tests: Skip the workaround forcing SHA1 signatures

In certificate authentication with OpenSSH 8.0, the SHA2 signatures were not accepted correctly [1]. This was not an issue up until the OpenSSH 8.8p1, which does no longer allow SHA1 signatures by default so this broke the CI and tests against the new OpenSSH [2]. Fixes !107 [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3016 [2] https://gitlab.com/libssh/libssh-mirror/-/issues/107 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2025-08-01 11:26:52 +03:00 · 2022-01-27 21:04:03 +01:00
parent 14991ad071
commit 86ee3f5a00
1 changed files with 4 additions and 0 deletions
--- a/tests/client/torture_auth.c
+++ b/tests/client/torture_auth.c
@ -642,6 +642,7 @@ static void torture_auth_cert(void **state) {

 static void torture_auth_agent_cert(void **state)
 {
+#if OPENSSH_VERSION_MAJOR < 8
    struct torture_state *s = *state;
    ssh_session session = s->ssh.session;
    int rc;
@ -661,6 +662,7 @@ static void torture_auth_agent_cert(void **state)
                             "ssh-rsa-cert-v01@openssh.com");
        assert_int_equal(rc, SSH_OK);
    }
+#endif /* OPENSSH_VERSION_MAJOR < 8 */

    /* Setup loads a different key, tests are exactly the same. */
    torture_auth_agent(state);
@ -668,6 +670,7 @@ static void torture_auth_agent_cert(void **state)

 static void torture_auth_agent_cert_nonblocking(void **state)
 {
+#if OPENSSH_VERSION_MAJOR < 8
    struct torture_state *s = *state;
    ssh_session session = s->ssh.session;
    int rc;
@ -687,6 +690,7 @@ static void torture_auth_agent_cert_nonblocking(void **state)
                             "ssh-rsa-cert-v01@openssh.com");
        assert_int_equal(rc, SSH_OK);
    }
+#endif /* OPENSSH_VERSION_MAJOR < 8 */

    torture_auth_agent_nonblocking(state);
 }