diff --git a/.reuse/dep5 b/.reuse/dep5 index 26c7e8ac69..e18e08276f 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -74,6 +74,11 @@ Files: **/*.after* bin/tests/system/masterfile/knowngood.include bin/tests/system/masterfile/knowngood.ttl1 bin/tests/system/masterfile/knowngood.ttl2 + bin/tests/system/notify/CA/CA.cfg + bin/tests/system/notify/CA/README + bin/tests/system/notify/CA/index.txt + bin/tests/system/notify/CA/index.txt.attr + bin/tests/system/notify/CA/serial bin/tests/system/notify/ns4/named.port.in bin/tests/system/nsupdate/CA/CA.cfg bin/tests/system/nsupdate/CA/README diff --git a/bin/tests/system/notify/.gitignore b/bin/tests/system/notify/.gitignore new file mode 100644 index 0000000000..df5fe68d5d --- /dev/null +++ b/bin/tests/system/notify/.gitignore @@ -0,0 +1,5 @@ +# temporary files generated by "openssl ca" +/CA/*.old +# there is little point in keeping the certificate requests +# for the issued certificates +/CA/certs/*.csr diff --git a/bin/tests/system/notify/CA/CA.cfg b/bin/tests/system/notify/CA/CA.cfg new file mode 100644 index 0000000000..1a3ed65f67 --- /dev/null +++ b/bin/tests/system/notify/CA/CA.cfg @@ -0,0 +1,77 @@ +# See ../../doth/CA/ca.cfg for more information + +# certificate authority configuration +[ca] +default_ca = CA_default # The default ca section + +[CA_default] +dir = . +new_certs_dir = $dir/newcerts # new certs dir (must be created) +certificate = $dir/CA.pem # The CA cert +private_key = $dir/private/CA.key # CA private key + +serial = $dir/serial # serial number file for the next certificate + # Update before issuing it: + # xxd -l 8 -u -ps /dev/urandom > ./serial +database = $dir/index.txt # (must be created manually: touch ./index.txt) + +default_days = 1 # how long to certify for + +#default_crl_days = 30 # the number of days before the +default_crl_days = 10950 # next CRL is due. That is the + # days from now to place in the + # CRL nextUpdate field. If CRL + # is expired, certificate + # verifications will fail even + # for otherwise valid + # certificates. Clients might + # cache the CRL, so the expiry + # period should normally be + # relatively short (default: + # 30) for production CAs. + +default_md = sha256 # digest to use + +policy = policy_default # default policy +email_in_dn = no # Don't add the email into cert DN + +name_opt = ca_default # Subject name display option +cert_opt = ca_default # Certificate display option + +# We need the following in order to copy Subject Alt Name(s) from a +# request to the certificate. +copy_extensions = copy # copy extensions from request + +[policy_default] +countryName = optional +stateOrProvinceName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# default certificate requests settings +[req] +# Options for the `req` tool (`man req`). +default_bits = 3072 # for RSA only +distinguished_name = req_default +string_mask = utf8only +# SHA-1 is deprecated, so use SHA-256 instead. +default_md = sha256 +# do not encrypt the private key file +encrypt_key = no + +[req_default] +# See . +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name (full name) +localityName = Locality Name (e.g., city) +0.organizationName = Organization Name (e.g., company) +organizationalUnitName = Organizational Unit Name (e.g. department) +commonName = Common Name (e.g. server FQDN or YOUR name) +emailAddress = Email Address +# defaults +countryName_default = UA +stateOrProvinceName_default = Kharkiv Oblast +localityName_default = Kharkiv +0.organizationName_default = ISC +organizationalUnitName_default = Software Engeneering (BIND 9) diff --git a/bin/tests/system/notify/CA/CA.pem b/bin/tests/system/notify/CA/CA.pem new file mode 100644 index 0000000000..1f725dbb8a --- /dev/null +++ b/bin/tests/system/notify/CA/CA.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL +BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G +A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0 +aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1 +NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh +cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l +dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j +b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo +Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI +B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF +ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5 +3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee +wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia +eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX +z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ +ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD +VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y +SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB +AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc +TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig +TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod +CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz +qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO +70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS +wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE +rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2 +8Q== +-----END CERTIFICATE----- diff --git a/bin/tests/system/notify/CA/README b/bin/tests/system/notify/CA/README new file mode 100644 index 0000000000..13069ca2f8 --- /dev/null +++ b/bin/tests/system/notify/CA/README @@ -0,0 +1,2 @@ +Please take a look at the contents of the CA.cfg file for further +instructions and configurations options. diff --git a/bin/tests/system/notify/CA/certs/srv02.crt01.example.com.key b/bin/tests/system/notify/CA/certs/srv02.crt01.example.com.key new file mode 100644 index 0000000000..c3bade812c --- /dev/null +++ b/bin/tests/system/notify/CA/certs/srv02.crt01.example.com.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxARyCz9Aq5XQpE4SV +IKYvvz2K9IjosWKkcbxjh0rW62RGyi4c3pSo6so8tpvHXzmhZANiAAQ2bCdh34Lt +hA8MzF7BeZhYfvUODFH3fSSAJuRDMSaO02f294+E2Icy91W9AhFetSceZa0Dhldc +aVVaPVm3bhhjvLUGFImFmccFtNtQj/llRCbY9VFtbfXaY/Vq5243EAg= +-----END PRIVATE KEY----- diff --git a/bin/tests/system/notify/CA/certs/srv02.crt01.example.com.pem b/bin/tests/system/notify/CA/certs/srv02.crt01.example.com.pem new file mode 100644 index 0000000000..52baf96dfa --- /dev/null +++ b/bin/tests/system/notify/CA/certs/srv02.crt01.example.com.