[openssh-commits] [openssh] 02/03: upstream: test 'ssh-keygen -Y find-principals' with wildcard

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit dfdcc2220cf359c492d5d34eb723370e8bd8a19e
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Tue Feb 1 23:37:15 2022 +0000

    upstream: test 'ssh-keygen -Y find-principals' with wildcard
    
    principals; from Fabian Stelzer
    
    OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40
---
 regress/sshsig.sh | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/regress/sshsig.sh b/regress/sshsig.sh
index f8d85c2f..d4daa5c9 100644
--- a/regress/sshsig.sh
+++ b/regress/sshsig.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshsig.sh,v 1.13 2022/01/05 04:56:15 djm Exp $
+#	$OpenBSD: sshsig.sh,v 1.14 2022/02/01 23:37:15 djm Exp $
 #	Placed in the Public Domain.
 
 tid="sshsig"
@@ -342,6 +342,23 @@ for t in $SIGNKEYS; do
 		-f $OBJ/allowed_signers >/dev/null 2>&1 || \
 		fail "failed find-principals for $t with ca key"
 
+	# CA with wildcard principal
+	(printf "*@example.com cert-authority " ;
+	 cat $CA_PUB) > $OBJ/allowed_signers
+	# find-principals CA with wildcard principal
+	${SSHKEYGEN} -vvv -Y find-principals -s $sigfile \
+		-Overify-time=19850101 \
+		-f $OBJ/allowed_signers 2>/dev/null | \
+		fgrep "$sig_principal" >/dev/null || \
+		fail "failed find-principals for $t with ca key using wildcard principal"
+
+	# verify CA with wildcard principal
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-Overify-time=19850101 \
+		< $DATA >/dev/null 2>&1 || \
+		fail "failed signature for $t cert using wildcard principal"
+
 	# signing key listed as cert-authority
 	(printf "$sig_principal cert-authority " ;
 	 cat $pubkey) > $OBJ/allowed_signers

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.