diff options
| author | Damien Miller <djm@mindrot.org> | 2013-02-14 10:14:51 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-02-14 10:14:51 +1100 |
| commit | 2653f5c0a67c403ff14403b9aac94e6a53f6bbf9 (patch) | |
| tree | 54cbcf78c12650a479913acce35c55d8c35f6a49 | |
| parent | 2f20de5e3f1c60eee3c9bda52289aff5c037dd08 (diff) | |
- (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | regress/krl.sh | 10 |
2 files changed, 11 insertions, 2 deletions
@@ -1,3 +1,6 @@ +20130214 + - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. + 20130212 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2013/01/24 21:45:37 diff --git a/regress/krl.sh b/regress/krl.sh index 46a2ad3f..1e767f33 100644 --- a/regress/krl.sh +++ b/regress/krl.sh @@ -3,13 +3,19 @@ tid="key revocation lists" +# If we don't support ecdsa keys then this tell will be much slower. +ECDSA=ecdsa +if test "x$TEST_SSH_ECC" != "xyes"; then + $ECDSA=rsa +fi + # Do most testing with ssh-keygen; it uses the same verification code as sshd. # Old keys will interfere with ssh-keygen. rm -f $OBJ/revoked-* $OBJ/krl-* # Generate a CA key -$SSHKEYGEN -t ecdsa -f $OBJ/revoked-ca -C "" -N "" > /dev/null || +$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null || fatal "$SSHKEYGEN CA failed" # A specification that revokes some certificates by serial numbers @@ -48,7 +54,7 @@ keygen() { N=$1 f=$OBJ/revoked-`printf "%04d" $N` # Vary the keytype. We use mostly ECDSA since this is fastest by far. - keytype=ecdsa + keytype=$ECDSA case $N in 2 | 10 | 510 | 1001) keytype=rsa;; 4 | 30 | 520 | 1002) keytype=dsa;; |