krl.sh (255774) | krl.sh (263970) |
---|---|
1# $OpenBSD: krl.sh,v 1.1 2013/01/18 00:45:29 djm Exp $ | 1# $OpenBSD: krl.sh,v 1.2 2013/11/21 03:15:46 djm Exp $ |
2# Placed in the Public Domain. 3 4tid="key revocation lists" 5 6# If we don't support ecdsa keys then this tell will be much slower. 7ECDSA=ecdsa 8if test "x$TEST_SSH_ECC" != "xyes"; then 9 ECDSA=rsa --- 86 unchanged lines hidden (view full) --- 96$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \ 97 >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" 98$SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \ 99 >/dev/null || fatal "$SSHKEYGEN KRL failed" 100$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \ 101 >/dev/null || fatal "$SSHKEYGEN KRL failed" 102} 103 | 2# Placed in the Public Domain. 3 4tid="key revocation lists" 5 6# If we don't support ecdsa keys then this tell will be much slower. 7ECDSA=ecdsa 8if test "x$TEST_SSH_ECC" != "xyes"; then 9 ECDSA=rsa --- 86 unchanged lines hidden (view full) --- 96$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid $OBJ/revoked-keyid \ 97 >/dev/null 2>&1 && fatal "$SSHKEYGEN KRL succeeded unexpectedly" 98$SSHKEYGEN $OPTS -kf $OBJ/krl-serial -s $OBJ/revoked-ca $OBJ/revoked-serials \ 99 >/dev/null || fatal "$SSHKEYGEN KRL failed" 100$SSHKEYGEN $OPTS -kf $OBJ/krl-keyid -s $OBJ/revoked-ca.pub $OBJ/revoked-keyid \ 101 >/dev/null || fatal "$SSHKEYGEN KRL failed" 102} 103 |
104## XXX dump with trace and grep for set cert serials 105## XXX test ranges near (u64)-1, etc. 106 |
|
104verbose "$tid: generating KRLs" 105genkrls 106 107check_krl() { 108 KEY=$1 109 KRL=$2 110 EXPECT_REVOKED=$3 111 TAG=$4 --- 46 unchanged lines hidden --- | 107verbose "$tid: generating KRLs" 108genkrls 109 110check_krl() { 111 KEY=$1 112 KRL=$2 113 EXPECT_REVOKED=$3 114 TAG=$4 --- 46 unchanged lines hidden --- |