tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: fix some broken tests; clean up output 

OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566
This commit is contained in:
djm@openbsd.org 2021-07-12 02:12:22 +00:00 committed by Damien Miller
parent f5fc6a4c34
commit 7ae69f2628
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
regress/sshsig.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: sshsig.sh,v 1.4 2020/03/13 03:18:45 djm Exp $ # $OpenBSD: sshsig.sh,v 1.5 2021/07/12 02:12:22 djm Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="sshsig" tid="sshsig"
@ -12,12 +12,13 @@ sig_namespace="test-$$"
sig_principal="user-$$@example.com" sig_principal="user-$$@example.com"
# Make a "wrong key" # Make a "wrong key"
${SSHKEYGEN} -t ed25519 -f $OBJ/wrong-key -C "wrong trousers, Grommit" -N '' \ ${SSHKEYGEN} -q -t ed25519 -f $OBJ/wrong-key \
-C "wrong trousers, Grommit" -N '' \
|| fatal "couldn't generate key" || fatal "couldn't generate key"
WRONG=$OBJ/wrong-key.pub WRONG=$OBJ/wrong-key.pub
# Make a CA key. # Make a CA key.
${SSHKEYGEN} -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \ ${SSHKEYGEN} -q -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \
|| fatal "couldn't generate key" || fatal "couldn't generate key"
CA_PRIV=$OBJ/sigca-key CA_PRIV=$OBJ/sigca-key
CA_PUB=$OBJ/sigca-key.pub CA_PUB=$OBJ/sigca-key.pub
@ -116,7 +117,7 @@ for t in $SIGNKEYS; do
< $DATA >/dev/null 2>&1 && \ < $DATA >/dev/null 2>&1 && \
fail "accepted signature for $t key, but key is in revoked_keys" fail "accepted signature for $t key, but key is in revoked_keys"
# public key not revoked, but other are present in revoked_keysfile # public key not revoked, but others are present in revoked_keysfile
cat $WRONG > $OBJ/revoked_keys cat $WRONG > $OBJ/revoked_keys
(printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers (printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers
${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
@ -168,7 +169,7 @@ for t in $SIGNKEYS; do
fail "failed signature for $t cert" fail "failed signature for $t cert"
# signing key listed as cert-authority # signing key listed as cert-authority
(printf "$sig_principal cert-authority" ; (printf "$sig_principal cert-authority " ;
cat $pubkey) > $OBJ/allowed_signers cat $pubkey) > $OBJ/allowed_signers
${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
-I $sig_principal -f $OBJ/allowed_signers \ -I $sig_principal -f $OBJ/allowed_signers \
@ -183,7 +184,7 @@ for t in $SIGNKEYS; do
fail "accepted signature for $t cert with CA not marked" fail "accepted signature for $t cert with CA not marked"
# mismatch between cert principal and file # mismatch between cert principal and file
(printf "josef.k@example.com cert-authority" ; (printf "josef.k@example.com cert-authority " ;
cat $CA_PUB) > $OBJ/allowed_signers cat $CA_PUB) > $OBJ/allowed_signers
${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
-I $sig_principal -f $OBJ/allowed_signers \ -I $sig_principal -f $OBJ/allowed_signers \