From 3cf530b6fd2251f48fc1f4f250ef2b5575f35b55 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 28 Jan 2022 10:18:52 +0100
Subject: [PATCH] Unbreak tests with OpenSSH 8.8p1

https://gitlab.com/libssh/libssh-mirror/-/issues/107
---
 libssh-0.9.6-openssh-8.8p1-compat.patch | 61 +++++++++++++++++++++++++
 libssh.spec                             |  6 +--
 2 files changed, 63 insertions(+), 4 deletions(-)
 create mode 100644 libssh-0.9.6-openssh-8.8p1-compat.patch

diff --git a/libssh-0.9.6-openssh-8.8p1-compat.patch b/libssh-0.9.6-openssh-8.8p1-compat.patch
new file mode 100644
index 0000000..7ec293d
--- /dev/null
+++ b/libssh-0.9.6-openssh-8.8p1-compat.patch
@@ -0,0 +1,61 @@
+From 86ee3f5a00c2f5237dcbb09f80283af703ced3f5 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 27 Jan 2022 21:04:03 +0100
+Subject: [PATCH] tests: Skip the workaround forcing SHA1 signatures
+
+In certificate authentication with OpenSSH 8.0, the SHA2 signatures were
+not accepted correctly [1]. This was not an issue up until the OpenSSH
+8.8p1, which does no longer allow SHA1 signatures by default so this
+broke the CI and tests against the new OpenSSH [2].
+
+Fixes !107
+
+[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3016
+[2] https://gitlab.com/libssh/libssh-mirror/-/issues/107
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ tests/client/torture_auth.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/tests/client/torture_auth.c b/tests/client/torture_auth.c
+index 29f6f5a5..d02fd6e2 100644
+--- a/tests/client/torture_auth.c
++++ b/tests/client/torture_auth.c
+@@ -642,6 +642,7 @@ static void torture_auth_cert(void **state) {
+ 
+ static void torture_auth_agent_cert(void **state)
+ {
++#if OPENSSH_VERSION_MAJOR < 8
+     struct torture_state *s = *state;
+     ssh_session session = s->ssh.session;
+     int rc;
+@@ -661,6 +662,7 @@ static void torture_auth_agent_cert(void **state)
+                              "ssh-rsa-cert-v01@openssh.com");
+         assert_int_equal(rc, SSH_OK);
+     }
++#endif /* OPENSSH_VERSION_MAJOR < 8 */
+ 
+     /* Setup loads a different key, tests are exactly the same. */
+     torture_auth_agent(state);
+@@ -668,6 +670,7 @@ static void torture_auth_agent_cert(void **state)
+ 
+ static void torture_auth_agent_cert_nonblocking(void **state)
+ {
++#if OPENSSH_VERSION_MAJOR < 8
+     struct torture_state *s = *state;
+     ssh_session session = s->ssh.session;
+     int rc;
+@@ -687,6 +690,7 @@ static void torture_auth_agent_cert_nonblocking(void **state)
+                              "ssh-rsa-cert-v01@openssh.com");
+         assert_int_equal(rc, SSH_OK);
+     }
++#endif /* OPENSSH_VERSION_MAJOR < 8 */
+ 
+     torture_auth_agent_nonblocking(state);
+ }
+-- 
+GitLab
+
+
diff --git a/libssh.spec b/libssh.spec
index ac56d96..22a88dd 100644
--- a/libssh.spec
+++ b/libssh.spec
@@ -10,6 +10,7 @@ Source1:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
 Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
 Source3:        libssh_client.config
 Source4:        libssh_server.config
+Patch1:         libssh-0.9.6-openssh-8.8p1-compat.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
@@ -104,10 +105,7 @@ popd
 %check
 # Tests are randomly failing when run in parallel
 %global _smp_build_ncpus 1
-
-# https://gitlab.com/libssh/libssh-mirror/-/issues/107
-# The torture_auth tests currently fail when run against OpenSSH 8.8
-%ctest -- -E torture_auth
+%ctest
 
 %files
 %doc AUTHORS BSD ChangeLog README