diff options
author | djm@openbsd.org <djm@openbsd.org> | 2022-02-01 23:37:15 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2022-02-02 16:51:04 +1100 |
commit | dfdcc2220cf359c492d5d34eb723370e8bd8a19e (patch) | |
tree | ee329a94790223e2eabe219ec620d9d909332f89 /regress/sshsig.sh | |
parent | 968e508967ef42480cebad8cf3172465883baa77 (diff) | |
download | openssh-git-dfdcc2220cf359c492d5d34eb723370e8bd8a19e.tar.gz |
upstream: test 'ssh-keygen -Y find-principals' with wildcard
principals; from Fabian Stelzer
OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40
Diffstat (limited to 'regress/sshsig.sh')
-rw-r--r-- | regress/sshsig.sh | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/regress/sshsig.sh b/regress/sshsig.sh index f8d85c2f..d4daa5c9 100644 --- a/regress/sshsig.sh +++ b/regress/sshsig.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshsig.sh,v 1.13 2022/01/05 04:56:15 djm Exp $ +# $OpenBSD: sshsig.sh,v 1.14 2022/02/01 23:37:15 djm Exp $ # Placed in the Public Domain. tid="sshsig" @@ -342,6 +342,23 @@ for t in $SIGNKEYS; do -f $OBJ/allowed_signers >/dev/null 2>&1 || \ fail "failed find-principals for $t with ca key" + # CA with wildcard principal + (printf "*@example.com cert-authority " ; + cat $CA_PUB) > $OBJ/allowed_signers + # find-principals CA with wildcard principal + ${SSHKEYGEN} -vvv -Y find-principals -s $sigfile \ + -Overify-time=19850101 \ + -f $OBJ/allowed_signers 2>/dev/null | \ + fgrep "$sig_principal" >/dev/null || \ + fail "failed find-principals for $t with ca key using wildcard principal" + + # verify CA with wildcard principal + ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ + -I $sig_principal -f $OBJ/allowed_signers \ + -Overify-time=19850101 \ + < $DATA >/dev/null 2>&1 || \ + fail "failed signature for $t cert using wildcard principal" + # signing key listed as cert-authority (printf "$sig_principal cert-authority " ; cat $pubkey) > $OBJ/allowed_signers |