- (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms

which don't have ECC support in libcrypto.
2010-10-24 11:19:26 +11:00 · 2010-10-24 11:19:26 +11:00 · bfd9b1be41
parent d78739ab90
commit bfd9b1be41
2 changed files with 15 additions and 6 deletions
--- a/2
+++ b/2
@ -1,5 +1,7 @@
 20101024
 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
   which don't have ECC support in libcrypto.
 - (dtucker) OpenBSD CVS Sync
   - sthen@cvs.openbsd.org 2010/10/23 22:06:12
     [sftp.c]
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@ -3,6 +3,13 @@
 tid="certified host keys"
 # used to disable ECC based tests on platforms without ECC
 ecdsa=""
 if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1
 then
 	ecdsa=ecdsa
 fi
 rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa  -f $OBJ/host_ca_key ||\
 ) > $OBJ/known_hosts-cert
 # Generate and sign host keys
-for ktype in rsa dsa ecdsa ; do 
+for ktype in rsa dsa $ecdsa ; do 
 	verbose "$tid: sign host ${ktype} cert"
 	# Generate and sign a host key
 	${SSHKEYGEN} -q -N '' -t ${ktype} \
@ -40,7 +47,7 @@ done
 # Basic connect tests
 for privsep in yes no ; do
-	for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 
+	for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do 
 		verbose "$tid: host ${ktype} cert connect privsep $privsep"
 		(
 			cat $OBJ/sshd_proxy_bak
@ -80,7 +87,7 @@ done
 	cat $OBJ/cert_host_key_dsa_v00.pub
 ) > $OBJ/known_hosts-cert
 for privsep in yes no ; do
-	for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do 
+	for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do 
 		verbose "$tid: host ${ktype} revoked cert privsep $privsep"
 		(
 			cat $OBJ/sshd_proxy_bak
@ -107,7 +114,7 @@ done
 	echon "* "
 	cat $OBJ/host_ca_key.pub
 ) > $OBJ/known_hosts-cert
-for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do 
+for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do 
 	verbose "$tid: host ${ktype} revoked cert"
 	(
 		cat $OBJ/sshd_proxy_bak
@ -178,7 +185,7 @@ test_one "cert has constraints"	failure "-h -Oforce-command=false"
 # Check downgrade of cert to raw key when no CA found
 for v in v01 v00 ;  do 
-	for ktype in rsa dsa ecdsa ; do 
+	for ktype in rsa dsa $ecdsa ; do 
 		# v00 ecdsa certs do not exist.
 		test "${v}${ktype}" = "v00ecdsa" && continue
 		rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
@ -217,7 +224,7 @@ done
 	cat $OBJ/host_ca_key.pub
 ) > $OBJ/known_hosts-cert
 for v in v01 v00 ;  do 
-	for kt in rsa dsa ecdsa ; do 
+	for kt in rsa dsa $ecdsa ; do 
 		# v00 ecdsa certs do not exist.
 		test "${v}${ktype}" = "v00ecdsa" && continue
 		rm -f $OBJ/cert_host_key*