mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-25 11:22:10 +00:00
upstream commit
this test was broken in at least two ways, such that it wasn't checking that a KRL was not excluding valid keys
This commit is contained in:
parent
3f79765374
commit
d3716ca19e
@ -1,4 +1,4 @@
|
|||||||
# $OpenBSD: krl.sh,v 1.4 2014/11/17 00:21:40 djm Exp $
|
# $OpenBSD: krl.sh,v 1.5 2015/01/19 17:31:13 djm Exp $
|
||||||
# Placed in the Public Domain.
|
# Placed in the Public Domain.
|
||||||
|
|
||||||
tid="key revocation lists"
|
tid="key revocation lists"
|
||||||
@ -47,6 +47,7 @@ EOF
|
|||||||
# A specification that revokes some certificated by key ID.
|
# A specification that revokes some certificated by key ID.
|
||||||
touch $OBJ/revoked-keyid
|
touch $OBJ/revoked-keyid
|
||||||
for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do
|
for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do
|
||||||
|
test "x$n" = "x499" && continue
|
||||||
# Fill in by-ID revocation spec.
|
# Fill in by-ID revocation spec.
|
||||||
echo "id: revoked $n" >> $OBJ/revoked-keyid
|
echo "id: revoked $n" >> $OBJ/revoked-keyid
|
||||||
done
|
done
|
||||||
@ -58,7 +59,7 @@ keygen() {
|
|||||||
keytype=$ECDSA
|
keytype=$ECDSA
|
||||||
case $N in
|
case $N in
|
||||||
2 | 10 | 510 | 1001) keytype=rsa;;
|
2 | 10 | 510 | 1001) keytype=rsa;;
|
||||||
4 | 30 | 520 | 1002) keytype=dsa;;
|
4 | 30 | 520 | 1002) keytype=ed25519;;
|
||||||
esac
|
esac
|
||||||
$SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
|
$SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
|
||||||
|| fatal "$SSHKEYGEN failed"
|
|| fatal "$SSHKEYGEN failed"
|
||||||
@ -76,11 +77,12 @@ for n in $REVOKED_SERIALS ; do
|
|||||||
REVOKED_KEYS="$REVOKED_KEYS ${f}.pub"
|
REVOKED_KEYS="$REVOKED_KEYS ${f}.pub"
|
||||||
REVOKED_CERTS="$REVOKED_CERTS ${f}-cert.pub"
|
REVOKED_CERTS="$REVOKED_CERTS ${f}-cert.pub"
|
||||||
done
|
done
|
||||||
NOTREVOKED_SERIALS="5 9 14 16 29 30 49 51 499 800 1000 1001"
|
UNREVOKED_SERIALS="5 9 14 16 29 49 51 499 800 1010 1011"
|
||||||
NOTREVOKED=""
|
UNREVOKED=""
|
||||||
for n in $NOTREVOKED_SERIALS ; do
|
for n in $UNREVOKED_SERIALS ; do
|
||||||
NOTREVOKED_KEYS="$NOTREVOKED_KEYS ${f}.pub"
|
f=`keygen $n`
|
||||||
NOTREVOKED_CERTS="$NOTREVOKED_CERTS ${f}-cert.pub"
|
UNREVOKED_KEYS="$UNREVOKED_KEYS ${f}.pub"
|
||||||
|
UNREVOKED_CERTS="$UNREVOKED_CERTS ${f}-cert.pub"
|
||||||
done
|
done
|
||||||
|
|
||||||
genkrls() {
|
genkrls() {
|
||||||
|
Loading…
Reference in New Issue
Block a user