tests/sshserver.pl: use RSA instead of DSA for host auth
DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP test cases to be skipped. Using RSA for host authentication works with both old and new versions of OpenSSH. Reported-by: Karlson2k Closes #676 Upstream-commit: effa575fc7f028ee71fda16209d3d81af336b730 Signed-off-by: Kamil Dudka <kdudka@redhat.com>
This commit is contained in:
parent
0c9fbb7ebe
commit
88c54d8197
|
@ -0,0 +1,73 @@
|
||||||
|
From d4211b7d47747af9d36796517167cce14ad5e47b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Tue, 23 Feb 2016 10:31:52 +0100
|
||||||
|
Subject: [PATCH] tests/sshserver.pl: use RSA instead of DSA for host auth
|
||||||
|
|
||||||
|
DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP
|
||||||
|
test cases to be skipped. Using RSA for host authentication works with
|
||||||
|
both old and new versions of OpenSSH.
|
||||||
|
|
||||||
|
Reported-by: Karlson2k
|
||||||
|
|
||||||
|
Closes #676
|
||||||
|
|
||||||
|
Upstream-commit: effa575fc7f028ee71fda16209d3d81af336b730
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
tests/sshhelp.pm | 4 ++--
|
||||||
|
tests/sshserver.pl | 12 ++++++------
|
||||||
|
2 files changed, 8 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm
|
||||||
|
index 914879b..6719f9f 100644
|
||||||
|
--- a/tests/sshhelp.pm
|
||||||
|
+++ b/tests/sshhelp.pm
|
||||||
|
@@ -120,8 +120,8 @@ $sshlog = undef; # ssh client log file
|
||||||
|
$sftplog = undef; # sftp client log file
|
||||||
|
$sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file
|
||||||
|
$knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file
|
||||||
|
-$hstprvkeyf = 'curl_host_dsa_key'; # host private key file
|
||||||
|
-$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file
|
||||||
|
+$hstprvkeyf = 'curl_host_rsa_key'; # host private key file
|
||||||
|
+$hstpubkeyf = 'curl_host_rsa_key.pub'; # host public key file
|
||||||
|
$cliprvkeyf = 'curl_client_key'; # client private key file
|
||||||
|
$clipubkeyf = 'curl_client_key.pub'; # client public key file
|
||||||
|
|
||||||
|
diff --git a/tests/sshserver.pl b/tests/sshserver.pl
|
||||||
|
index d8c2d6f..a99731a 100755
|
||||||
|
--- a/tests/sshserver.pl
|
||||||
|
+++ b/tests/sshserver.pl
|
||||||
|
@@ -371,12 +371,12 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) ||
|
||||||
|
# Make sure all files are gone so ssh-keygen doesn't complain
|
||||||
|
unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf);
|
||||||
|
logmsg 'generating host keys...' if($verbose);
|
||||||
|
- if(system "\"$sshkeygen\" -q -t dsa -f $hstprvkeyf -C 'curl test server' -N ''") {
|
||||||
|
+ if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") {
|
||||||
|
logmsg 'Could not generate host key';
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
logmsg 'generating client keys...' if($verbose);
|
||||||
|
- if(system "\"$sshkeygen\" -q -t dsa -f $cliprvkeyf -C 'curl test client' -N ''") {
|
||||||
|
+ if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") {
|
||||||
|
logmsg 'Could not generate client key';
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
@@ -729,11 +729,11 @@ if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") {
|
||||||
|
if((! -e $knownhosts) || (! -s $knownhosts)) {
|
||||||
|
logmsg 'generating ssh client known hosts file...' if($verbose);
|
||||||
|
unlink($knownhosts);
|
||||||
|
- if(open(DSAKEYFILE, "<$hstpubkeyf")) {
|
||||||
|
- my @dsahostkey = do { local $/ = ' '; <DSAKEYFILE> };
|
||||||
|
- if(close(DSAKEYFILE)) {
|
||||||
|
+ if(open(RSAKEYFILE, "<$hstpubkeyf")) {
|
||||||
|
+ my @rsahostkey = do { local $/ = ' '; <RSAKEYFILE> };
|
||||||
|
+ if(close(RSAKEYFILE)) {
|
||||||
|
if(open(KNOWNHOSTS, ">$knownhosts")) {
|
||||||
|
- print KNOWNHOSTS "$listenaddr ssh-dss $dsahostkey[1]\n";
|
||||||
|
+ print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n";
|
||||||
|
if(!close(KNOWNHOSTS)) {
|
||||||
|
$error = "Error: cannot close file $knownhosts";
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
|
@ -22,6 +22,9 @@ Patch4: 0004-curl-7.43.0-CVE-2016-0755.patch
|
||||||
# cookie: fix bug in export if any-domain cookie is present (#1311907)
|
# cookie: fix bug in export if any-domain cookie is present (#1311907)
|
||||||
Patch5: 0005-curl-7.43.0-ef0fdb83.patch
|
Patch5: 0005-curl-7.43.0-ef0fdb83.patch
|
||||||
|
|
||||||
|
# tests/sshserver.pl: use RSA instead of DSA for host auth
|
||||||
|
Patch6: 0006-curl-7.43.0-effa575f.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
|
@ -137,6 +140,7 @@ documentation of the library, too.
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
|
|
Loading…
Reference in New Issue