summaryrefslogtreecommitdiff
path: root/regress/krl.sh
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-02-14 10:14:51 +1100
committerDamien Miller <djm@mindrot.org>2013-02-14 10:14:51 +1100
commit2653f5c0a67c403ff14403b9aac94e6a53f6bbf9 (patch)
tree54cbcf78c12650a479913acce35c55d8c35f6a49 /regress/krl.sh
parent2f20de5e3f1c60eee3c9bda52289aff5c037dd08 (diff)
- (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
Diffstat (limited to 'regress/krl.sh')
-rw-r--r--regress/krl.sh10
1 files changed, 8 insertions, 2 deletions
diff --git a/regress/krl.sh b/regress/krl.sh
index 46a2ad3f..1e767f33 100644
--- a/regress/krl.sh
+++ b/regress/krl.sh
@@ -3,13 +3,19 @@
tid="key revocation lists"
+# If we don't support ecdsa keys then this tell will be much slower.
+ECDSA=ecdsa
+if test "x$TEST_SSH_ECC" != "xyes"; then
+ $ECDSA=rsa
+fi
+
# Do most testing with ssh-keygen; it uses the same verification code as sshd.
# Old keys will interfere with ssh-keygen.
rm -f $OBJ/revoked-* $OBJ/krl-*
# Generate a CA key
-$SSHKEYGEN -t ecdsa -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
+$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca -C "" -N "" > /dev/null ||
fatal "$SSHKEYGEN CA failed"
# A specification that revokes some certificates by serial numbers
@@ -48,7 +54,7 @@ keygen() {
N=$1
f=$OBJ/revoked-`printf "%04d" $N`
# Vary the keytype. We use mostly ECDSA since this is fastest by far.
- keytype=ecdsa
+ keytype=$ECDSA
case $N in
2 | 10 | 510 | 1001) keytype=rsa;;
4 | 30 | 520 | 1002) keytype=dsa;;