upstream: Only use DSA key type in tests if binaries support it.

OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96
This commit is contained in:
dtucker@openbsd.org 2019-07-23 13:32:48 +00:00 committed by Darren Tucker
parent 159e987a54
commit 773c55b3d1
1 changed files with 19 additions and 10 deletions

View File

@ -1,8 +1,15 @@
# $OpenBSD: sshcfgparse.sh,v 1.4 2018/07/04 13:51:12 djm Exp $ # $OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="ssh config parse" tid="ssh config parse"
dsa=0
for t in $SSH_KEYTYPES; do
case "$t" in
ssh-dss) dsa=1 ;;
esac
done
expect_result_present() { expect_result_present() {
_str="$1" ; shift _str="$1" ; shift
for _expect in "$@" ; do for _expect in "$@" ; do
@ -75,15 +82,17 @@ f=`${SSH} -GF none -opubkeyacceptedkeytypes=-ssh-ed25519 host | \
expect_result_present "$f" "ssh-ed25519-cert-v01.*" expect_result_present "$f" "ssh-ed25519-cert-v01.*"
expect_result_absent "$f" "ssh-ed25519" "ssh-dss" expect_result_absent "$f" "ssh-ed25519" "ssh-dss"
# Append to default set. # Append to default set.
# XXX this will break for !WITH_OPENSSL # This is not tested when built !WITH_OPENSSL
f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \ if [ "$dsa" = "1" ]; then
awk '/^pubkeyacceptedkeytypes /{print $2}'` f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \
expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*" awk '/^pubkeyacceptedkeytypes /{print $2}'`
expect_result_absent "$f" "ssh-dss" expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*"
f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \ expect_result_absent "$f" "ssh-dss"
awk '/^pubkeyacceptedkeytypes /{print $2}'` f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \
expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss" awk '/^pubkeyacceptedkeytypes /{print $2}'`
expect_result_absent "$f" "ssh-dss-cert-v01.*" expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss"
expect_result_absent "$f" "ssh-dss-cert-v01.*"
fi
# cleanup # cleanup
rm -f $OBJ/ssh_config.[012] rm -f $OBJ/ssh_config.[012]