Call for testing: OpenSSH-5.6
Darren Tucker
dtucker at zip.com.au
Sun Aug 15 13:21:21 EST 2010
On Sun, Aug 15, 2010 at 12:14:28PM +1000, Damien Miller wrote:
> On Sun, 15 Aug 2010, Darren Tucker wrote:
[...]
> > It's only used when generating time-based certificates, so the quick and
> > dirty hack is to just disable that on platforms that don't have
> > strptime. (I looked at pulling in support from openbsd but it's a
> > tangled web of locale stuff).
> >
> > Please try this patch (you will need to run "autoreconf" to rebuild
> > configure).
>
> I think this is a reasonable thingto do for release. Note that you
> will still be able to use time-based certificates if you want to use
> them, but you will need to specify the start and end times using the
> relative time format.
I think a better way of doing this longer term is to have a dummy
strptime implementation in the compat library, but that can wait until
after the release since it risks linking problems elsewhere.
Also we need to skip the relevant tests on platforms without strptime.
Index: regress/cert-userkey.sh
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/regress/cert-userkey.sh,v
retrieving revision 1.7
diff -u -p -r1.7 cert-userkey.sh
--- regress/cert-userkey.sh 2 Jul 2010 03:42:20 -0000 1.7
+++ regress/cert-userkey.sh 15 Aug 2010 03:05:12 -0000
@@ -272,8 +272,11 @@ test_one() {
test_one "correct principal" success "-n ${USER}"
test_one "host-certificate" failure "-n ${USER} -h"
test_one "wrong principals" failure "-n foo"
+if grep "#define.*HAVE_STRPTIME" ${BUILDDIR}/config.h >/dev/null 2>&1
+then
test_one "cert not yet valid" failure "-n ${USER} -V20200101:20300101"
test_one "cert expired" failure "-n ${USER} -V19800101:19900101"
+fi
test_one "cert valid interval" success "-n ${USER} -V-1w:+2w"
test_one "wrong source-address" failure "-n ${USER} -Osource-address=10.0.0.0/8"
test_one "force-command" failure "-n ${USER} -Oforce-command=false"
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list