From 9672b6be574ed35b18f81a302e4ff21f15e59ee2 Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Tue, 7 Mar 2023 14:08:52 +0000
Subject: [PATCH] Fix the placement of printing dig output comments in doth
 system test

There can be comments in dig output for a zone transfer only in case
of an error, so we should print those errors not when wait_for_tls_xfer
succeeds, but when it fails.

Also, there is no point in printing those comments when a failure was
indeed expected.
---
 bin/tests/system/doth/tests.sh | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 1e20cf16fe..08c5186955 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -96,10 +96,10 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the first secondary) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example; then
-	grep "^;" "dig.out.ns2.example.test$n" | cat_i
 	digcomp example.axfr.good "dig.out.ns2.example.test$n" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example.test$n" | cat_i
 	ret=1
 fi
 if test $ret != 0 ; then echo_i "failed"; fi
@@ -110,7 +110,6 @@ if [ -n "$run_san_tests" ]; then
 	echo_i "testing incoming XoT functionality (from the first secondary, no SubjectAltName, failure expected) ($n)"
 	ret=0
 	if retry_quiet 10 wait_for_tls_xfer 2 example3; then
-		grep "^;" "dig.out.ns2.example3.test$n" | cat_i
 		ret=1
 	else
 		echo_i "timed out waiting for zone transfer"
@@ -123,10 +122,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via implicit IP) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example4; then
-	grep "^;" "dig.out.ns2.example4.test$n" | cat_i
 	test -f "ns2/example4.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example4.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -136,10 +135,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv4) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example5; then
-	grep "^;" "dig.out.ns2.example5.test$n" | cat_i
 	test -f "ns2/example5.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example5.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -149,10 +148,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, StrictTLS via specified IPv6) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example6; then
-	grep "^;" "dig.out.ns2.example6.test$n" | cat_i
 	test -f "ns2/example6.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example6.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -162,7 +161,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, wrong hostname, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example7; then
-	grep "^;" "dig.out.ns2.example7.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -174,7 +172,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, expired certificate, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example8; then
-	grep "^;" "dig.out.ns2.example8.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -186,10 +183,10 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example9; then
-	grep "^;" "dig.out.ns2.example9.test$n" | cat_i
 	test -f "ns2/example9.db" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns2.example9.test$n" | cat_i
 	ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -199,7 +196,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS, no client cert, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example10; then
-	grep "^;" "dig.out.ns2.example10.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -211,7 +207,6 @@ n=$((n + 1))
 echo_i "testing incoming XoT functionality (from the first secondary, MutualTLS, expired client cert, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 2 example11; then
-	grep "^;" "dig.out.ns2.example11.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -223,10 +218,10 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the second secondary) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 3 example; then
-	grep "^;" "dig.out.ns3.example.test$n" | cat_i
 	digcomp example.axfr.good "dig.out.ns3.example.test$n" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns3.example.test$n" | cat_i
 	ret=1
 fi
 if test $ret != 0 ; then echo_i "failed"; fi
@@ -236,7 +231,6 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the second secondary, mismatching ciphers, failure expected) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 3 example2; then
-	grep "^;" "dig.out.ns3.example2.test$n" | cat_i
 	ret=1
 else
 	echo_i "timed out waiting for zone transfer"
@@ -248,10 +242,10 @@ n=$((n+1))
 echo_i "testing incoming XoT functionality (from the third secondary) ($n)"
 ret=0
 if retry_quiet 10 wait_for_tls_xfer 4 example; then
-	grep "^;" "dig.out.ns4.example.test$n" | cat_i
 	digcomp example.axfr.good "dig.out.ns4.example.test$n" || ret=1
 else
 	echo_i "timed out waiting for zone transfer"
+	grep "^;" "dig.out.ns4.example.test$n" | cat_i
 	ret=1
 fi
 if test $ret != 0 ; then echo_i "failed"; fi