From 773c55b3d1230e8f7714a1b33873c37b85049c74 Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Tue, 23 Jul 2019 13:32:48 +0000 Subject: [PATCH] upstream: Only use DSA key type in tests if binaries support it. OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96 --- regress/sshcfgparse.sh | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh index e0ce568d7..2c00b64ef 100644 --- a/regress/sshcfgparse.sh +++ b/regress/sshcfgparse.sh @@ -1,8 +1,15 @@ -# $OpenBSD: sshcfgparse.sh,v 1.4 2018/07/04 13:51:12 djm Exp $ +# $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $ # Placed in the Public Domain. tid="ssh config parse" +dsa=0 +for t in $SSH_KEYTYPES; do + case "$t" in + ssh-dss) dsa=1 ;; + esac +done + expect_result_present() { _str="$1" ; shift for _expect in "$@" ; do @@ -75,15 +82,17 @@ f=`${SSH} -GF none -opubkeyacceptedkeytypes=-ssh-ed25519 host | \ expect_result_present "$f" "ssh-ed25519-cert-v01.*" expect_result_absent "$f" "ssh-ed25519" "ssh-dss" # Append to default set. -# XXX this will break for !WITH_OPENSSL -f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \ - awk '/^pubkeyacceptedkeytypes /{print $2}'` -expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*" -expect_result_absent "$f" "ssh-dss" -f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \ - awk '/^pubkeyacceptedkeytypes /{print $2}'` -expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss" -expect_result_absent "$f" "ssh-dss-cert-v01.*" +# This is not tested when built !WITH_OPENSSL +if [ "$dsa" = "1" ]; then + f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \ + awk '/^pubkeyacceptedkeytypes /{print $2}'` + expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*" + expect_result_absent "$f" "ssh-dss" + f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \ + awk '/^pubkeyacceptedkeytypes /{print $2}'` + expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss" + expect_result_absent "$f" "ssh-dss-cert-v01.*" +fi # cleanup rm -f $OBJ/ssh_config.[012]