diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2010-10-24 11:19:26 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2010-10-24 11:19:26 +1100 |
| commit | bfd9b1be41300a6a789873f990127ffb0438c333 (patch) | |
| tree | 15ca56846bc488153e306cfa1abb6e7f5b870743 /regress/cert-hostkey.sh | |
| parent | d78739ab90f6561d7fef5a7de495644868e01a24 (diff) | |
| download | openssh-git-bfd9b1be41300a6a789873f990127ffb0438c333.tar.gz | |
- (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
which don't have ECC support in libcrypto.
Diffstat (limited to 'regress/cert-hostkey.sh')
| -rw-r--r-- | regress/cert-hostkey.sh | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh index 22ae4999..7461beca 100644 --- a/regress/cert-hostkey.sh +++ b/regress/cert-hostkey.sh @@ -3,6 +3,13 @@ tid="certified host keys" +# used to disable ECC based tests on platforms without ECC +ecdsa="" +if grep "#define.*OPENSSL_HAS_ECC" ${BUILDDIR}/config.h >/dev/null 2>&1 +then + ecdsa=ecdsa +fi + rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key* cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak @@ -18,7 +25,7 @@ ${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/host_ca_key ||\ ) > $OBJ/known_hosts-cert # Generate and sign host keys -for ktype in rsa dsa ecdsa ; do +for ktype in rsa dsa $ecdsa ; do verbose "$tid: sign host ${ktype} cert" # Generate and sign a host key ${SSHKEYGEN} -q -N '' -t ${ktype} \ @@ -40,7 +47,7 @@ done # Basic connect tests for privsep in yes no ; do - for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do + for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do verbose "$tid: host ${ktype} cert connect privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -80,7 +87,7 @@ done cat $OBJ/cert_host_key_dsa_v00.pub ) > $OBJ/known_hosts-cert for privsep in yes no ; do - for ktype in rsa dsa ecdsa rsa_v00 dsa_v00; do + for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00; do verbose "$tid: host ${ktype} revoked cert privsep $privsep" ( cat $OBJ/sshd_proxy_bak @@ -107,7 +114,7 @@ done echon "* " cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert -for ktype in rsa dsa ecdsa rsa_v00 dsa_v00 ; do +for ktype in rsa dsa $ecdsa rsa_v00 dsa_v00 ; do verbose "$tid: host ${ktype} revoked cert" ( cat $OBJ/sshd_proxy_bak @@ -178,7 +185,7 @@ test_one "cert has constraints" failure "-h -Oforce-command=false" # Check downgrade of cert to raw key when no CA found for v in v01 v00 ; do - for ktype in rsa dsa ecdsa ; do + for ktype in rsa dsa $ecdsa ; do # v00 ecdsa certs do not exist. test "${v}${ktype}" = "v00ecdsa" && continue rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key* @@ -217,7 +224,7 @@ done cat $OBJ/host_ca_key.pub ) > $OBJ/known_hosts-cert for v in v01 v00 ; do - for kt in rsa dsa ecdsa ; do + for kt in rsa dsa $ecdsa ; do # v00 ecdsa certs do not exist. test "${v}${ktype}" = "v00ecdsa" && continue rm -f $OBJ/cert_host_key* |