diff options
Diffstat (limited to 'vendor/golang.org/x/crypto/ssh/test/cert_test.go')
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/test/cert_test.go | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/vendor/golang.org/x/crypto/ssh/test/cert_test.go b/vendor/golang.org/x/crypto/ssh/test/cert_test.go index bc83e4f5d..b231dd80c 100644 --- a/vendor/golang.org/x/crypto/ssh/test/cert_test.go +++ b/vendor/golang.org/x/crypto/ssh/test/cert_test.go @@ -7,12 +7,14 @@ package test import ( + "bytes" "crypto/rand" "testing" "golang.org/x/crypto/ssh" ) +// Test both logging in with a cert, and also that the certificate presented by an OpenSSH host can be validated correctly func TestCertLogin(t *testing.T) { s := newServer(t) defer s.Shutdown() @@ -36,13 +38,40 @@ func TestCertLogin(t *testing.T) { } conf := &ssh.ClientConfig{ - User: username(), - HostKeyCallback: ssh.InsecureIgnoreHostKey(), + User: username(), + HostKeyCallback: (&ssh.CertChecker{ + IsHostAuthority: func(pk ssh.PublicKey, addr string) bool { + return bytes.Equal(pk.Marshal(), testPublicKeys["ca"].Marshal()) + }, + }).CheckHostKey, } conf.Auth = append(conf.Auth, ssh.PublicKeys(certSigner)) - client, err := s.TryDial(conf) - if err != nil { - t.Fatalf("TryDial: %v", err) + + for _, test := range []struct { + addr string + succeed bool + }{ + {addr: "host.example.com:22", succeed: true}, + {addr: "host.example.com:10000", succeed: true}, // non-standard port must be OK + {addr: "host.example.com", succeed: false}, // port must be specified + {addr: "host.ex4mple.com:22", succeed: false}, // wrong host + } { + client, err := s.TryDialWithAddr(conf, test.addr) + + // Always close client if opened successfully + if err == nil { + client.Close() + } + + // Now evaluate whether the test failed or passed + if test.succeed { + if err != nil { + t.Fatalf("TryDialWithAddr: %v", err) + } + } else { + if err == nil { + t.Fatalf("TryDialWithAddr, unexpected success") + } + } } - client.Close() } |