisted Conch fails to read private keys in the new format (https://twistedmatrix.com/trac/ticket/9515). Work around this until it can be fixed in Twisted. Forwarded: not-needed Last-Update: 2018-08-30 Patch-Name: conch-old-privkey-format.patch --- regress/Makefile | 5 +++-- regress/conch-ciphers.sh | 2 +- regress/test-exec.sh | 12 ++++++++++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/regress/Makefile b/regress/Makefile index 925edf71a..6fdfcc8ca 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -110,8 +110,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ modpipe netcat no_identity_config \ pidfile putty.rsa2 ready regress.log \ remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \ - rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ - rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ + rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \ + rsa_oldfmt rsa_oldfmt.pub \ + rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh index 199d863a0..c7df19fd4 100644 --- a/regress/conch-ciphers.sh +++ b/regress/conch-ciphers.sh @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ rm -f ${COPY} # XXX the 2nd "cat" seems to be needed because of buggy FD handling # in conch - ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ + ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER -e none \ --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} if [ $? -ne 0 ]; then diff --git a/regress/test-exec.sh b/regress/test-exec.sh index b8e2009de..08338121b 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no if test -x "$CONCH" ; then REGRESS_INTEROP_CONCH=yes fi +case "$SCRIPT" in +*conch*) ;; +*) REGRESS_INTEROP_CONCH=no +esac + +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then + # Convert rsa key to old format to work around + # https://twistedmatrix.com/trac/ticket/9515 + cp $OBJ/rsa $OBJ/rsa_oldfmt + cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null +fi # If PuTTY is present and we are running a PuTTY test, prepare keys and # configuration