mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

dnssec: check if RSASHA1 is supported by the OS

Browse Source 
If not skip RSASHA1 based system tests which are supposed to succeed
even in FIPS mode.
This commit is contained in:
Mark Andrews
2022-07-20 15:42:30 +10:00
parent 333693ddf5
commit ba6ee5af50
1 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
bin/tests/system/dnssec/tests.sh
View File

@@ -1103,10 +1103,15 @@ status=$((status+ret))
# Should work with FIPS mode as we are only validating
echo_i "checking positive validation RSASHA1 NSEC ($n)"
ret=0
dig_with_opts +noauth a.rsasha1.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
dig_with_opts +noauth a.rsasha1.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
if $FEATURETEST --rsasha1
then
dig_with_opts +noauth a.rsasha1.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
dig_with_opts +noauth a.rsasha1.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
else
echo_i "skip: RSASHA1 not supported by OS"
fi
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
@@ -1114,10 +1119,15 @@ status=$((status+ret))
# Should work with FIPS mode as we are only validating
echo_i "checking positive validation RSASHA1 (1024 bits) NSEC ($n)"
ret=0
dig_with_opts +noauth a.rsasha1-1024.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
dig_with_opts +noauth a.rsasha1-1024.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
if $FEATURETEST --rsasha1
then
dig_with_opts +noauth a.rsasha1-1024.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
dig_with_opts +noauth a.rsasha1-1024.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
digcomp dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
else
echo_i "skip: RSASHA1 not supported by OS"
fi
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))