summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2015-01-19 17:31:14 +0000
committerDamien Miller <djm@cvs.openbsd.org>2015-01-19 17:31:14 +0000
commitf9b387d9d2761db2d1d4b0d46cc9ffc913a61e5e (patch)
tree5b513654005706cc4054fec5ee7015de12c5c411
parenta78e2b641baf95cbcd529fd52efeb0b220d26f8e (diff)
this test was broken in at least two ways, such that it
wasn't checking that a KRL was not excluding valid keys
-rw-r--r--regress/usr.bin/ssh/krl.sh16
1 files changed, 9 insertions, 7 deletions
diff --git a/regress/usr.bin/ssh/krl.sh b/regress/usr.bin/ssh/krl.sh
index 4d6364c8c53..f580e5f8ef3 100644
--- a/regress/usr.bin/ssh/krl.sh
+++ b/regress/usr.bin/ssh/krl.sh
@@ -1,4 +1,4 @@
-# $OpenBSD: krl.sh,v 1.4 2014/11/17 00:21:40 djm Exp $
+# $OpenBSD: krl.sh,v 1.5 2015/01/19 17:31:13 djm Exp $
# Placed in the Public Domain.
tid="key revocation lists"
@@ -41,6 +41,7 @@ EOF
# A specification that revokes some certificated by key ID.
touch $OBJ/revoked-keyid
for n in 1 2 3 4 10 15 30 50 `jot 500 300` 999 1000 1001 1002; do
+ test "x$n" = "x499" && continue
# Fill in by-ID revocation spec.
echo "id: revoked $n" >> $OBJ/revoked-keyid
done
@@ -52,7 +53,7 @@ keygen() {
keytype=ecdsa
case $N in
2 | 10 | 510 | 1001) keytype=rsa;;
- 4 | 30 | 520 | 1002) keytype=dsa;;
+ 4 | 30 | 520 | 1002) keytype=ed25519;;
esac
$SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
|| fatal "$SSHKEYGEN failed"
@@ -70,11 +71,12 @@ for n in $REVOKED_SERIALS ; do
REVOKED_KEYS="$REVOKED_KEYS ${f}.pub"
REVOKED_CERTS="$REVOKED_CERTS ${f}-cert.pub"
done
-NOTREVOKED_SERIALS="5 9 14 16 29 30 49 51 499 800 1000 1001"
-NOTREVOKED=""
-for n in $NOTREVOKED_SERIALS ; do
- NOTREVOKED_KEYS="$NOTREVOKED_KEYS ${f}.pub"
- NOTREVOKED_CERTS="$NOTREVOKED_CERTS ${f}-cert.pub"
+UNREVOKED_SERIALS="5 9 14 16 29 49 51 499 800 1010 1011"
+UNREVOKED=""
+for n in $UNREVOKED_SERIALS ; do
+ f=`keygen $n`
+ UNREVOKED_KEYS="$UNREVOKED_KEYS ${f}.pub"
+ UNREVOKED_CERTS="$UNREVOKED_CERTS ${f}-cert.pub"
done
genkrls() {