Home | History | Annotate | Download | only in regress

Lines Matching refs:cert

1 #	$OpenBSD: cert-hostkey.sh,v 1.6 2011/05/20 02:43:36 djm Exp $
12 rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*
21 	echon '@cert-authority '
24 ) > $OBJ/known_hosts-cert
28 	verbose "$tid: sign host ${ktype} cert"
50 		verbose "$tid: host ${ktype} cert connect privsep $privsep"
54 			echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
58 		${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
59 		    -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
62 			fail "ssh cert connect failed"
69 	echon '@cert-authority '
89 ) > $OBJ/known_hosts-cert
92 		verbose "$tid: host ${ktype} revoked cert privsep $privsep"
96 			echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
100 		${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
101 		    -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
104 			fail "ssh cert connect succeeded unexpectedly"
111 	echon '@cert-authority '
117 ) > $OBJ/known_hosts-cert
119 	verbose "$tid: host ${ktype} revoked cert"
123 		echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
125 	${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
126 	    -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
129 		fail "ssh cert connect succeeded unexpectedly"
135 	echon '@cert-authority '
138 ) > $OBJ/known_hosts-cert
151 		verbose "$tid: host cert connect $ident $kt expect $result"
160 			echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub
163 		${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
164 		    -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
169 				fail "ssh cert connect $ident failed unexpectedly"
173 				fail "ssh cert connect $ident succeeded unexpectedly"
182 test_one "cert not yet valid"	failure "-h -V20200101:20300101"
183 test_one "cert expired"		failure "-h -V19800101:19900101"
184 test_one "cert valid interval"	success "-h -V-1w:+2w"
185 test_one "cert has constraints"	failure "-h -Oforce-command=false"
187 # Check downgrade of cert to raw key when no CA found
192 		rm -f $OBJ/known_hosts-cert $OBJ/cert_host_key*
193 		verbose "$tid: host ${ktype} ${v} cert downgrade to raw key"
205 		) > $OBJ/known_hosts-cert
209 			echo HostCertificate $OBJ/cert_host_key_${ktype}-cert.pub
212 		${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
213 		    -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
216 			fail "ssh cert connect failed"
223 	echon '@cert-authority '
226 ) > $OBJ/known_hosts-cert
240 		verbose "$tid: host ${kt} connect wrong cert"
244 			echo HostCertificate $OBJ/cert_host_key_${kt}-cert.pub
247 		${SSH} -2 -oUserKnownHostsFile=$OBJ/known_hosts-cert \
248 		    -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
251 			fail "ssh cert connect $ident succeeded unexpectedly"
256 rm -f $OBJ/known_hosts-cert $OBJ/host_ca_key* $OBJ/cert_host_key*