diff options
| author |   djm <djm@openbsd.org> | 2018-03-12 00:56:03 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2018-03-12 00:56:03 +0000 |
| commit | deadec72f0bdaa61226137df87280c1a15bbdf00 (patch) | |
| tree | 7f6086dfa015a3b4b049cdaa6968df8c6a85dbce | |
| parent | explicitly specify RSA/SHA-2 keytype here too (diff) | |
| download | wireguard-openbsd-deadec72f0bdaa61226137df87280c1a15bbdf00.tar.xz wireguard-openbsd-deadec72f0bdaa61226137df87280c1a15bbdf00.zip | |
check valid-before option in authorized_keys
| -rw-r--r-- | regress/usr.bin/ssh/key-options.sh | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/regress/usr.bin/ssh/key-options.sh b/regress/usr.bin/ssh/key-options.sh index 5e3a4f66aa8..991849949cb 100644 --- a/regress/usr.bin/ssh/key-options.sh +++ b/regress/usr.bin/ssh/key-options.sh @@ -1,4 +1,4 @@ -# $OpenBSD: key-options.sh,v 1.6 2018/03/04 01:46:48 djm Exp $ +# $OpenBSD: key-options.sh,v 1.7 2018/03/12 00:56:03 djm Exp $ # Placed in the Public Domain. tid="key options" @@ -94,4 +94,21 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do fi done -rm -f "$origkeys" +check_valid_before() { + which=$1 + opts=$2 + expect=$3 + sed "s/.*/$opts &/" $origkeys >$authkeys + verbose "key option valid-before $which" + ${SSH} -q -F $OBJ/ssh_proxy somehost true + case "$expect" in + fail) test $? -eq 0 && fail "key option succeeded $which" ;; + pass) test $? -ne 0 && fail "key option failed $which" ;; + *) fatal "unknown expectation $expect" ;; + esac +} +check_valid_before "default" "" "pass" +check_valid_before "invalid" 'valid-before="INVALID"' "fail" +check_valid_before "expired" 'valid-before="19990101"' "fail" +check_valid_before "valid" 'valid-before="20380101"' "pass" + |