RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2024-12-27 20:42:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

- (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms

Browse Source 
which don't have ECC support in libcrypto.
This commit is contained in:
Darren Tucker 2010-10-24 11:19:26 +11:00
parent d78739ab90
commit bfd9b1be41
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -1,5 +1,7 @@
20101024
- (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
- (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
which don't have ECC support in libcrypto.
- (dtucker) OpenBSD CVS Sync
- sthen@cvs.openbsd.org 2010/10/23 22:06:12
[sftp.c]

19
regress/cert-hostkey.sh
View File

@ -3,6 +3,13 @@
tid="certified host keys"
# used to disable ECC based tests on platforms without ECC
ecdsa=""
if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1
then
ecdsa=ecdsa
fi
rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\
) > $OBJ/known_hosts-cert
# Generate and sign host keys
for ktype in rsa dsa ecdsa ; do
for ktype in rsa dsa $ecdsa ; do
verbose "$tid: sign host ${ktype} cert"
# Generate and sign a host key
${SSHKEYGEN} -q -N '' -t ${ktype} \
@ -40,7 +47,7 @@ done
# Basic connect tests
for privsep in yes no ; do
for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do
for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
verbose "$tid: host ${ktype} cert connect privsep $privsep"
(
cat $OBJ/sshd_proxy_bak
@ -80,7 +87,7 @@ done
cat $OBJ/cert_host_key_dsa_v00.pub
) > $OBJ/known_hosts-cert
for privsep in yes no ; do
for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do
for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do
verbose "$tid: host ${ktype} revoked cert privsep $privsep"
(
cat $OBJ/sshd_proxy_bak
@ -107,7 +114,7 @@ done
echon "* "
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do
for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do
verbose "$tid: host ${ktype} revoked cert"
(
cat $OBJ/sshd_proxy_bak
@ -178,7 +185,7 @@ test_one "cert has constraints" failure "-h -Oforce-command=false"
# Check downgrade of cert to raw key when no CA found
for v in v01 v00 ; do
for ktype in rsa dsa ecdsa ; do
for ktype in rsa dsa $ecdsa ; do
# v00 ecdsa certs do not exist.
test "${v}${ktype}" = "v00ecdsa" && continue
rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
@ -217,7 +224,7 @@ done
cat $OBJ/host_ca_key.pub
) > $OBJ/known_hosts-cert
for v in v01 v00 ; do
for kt in rsa dsa ecdsa ; do
for kt in rsa dsa $ecdsa ; do
# v00 ecdsa certs do not exist.
test "${v}${ktype}" = "v00ecdsa" && continue
rm -f $OBJ/cert_host_key*