mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Make modifications to keyless.example deterministic

Browse Source 
The perl modifation code for keyless.example was not deterministic
(/NXT/ matched part of signature) resulting in different error
strings being returned.  Replaced /NXT/ with /A RRSIG NSEC/ and
updated expected error string,
This commit is contained in:
Mark Andrews
2022-05-11 14:32:11 +10:00
parent 728ea7cce5
commit 69d5e22e58
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bin/tests/system/dnssec/ns3/sign.sh
View File

@@ -121,12 +121,12 @@ cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -z -o "$zone" "$zonefile" > /dev/null
# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
# Change the signer field of the a.b.keyless.example RRSIG A
# to point to a provably nonexistent DNSKEY record.
zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1
mv "$zonefile.signed" "$zonefiletmp"
<"$zonefiletmp" "$PERL" -p -e 's/ keyless.example/ b.keyless.example/
if /^a.b.keyless.example/../NXT/;' > "$zonefile.signed"
if /^a.b.keyless.example/../A RRSIG NSEC/;' > "$zonefile.signed"
rm -f "$zonefiletmp"
#

2
bin/tests/system/dnssec/tests.sh
View File

@@ -938,7 +938,7 @@ if [ -x ${DELV} ] ; then
ret=0
echo_i "checking that validation fails when key record is missing using dns_client ($n)"
delv_with_opts +cd @10.53.0.4 a a.b.keyless.example > delv.out$n 2>&1 || ret=1
grep "resolution failed: broken trust chain" delv.out$n > /dev/null || ret=1
grep "resolution failed: insecurity proof failed" delv.out$n > /dev/null || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))