diff options
| -rw-r--r-- | regress/sshsig.sh | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/regress/sshsig.sh b/regress/sshsig.sh index 1e2f9dda..8401b6c0 100644 --- a/regress/sshsig.sh +++ b/regress/sshsig.sh @@ -1,4 +1,4 @@ -# $OpenBSD: sshsig.sh,v 1.4 2020/03/13 03:18:45 djm Exp $ +# $OpenBSD: sshsig.sh,v 1.5 2021/07/12 02:12:22 djm Exp $ # Placed in the Public Domain. tid="sshsig" @@ -12,12 +12,13 @@ sig_namespace="test-$$" sig_principal="user-$$@example.com" # Make a "wrong key" -${SSHKEYGEN} -t ed25519 -f $OBJ/wrong-key -C "wrong trousers, Grommit" -N '' \ +${SSHKEYGEN} -q -t ed25519 -f $OBJ/wrong-key \ + -C "wrong trousers, Grommit" -N '' \ || fatal "couldn't generate key" WRONG=$OBJ/wrong-key.pub # Make a CA key. -${SSHKEYGEN} -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \ +${SSHKEYGEN} -q -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \ || fatal "couldn't generate key" CA_PRIV=$OBJ/sigca-key CA_PUB=$OBJ/sigca-key.pub @@ -116,7 +117,7 @@ for t in $SIGNKEYS; do < $DATA >/dev/null 2>&1 && \ fail "accepted signature for $t key, but key is in revoked_keys" - # public key not revoked, but other are present in revoked_keysfile + # public key not revoked, but others are present in revoked_keysfile cat $WRONG > $OBJ/revoked_keys (printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ @@ -168,7 +169,7 @@ for t in $SIGNKEYS; do fail "failed signature for $t cert" # signing key listed as cert-authority - (printf "$sig_principal cert-authority" ; + (printf "$sig_principal cert-authority " ; cat $pubkey) > $OBJ/allowed_signers ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ -I $sig_principal -f $OBJ/allowed_signers \ @@ -183,7 +184,7 @@ for t in $SIGNKEYS; do fail "accepted signature for $t cert with CA not marked" # mismatch between cert principal and file - (printf "josef.k@example.com cert-authority" ; + (printf "josef.k@example.com cert-authority " ; cat $CA_PUB) > $OBJ/allowed_signers ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \ -I $sig_principal -f $OBJ/allowed_signers \ |