cert-hostkey.sh [was Re: Call for testing: OpenSSH-5.4]

Tim Rice tim at multitalents.net
Tue Mar 2 13:06:46 EST 2010


On Mon, 1 Mar 2010, Iain Morgan wrote:

> On OS X (Intel), the snapshot builds but fails the regression tests:
> 
> run test cert-hostkey.sh ...
[....]
> certified host keys: test host cert connect cert not yet valid expect failure
> Invalid certificate time 20200101
> couldn't sign cert_host_key_rsa
[....]
> failed certified host keys

It looks like ssh-keygen will fail to sign the key with an invalid date on
some platforms.

How does this patch look?
............
--- cert-hostkey.sh.old	2010-02-28 20:06:40.570868016 -0800
+++ cert-hostkey.sh	2010-03-01 17:57:56.766466000 -0800
@@ -59,8 +59,13 @@
 
 	${SSHKEYGEN} -q -s $OBJ/host_ca_key -I "regress host key for $USER" \
 	    $sign_opts \
-	    $OBJ/cert_host_key_rsa ||
-		fail "couldn't sign cert_host_key_rsa"
+	    $OBJ/cert_host_key_rsa
+	rc=$?
+	if [ "x$result" = "xsuccess" ] ; then
+		if [ $rc -ne 0 ]; then
+			fail "ssh-keygen sign cert_host_key_rsa $ident failed unexpectedly"
+		fi
+	fi
 	(
 		cat $OBJ/sshd_proxy_bak
 		echo HostKey $OBJ/cert_host_key_rsa
............

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net




More information about the openssh-unix-dev mailing list