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c5:86:68:39:7b:1c:c4:9f + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com + Validity + Not Before: Sep 3 15:33:14 2024 GMT + Not After : Aug 27 15:33:14 2054 GMT + Subject: CN=srv02.crt01.example.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:36:6c:27:61:df:82:ed:84:0f:0c:cc:5e:c1:79: + 98:58:7e:f5:0e:0c:51:f7:7d:24:80:26:e4:43:31: + 26:8e:d3:67:f6:f7:8f:84:d8:87:32:f7:55:bd:02: + 11:5e:b5:27:1e:65:ad:03:86:57:5c:69:55:5a:3d: + 59:b7:6e:18:63:bc:b5:06:14:89:85:99:c7:05:b4: + db:50:8f:f9:65:44:26:d8:f5:51:6d:6d:f5:da:63: + f5:6a:e7:6e:37:10:08 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:srv02.crt01.example.com, IP Address:10.53.0.2 + X509v3 Subject Key Identifier: + 4C:A6:2B:5F:55:DF:2E:1E:FA:E8:C6:3F:05:25:20:69:BA:60:3B:E2 + X509v3 Authority Key Identifier: + 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 1d:22:c4:60:42:9a:d8:ac:54:cf:77:be:17:d0:eb:b4:7d:44: + b1:ad:bf:53:0e:be:61:37:bf:7b:a6:78:7e:a0:3f:aa:21:cd: + 09:3a:d4:41:b5:9f:31:a2:c9:db:df:94:a4:05:02:dd:98:04: + 38:55:af:20:3a:4d:82:cd:37:0f:a5:b8:9c:dc:0d:f8:07:c9: + 9d:8e:0a:4f:df:f1:8d:0c:53:9b:56:a2:35:7e:0a:3d:47:89: + ad:76:8f:6c:f5:15:0e:3f:05:af:fb:f8:97:97:a3:91:a6:cf: + 22:04:c0:35:24:84:b4:e5:4d:c0:bf:e0:8d:8b:59:bf:71:2e: + c3:d8:8e:c9:9d:ba:0a:32:cb:0f:b8:b8:e3:91:f9:77:78:55: + 17:9f:6e:09:d6:29:86:25:b6:0d:9b:52:b7:0a:75:f7:cd:09: + 5d:04:83:9f:08:8f:eb:8c:23:73:e0:14:2b:be:ba:22:96:8f: + 68:f8:c7:39:a7:44:9b:1d:ce:cb:eb:04:33:c0:da:b8:03:c0: + 5b:7a:3c:a1:f5:28:92:93:06:f2:32:c3:38:fe:68:5d:64:21: + 6e:3f:8b:80:f8:01:8f:19:5c:fa:13:6c:5e:27:55:19:70:87: + 70:02:80:79:d2:37:d3:d9:05:b1:8e:50:37:24:f0:32:33:bb: + e9:f2:26:f8:19:92:d5:ad:2a:09:c1:b0:48:52:f4:e3:62:cd: + e1:b4:51:d9:0a:88:e3:fb:1e:c9:5c:a5:83:fe:30:9d:cf:83: + 22:ba:1a:cd:c9:a9:e0:3d:cc:8d:f7:68:9e:17:a2:36:78:ab: + 6f:01:de:20:a1:0d:a2:30:12:ee:45:14:b6:f7:c4:e4:d3:4e: + c7:0b:d7:14:b2:49:5c:f8:3a:fc:29:43:fa:97:d1:70:46:54: + c0:a9:c6:eb:f0:91:59:0e:24:8f:e5:38:79:38:fb:86:ab:3c: + b1:ea:d2:a3:4c:2c:e4:29:1a:03:da:54:a0:a6:73:ac:b4:c8: + 02:5a:4c:38:e0:23 +-----BEGIN CERTIFICATE----- +MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSfMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr +aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE +AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMTRaGA8yMDU0MDgy +NzE1MzMxNFowIjEgMB4GA1UEAwwXc3J2MDIuY3J0MDEuZXhhbXBsZS5jb20wdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQ2bCdh34LthA8MzF7BeZhYfvUODFH3fSSAJuRD +MSaO02f294+E2Icy91W9AhFetSceZa0DhldcaVVaPVm3bhhjvLUGFImFmccFtNtQ +j/llRCbY9VFtbfXaY/Vq5243EAijbDBqMCgGA1UdEQQhMB+CF3NydjAyLmNydDAx +LmV4YW1wbGUuY29thwQKNQACMB0GA1UdDgQWBBRMpitfVd8uHvroxj8FJSBpumA7 +4jAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF +AAOCAYEAHSLEYEKa2KxUz3e+F9DrtH1Esa2/Uw6+YTe/e6Z4fqA/qiHNCTrUQbWf +MaLJ29+UpAUC3ZgEOFWvIDpNgs03D6W4nNwN+AfJnY4KT9/xjQxTm1aiNX4KPUeJ +rXaPbPUVDj8Fr/v4l5ejkabPIgTANSSEtOVNwL/gjYtZv3Euw9iOyZ26CjLLD7i4 +45H5d3hVF59uCdYphiW2DZtStwp1980JXQSDnwiP64wjc+AUK766IpaPaPjHOadE +mx3Oy+sEM8DauAPAW3o8ofUokpMG8jLDOP5oXWQhbj+LgPgBjxlc+hNsXidVGXCH +cAKAedI309kFsY5QNyTwMjO76fIm+BmS1a0qCcGwSFL042LN4bRR2QqI4/seyVyl +g/4wnc+DIroazcmp4D3MjfdonheiNnirbwHeIKENojAS7kUUtvfE5NNOxwvXFLJJ +XPg6/ClD+pfRcEZUwKnG6/CRWQ4kj+U4eTj7hqs8serSo0ws5CkaA9pUoKZzrLTI +AlpMOOAj +-----END CERTIFICATE----- diff --git a/bin/tests/system/notify/CA/certs/srv03.crt01-expired.example.com.key b/bin/tests/system/notify/CA/certs/srv03.crt01-expired.example.com.key new file mode 100644 index 0000000000..ed93725584 --- /dev/null +++ b/bin/tests/system/notify/CA/certs/srv03.crt01-expired.example.com.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDVfQs1V2UjdqTM0Z0P +DDtGwwtGUR2P6PEyDQgebPRUpWxbVGf4W0N0DWy5C9UkMJihZANiAARNrIyo/8cA +Dc5puRjsTirIBvu+vKntuMfEUganjXfqO/nYzh3XtC3xGv8NcE+KqZz6pMQw8OXY +Pd1i8n1Ajl/cV2zdVDggDr7milzE6feVSPk0JrxduaqV+MnXJity65Q= +-----END PRIVATE KEY----- diff --git a/bin/tests/system/notify/CA/certs/srv03.crt01-expired.example.com.pem b/bin/tests/system/notify/CA/certs/srv03.crt01-expired.example.com.pem new file mode 100644 index 0000000000..d8a1f41f67 --- /dev/null +++ b/bin/tests/system/notify/CA/certs/srv03.crt01-expired.example.com.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c5:86:68:39:7b:1c:c4:a1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com + Validity + Not Before: Sep 2 15:33:27 2024 GMT + Not After : Sep 3 15:33:27 2024 GMT + Subject: CN=srv03.crt01-expired.example.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4d:ac:8c:a8:ff:c7:00:0d:ce:69:b9:18:ec:4e: + 2a:c8:06:fb:be:bc:a9:ed:b8:c7:c4:52:06:a7:8d: + 77:ea:3b:f9:d8:ce:1d:d7:b4:2d:f1:1a:ff:0d:70: + 4f:8a:a9:9c:fa:a4:c4:30:f0:e5:d8:3d:dd:62:f2: + 7d:40:8e:5f:dc:57:6c:dd:54:38:20:0e:be:e6:8a: + 5c:c4:e9:f7:95:48:f9:34:26:bc:5d:b9:aa:95:f8: + c9:d7:26:2b:72:eb:94 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:srv03.crt01-expired.example.com, IP Address:10.53.0.3 + X509v3 Subject Key Identifier: + 72:38:25:01:CB:38:FF:CB:D3:78:24:43:BA:64:EA:76:FB:58:F6:EA + X509v3 Authority Key Identifier: + 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4a:f3:59:df:4d:ff:fd:de:fc:c8:bc:34:4c:e1:39:00:62:09: + c8:34:2b:d0:3e:52:91:ea:ae:da:86:94:7d:83:84:48:5d:50: + ac:b7:a5:70:87:f4:62:f0:c6:9a:73:d2:78:29:cf:21:20:ae: + 0e:b0:55:36:1d:6c:c1:7f:0f:b7:26:d8:14:43:64:c6:58:8b: + 68:87:fd:cc:3f:d1:c1:f5:67:71:bc:71:7b:d4:f1:02:b0:4c: + dd:b2:4a:18:99:46:3a:44:b2:6b:c4:61:79:8f:be:e8:19:d4: + cc:f7:95:32:b0:74:18:76:c6:df:5f:c1:90:24:3c:a6:5d:2a: + 6f:90:7d:94:43:f3:df:1f:80:70:ff:8a:c8:b9:1f:c5:4e:08: + d1:54:f0:d8:72:af:07:30:9f:8a:65:66:ff:ff:a4:37:de:10: + 01:a6:00:c7:31:08:dd:f0:0a:5f:d3:e6:dd:d1:37:43:f2:44: + 13:bc:9e:68:40:bd:96:84:16:73:0f:01:95:40:65:ba:70:93: + a9:81:27:6e:b6:fb:ad:10:36:46:a3:75:94:00:62:f3:10:32: + c2:4a:0e:3a:bf:ab:07:14:a3:68:fd:eb:c7:c8:16:90:30:80: + f1:28:5c:64:a7:ba:8e:fa:27:09:4c:0b:08:d9:56:77:cd:25: + 7c:1f:58:78:48:c1:8c:73:10:39:f2:06:79:7c:8d:b9:ca:25: + 7c:b1:75:62:68:a7:14:c6:5b:00:78:67:e4:d8:e1:62:0b:6e: + 8d:5a:e6:23:d2:d4:dd:28:71:32:16:88:ad:b3:ee:a6:69:e7: + ff:1e:85:62:3c:65:88:c7:47:0c:1d:a0:d9:12:5c:31:98:01: + cd:a4:28:52:ad:dc:8b:1a:e6:d4:62:3d:1b:c6:52:00:b5:34: + 9d:1d:d8:6b:d3:ce:63:52:62:13:74:2a:7c:ff:0a:d7:0b:99: + a9:2b:b3:ba:e8:cf:a0:77:f0:85:12:ba:4c:54:71:74:dd:32: + 13:ca:44:c2:0f:d9 +-----BEGIN CERTIFICATE----- +MIIDcDCCAdigAwIBAgIJAMWGaDl7HMShMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr +aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE +AwwTY2EudGVzdC5leGFtcGxlLmNvbTAeFw0yNDA5MDIxNTMzMjdaFw0yNDA5MDMx +NTMzMjdaMCoxKDAmBgNVBAMMH3NydjAzLmNydDAxLWV4cGlyZWQuZXhhbXBsZS5j +b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARNrIyo/8cADc5puRjsTirIBvu+vKnt +uMfEUganjXfqO/nYzh3XtC3xGv8NcE+KqZz6pMQw8OXYPd1i8n1Ajl/cV2zdVDgg +Dr7milzE6feVSPk0JrxduaqV+MnXJity65SjdDByMDAGA1UdEQQpMCeCH3NydjAz +LmNydDAxLWV4cGlyZWQuZXhhbXBsZS5jb22HBAo1AAMwHQYDVR0OBBYEFHI4JQHL +OP/L03gkQ7pk6nb7WPbqMB8GA1UdIwQYMBaAFHyJ6Fzr5R9ySATFj/uSCJz1YCY5 +MA0GCSqGSIb3DQEBCwUAA4IBgQBK81nfTf/93vzIvDRM4TkAYgnINCvQPlKR6q7a +hpR9g4RIXVCst6Vwh/Ri8Maac9J4Kc8hIK4OsFU2HWzBfw+3JtgUQ2TGWItoh/3M +P9HB9WdxvHF71PECsEzdskoYmUY6RLJrxGF5j77oGdTM95UysHQYdsbfX8GQJDym +XSpvkH2UQ/PfH4Bw/4rIuR/FTgjRVPDYcq8HMJ+KZWb//6Q33hABpgDHMQjd8Apf +0+bd0TdD8kQTvJ5oQL2WhBZzDwGVQGW6cJOpgSdutvutEDZGo3WUAGLzEDLCSg46 +v6sHFKNo/evHyBaQMIDxKFxkp7qO+icJTAsI2VZ3zSV8H1h4SMGMcxA58gZ5fI25 +yiV8sXViaKcUxlsAeGfk2OFiC26NWuYj0tTdKHEyFoits+6maef/HoViPGWIx0cM +HaDZElwxmAHNpChSrdyLGubUYj0bxlIAtTSdHdhr085jUmITdCp8/wrXC5mpK7O6 +6M+gd/CFErpMVHF03TITykTCD9k= +-----END CERTIFICATE----- diff --git a/bin/tests/system/notify/CA/certs/srv03.crt01.example.com.key b/bin/tests/system/notify/CA/certs/srv03.crt01.example.com.key new file mode 100644 index 0000000000..cde19c37a0 --- /dev/null +++ b/bin/tests/system/notify/CA/certs/srv03.crt01.example.com.key @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAEmVA9V00diOvZfEJV +N7piEbfN7fULRHWg2k4g7V2Ivpn9LfBsaYh5+Acf271G0mKhZANiAAQSbFty27Ro +RO7BPZFI9yM5V64xIUGMe4o4LYBA6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X +/x36gVJCzgXSBXPNktdMIxki9cttREvXo1cmELKl/n+PXDgxcbg/RbM= +-----END PRIVATE KEY----- diff --git a/bin/tests/system/notify/CA/certs/srv03.crt01.example.com.pem b/bin/tests/system/notify/CA/certs/srv03.crt01.example.com.pem new file mode 100644 index 0000000000..0d45e7af59 --- /dev/null +++ b/bin/tests/system/notify/CA/certs/srv03.crt01.example.com.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c5:86:68:39:7b:1c:c4:a0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com + Validity + Not Before: Sep 3 15:33:18 2024 GMT + Not After : Aug 27 15:33:18 2054 GMT + Subject: CN=srv03.crt01.example.