allow multiple key algorithms in the same control listener

if a control channel listener was configured with more than one
key algorithm, message verification would be attempted with each
algorithm in turn. if the first key failed due to the wrong
signature length, the entire verification process was aborted,
rather than continuing on to try with another key.

bin/named/controlconf.c

@@ -445,10 +445,6 @@ control_recvmessage(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
 		}
 		isc_mem_put(listener->mctx, conn->secret.rstart,
 			    REGION_SIZE(conn->secret));
-		if (result != ISCCC_R_BADAUTH) {
-			log_invalid(&conn->ccmsg, result);
-			goto cleanup;
-		}
 	}
 
 	if (key == NULL) {

bin/tests/system/rndc/setup.sh

@@ -45,3 +45,12 @@ make_key 3 ${EXTRAPORT3} hmac-sha224
 make_key 4 ${EXTRAPORT4} hmac-sha256
 make_key 5 ${EXTRAPORT5} hmac-sha384
 make_key 6 ${EXTRAPORT6} hmac-sha512
+
+cat >> ns4/named.conf <<- EOF
+
+controls {
+	inet 10.53.0.4 port ${EXTRAPORT7}
+		allow { any; } keys { "key1"; "key2"; "key3";
+                                      "key4"; "key5"; "key6"; };
+};
+EOF

bin/tests/system/rndc/tests.sh

@@ -412,6 +412,16 @@ done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
+n=$((n+1))
+echo_i "testing single control channel with multiple algorithms ($n)"
+ret=0
+for i in 1 2 3 4 5 6
+do
+        $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status > /dev/null 2>&1 || ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
 n=$((n+1))
 echo_i "testing automatic zones are reported ($n)"
 ret=0