artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e9b9e84)
test 'ssh-keygen -Y find-principals' with wildcard principals;
authordjm <djm@openbsd.org>
Tue, 1 Feb 2022 23:37:15 +0000 (23:37 +0000)
committerdjm <djm@openbsd.org>
Tue, 1 Feb 2022 23:37:15 +0000 (23:37 +0000)
from Fabian Stelzer

regress/usr.bin/ssh/sshsig.sh patch | blob | history

diff --git a/regress/usr.bin/ssh/sshsig.sh b/regress/usr.bin/ssh/sshsig.sh
index f8d85c2..d4daa5c 100644 (file)
--- a/regress/usr.bin/ssh/sshsig.sh
+++ b/regress/usr.bin/ssh/sshsig.sh
@@ -1,4 +1,4 @@
-#      $OpenBSD: sshsig.sh,v 1.13 2022/01/05 04:56:15 djm Exp $
+#      $OpenBSD: sshsig.sh,v 1.14 2022/02/01 23:37:15 djm Exp $
 #      Placed in the Public Domain.
 
 tid="sshsig"
@@ -342,6 +342,23 @@ for t in $SIGNKEYS; do
                -f $OBJ/allowed_signers >/dev/null 2>&1 || \
                fail "failed find-principals for $t with ca key"
 
+       # CA with wildcard principal
+       (printf "*@example.com cert-authority " ;
+        cat $CA_PUB) > $OBJ/allowed_signers
+       # find-principals CA with wildcard principal
+       ${SSHKEYGEN} -vvv -Y find-principals -s $sigfile \
+               -Overify-time=19850101 \
+               -f $OBJ/allowed_signers 2>/dev/null | \
+               fgrep "$sig_principal" >/dev/null || \
+               fail "failed find-principals for $t with ca key using wildcard principal"
+
+       # verify CA with wildcard principal
+       ${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+               -I $sig_principal -f $OBJ/allowed_signers \
+               -Overify-time=19850101 \
+               < $DATA >/dev/null 2>&1 || \
+               fail "failed signature for $t cert using wildcard principal"
+
        # signing key listed as cert-authority
        (printf "$sig_principal cert-authority " ;
         cat $pubkey) > $OBJ/allowed_signers
OpenBSD src
by Ahmet Artu Yildirim