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:12:6c:5b:72:db:b4:68:44:ee:c1:3d:91:48:f7: + 23:39:57:ae:31:21:41:8c:7b:8a:38:2d:80:40:e9: + c2:a1:14:50:95:3b:47:d7:ea:1e:9b:3b:4c:20:87: + 67:c2:81:86:d6:3a:ad:97:e9:0d:57:ff:1d:fa:81: + 52:42:ce:05:d2:05:73:cd:92:d7:4c:23:19:22:f5: + cb:6d:44:4b:d7:a3:57:26:10:b2:a5:fe:7f:8f:5c: + 38:31:71:b8:3f:45:b3 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:srv03.crt01.example.com, IP Address:10.53.0.3 + X509v3 Subject Key Identifier: + 6A:4F:85:19:52:0E:08:29:28:1B:96:53:84:97:0E:AA:35:C3:96:27 + X509v3 Authority Key Identifier: + 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 62:05:bb:62:4e:2a:6a:46:00:49:3e:83:b3:a7:ff:40:68:02: + 36:06:1f:e7:c9:47:db:72:09:be:78:bc:e6:c5:b4:8c:51:7c: + d5:93:06:ec:24:ad:11:a7:32:16:3a:55:79:a3:ab:4c:68:10: + 78:f2:e8:24:b3:c0:9c:3a:cd:11:45:7a:22:37:3e:a3:9d:5d: + 3e:ed:91:bd:58:04:2d:f6:6d:2e:0f:61:1d:4f:ab:d7:47:11: + 1b:c7:06:9d:1d:2d:df:85:93:fa:08:dc:27:32:3a:70:37:61: + 7a:58:95:0a:ca:62:ea:28:64:a1:2d:37:0e:7d:f9:0a:6c:71: + 23:20:6a:5d:2d:6b:f2:fe:23:f8:7b:89:51:21:e3:dd:2d:52: + e7:a3:bc:b9:62:86:65:21:de:90:6a:66:f8:ef:25:aa:da:e5: + b7:5f:f1:8e:ab:2d:5a:50:5f:b8:98:8a:00:d0:7b:e3:51:ec: + d8:a5:67:ee:2a:93:b5:62:84:9b:f5:c7:cd:72:de:53:99:a8: + 45:b3:f6:4c:31:58:f2:5c:cd:a3:ec:f1:1c:3a:29:cf:8e:b8: + 60:ba:c3:cd:d9:7d:bd:9a:b0:41:b3:dd:fb:37:0f:56:54:5b: + 5e:99:d1:a7:58:57:ac:9e:52:c5:74:3e:c2:df:72:82:07:bf: + b2:48:87:9e:16:d8:03:3b:3b:a2:0a:03:55:83:69:44:f2:14: + c8:6b:50:20:89:85:16:b4:be:c6:6c:42:91:00:09:d7:55:9f: + c3:0c:9b:5f:58:bf:43:9d:42:ca:f3:25:1f:d8:f4:b2:87:86: + a8:59:60:e9:53:23:2e:27:e8:97:02:d6:a6:91:9a:81:fb:28: + e4:47:86:c3:3a:55:ca:f0:24:1f:be:dd:00:d3:db:6a:20:5c: + a3:b0:7a:5f:d9:a7:9b:35:f7:23:c7:2b:9d:98:f9:5c:89:5a: + 6d:d4:ed:1c:d7:ec:40:0c:b0:c2:92:24:4b:78:a1:ab:7e:27: + cf:19:2c:ec:3a:77 +-----BEGIN CERTIFICATE----- +MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSgMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr +aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE +AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMThaGA8yMDU0MDgy +NzE1MzMxOFowIjEgMB4GA1UEAwwXc3J2MDMuY3J0MDEuZXhhbXBsZS5jb20wdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQSbFty27RoRO7BPZFI9yM5V64xIUGMe4o4LYBA +6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X/x36gVJCzgXSBXPNktdMIxki9ctt +REvXo1cmELKl/n+PXDgxcbg/RbOjbDBqMCgGA1UdEQQhMB+CF3NydjAzLmNydDAx +LmV4YW1wbGUuY29thwQKNQADMB0GA1UdDgQWBBRqT4UZUg4IKSgbllOElw6qNcOW +JzAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF +AAOCAYEAYgW7Yk4qakYAST6Ds6f/QGgCNgYf58lH23IJvni85sW0jFF81ZMG7CSt +EacyFjpVeaOrTGgQePLoJLPAnDrNEUV6Ijc+o51dPu2RvVgELfZtLg9hHU+r10cR +G8cGnR0t34WT+gjcJzI6cDdheliVCspi6ihkoS03Dn35CmxxIyBqXS1r8v4j+HuJ +USHj3S1S56O8uWKGZSHekGpm+O8lqtrlt1/xjqstWlBfuJiKANB741Hs2KVn7iqT +tWKEm/XHzXLeU5moRbP2TDFY8lzNo+zxHDopz464YLrDzdl9vZqwQbPd+zcPVlRb +XpnRp1hXrJ5SxXQ+wt9ygge/skiHnhbYAzs7ogoDVYNpRPIUyGtQIImFFrS+xmxC +kQAJ11WfwwybX1i/Q51CyvMlH9j0soeGqFlg6VMjLifolwLWppGagfso5EeGwzpV +yvAkH77dANPbaiBco7B6X9mnmzX3I8crnZj5XIlabdTtHNfsQAywwpIkS3ihq34n +zxks7Dp3 +-----END CERTIFICATE----- diff --git a/bin/tests/system/notify/CA/index.txt b/bin/tests/system/notify/CA/index.txt new file mode 100644 index 0000000000..323e3f95b5 --- /dev/null +++ b/bin/tests/system/notify/CA/index.txt @@ -0,0 +1,3 @@ +V 20540827153314Z C58668397B1CC49F unknown /CN=srv02.crt01.example.com +V 20540827153318Z C58668397B1CC4A0 unknown /CN=srv03.crt01.example.com +V 240903153327Z C58668397B1CC4A1 unknown /CN=srv03.crt01-expired.example.com diff --git a/bin/tests/system/notify/CA/index.txt.attr b/bin/tests/system/notify/CA/index.txt.attr new file mode 100644 index 0000000000..8f7e63a347 --- /dev/null +++ b/bin/tests/system/notify/CA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/bin/tests/system/notify/CA/newcerts/C58668397B1CC49F.pem b/bin/tests/system/notify/CA/newcerts/C58668397B1CC49F.pem new file mode 100644 index 0000000000..52baf96dfa --- /dev/null +++ b/bin/tests/system/notify/CA/newcerts/C58668397B1CC49F.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c5:86:68:39:7b:1c:c4:9f + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com + Validity + Not Before: Sep 3 15:33:14 2024 GMT + Not After : Aug 27 15:33:14 2054 GMT + Subject: CN=srv02.crt01.example.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:36:6c:27:61:df:82:ed:84:0f:0c:cc:5e:c1:79: + 98:58:7e:f5:0e:0c:51:f7:7d:24:80:26:e4:43:31: + 26:8e:d3:67:f6:f7:8f:84:d8:87:32:f7:55:bd:02: + 11:5e:b5:27:1e:65:ad:03:86:57:5c:69:55:5a:3d: + 59:b7:6e:18:63:bc:b5:06:14:89:85:99:c7:05:b4: + db:50:8f:f9:65:44:26:d8:f5:51:6d:6d:f5:da:63: + f5:6a:e7:6e:37:10:08 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:srv02.crt01.example.com, IP Address:10.53.0.2 + X509v3 Subject Key Identifier: + 4C:A6:2B:5F:55:DF:2E:1E:FA:E8:C6:3F:05:25:20:69:BA:60:3B:E2 + X509v3 Authority Key Identifier: + 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 1d:22:c4:60:42:9a:d8:ac:54:cf:77:be:17:d0:eb:b4:7d:44: + b1:ad:bf:53:0e:be:61:37:bf:7b:a6:78:7e:a0:3f:aa:21:cd: + 09:3a:d4:41:b5:9f:31:a2:c9:db:df:94:a4:05:02:dd:98:04: + 38:55:af:20:3a:4d:82:cd:37:0f:a5:b8:9c:dc:0d:f8:07:c9: + 9d:8e:0a:4f:df:f1:8d:0c:53:9b:56:a2:35:7e:0a:3d:47:89: + ad:76:8f:6c:f5:15:0e:3f:05:af:fb:f8:97:97:a3:91:a6:cf: + 22:04:c0:35:24:84:b4:e5:4d:c0:bf:e0:8d:8b:59:bf:71:2e: + c3:d8:8e:c9:9d:ba:0a:32:cb:0f:b8:b8:e3:91:f9:77:78:55: + 17:9f:6e:09:d6:29:86:25:b6:0d:9b:52:b7:0a:75:f7:cd:09: + 5d:04:83:9f:08:8f:eb:8c:23:73:e0:14:2b:be:ba:22:96:8f: + 68:f8:c7:39:a7:44:9b:1d:ce:cb:eb:04:33:c0:da:b8:03:c0: + 5b:7a:3c:a1:f5:28:92:93:06:f2:32:c3:38:fe:68:5d:64:21: + 6e:3f:8b:80:f8:01:8f:19:5c:fa:13:6c:5e:27:55:19:70:87: + 70:02:80:79:d2:37:d3:d9:05:b1:8e:50:37:24:f0:32:33:bb: + e9:f2:26:f8:19:92:d5:ad:2a:09:c1:b0:48:52:f4:e3:62:cd: + e1:b4:51:d9:0a:88:e3:fb:1e:c9:5c:a5:83:fe:30:9d:cf:83: + 22:ba:1a:cd:c9:a9:e0:3d:cc:8d:f7:68:9e:17:a2:36:78:ab: + 6f:01:de:20:a1:0d:a2:30:12:ee:45:14:b6:f7:c4:e4:d3:4e: + c7:0b:d7:14:b2:49:5c:f8:3a:fc:29:43:fa:97:d1:70:46:54: + c0:a9:c6:eb:f0:91:59:0e:24:8f:e5:38:79:38:fb:86:ab:3c: + b1:ea:d2:a3:4c:2c:e4:29:1a:03:da:54:a0:a6:73:ac:b4:c8: + 02:5a:4c:38:e0:23 +-----BEGIN CERTIFICATE----- +MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSfMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr +aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE +AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMTRaGA8yMDU0MDgy +NzE1MzMxNFowIjEgMB4GA1UEAwwXc3J2MDIuY3J0MDEuZXhhbXBsZS5jb20wdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQ2bCdh34LthA8MzF7BeZhYfvUODFH3fSSAJuRD +MSaO02f294+E2Icy91W9AhFetSceZa0DhldcaVVaPVm3bhhjvLUGFImFmccFtNtQ +j/llRCbY9VFtbfXaY/Vq5243EAijbDBqMCgGA1UdEQQhMB+CF3NydjAyLmNydDAx +LmV4YW1wbGUuY29thwQKNQACMB0GA1UdDgQWBBRMpitfVd8uHvroxj8FJSBpumA7 +4jAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF +AAOCAYEAHSLEYEKa2KxUz3e+F9DrtH1Esa2/Uw6+YTe/e6Z4fqA/qiHNCTrUQbWf +MaLJ29+UpAUC3ZgEOFWvIDpNgs03D6W4nNwN+AfJnY4KT9/xjQxTm1aiNX4KPUeJ +rXaPbPUVDj8Fr/v4l5ejkabPIgTANSSEtOVNwL/gjYtZv3Euw9iOyZ26CjLLD7i4 +45H5d3hVF59uCdYphiW2DZtStwp1980JXQSDnwiP64wjc+AUK766IpaPaPjHOadE +mx3Oy+sEM8DauAPAW3o8ofUokpMG8jLDOP5oXWQhbj+LgPgBjxlc+hNsXidVGXCH +cAKAedI309kFsY5QNyTwMjO76fIm+BmS1a0qCcGwSFL042LN4bRR2QqI4/seyVyl +g/4wnc+DIroazcmp4D3MjfdonheiNnirbwHeIKENojAS7kUUtvfE5NNOxwvXFLJJ +XPg6/ClD+pfRcEZUwKnG6/CRWQ4kj+U4eTj7hqs8serSo0ws5CkaA9pUoKZzrLTI +AlpMOOAj +-----END CERTIFICATE----- diff --git a/bin/tests/system/notify/CA/newcerts/C58668397B1CC4A0.pem b/bin/tests/system/notify/CA/newcerts/C58668397B1CC4A0.pem new file mode 100644 index 0000000000..0d45e7af59 --- /dev/null +++ b/bin/tests/system/notify/CA/newcerts/C58668397B1CC4A0.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c5:86:68:39:7b:1c:c4:a0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com + Validity + Not Before: Sep 3 15:33:18 2024 GMT + Not After : Aug 27 15:33:18 2054 GMT + Subject: CN=srv03.crt01.example.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:12:6c:5b:72:db:b4:68:44:ee:c1:3d:91:48:f7: + 23:39:57:ae:31:21:41:8c:7b:8a:38:2d:80:40:e9: + c2:a1:14:50:95:3b:47:d7:ea:1e:9b:3b:4c:20:87: + 67:c2:81:86:d6:3a:ad:97:e9:0d:57:ff:1d:fa:81: + 52:42:ce:05:d2:05:73:cd:92:d7:4c:23:19:22:f5: + cb:6d:44:4b:d7:a3:57:26:10:b2:a5:fe:7f:8f:5c: + 38:31:71:b8:3f:45:b3 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:srv03.crt01.example.com, IP Address:10.53.0.3 + X509v3 Subject Key Identifier: + 6A:4F:85:19:52:0E:08:29:28:1B:96:53:84:97:0E:AA:35:C3:96:27 + X509v3 Authority Key Identifier: + 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 62:05:bb:62:4e:2a:6a:46:00:49:3e:83:b3:a7:ff:40:68:02: + 36:06:1f:e7:c9:47:db:72:09:be:78:bc:e6:c5:b4:8c:51:7c: + d5:93:06:ec:24:ad:11:a7:32:16:3a:55:79:a3:ab:4c:68:10: + 78:f2:e8:24:b3:c0:9c:3a:cd:11:45:7a:22:37:3e:a3:9d:5d: + 3e:ed:91:bd:58:04:2d:f6:6d:2e:0f:61:1d:4f:ab:d7:47:11: + 1b:c7:06:9d:1d:2d:df:85:93:fa:08:dc:27:32:3a:70:37:61: + 7a:58:95:0a:ca:62:ea:28:64:a1:2d:37:0e:7d:f9:0a:6c:71: + 23:20:6a:5d:2d:6b:f2:fe:23:f8:7b:89:51:21:e3:dd:2d:52: + e7:a3:bc:b9:62:86:65:21:de:90:6a:66:f8:ef:25:aa:da:e5: + b7:5f:f1:8e:ab:2d:5a:50:5f:b8:98:8a:00:d0:7b:e3:51:ec: + d8:a5:67:ee:2a:93:b5:62:84:9b:f5:c7:cd:72:de:53:99:a8: + 45:b3:f6:4c:31:58:f2:5c:cd:a3:ec:f1:1c:3a:29:cf:8e:b8: + 60:ba:c3:cd:d9:7d:bd:9a:b0:41:b3:dd:fb:37:0f:56:54:5b: + 5e:99:d1:a7:58:57:ac:9e:52:c5:74:3e:c2:df:72:82:07:bf: + b2:48:87:9e:16:d8:03:3b:3b:a2:0a:03:55:83:69:44:f2:14: + c8:6b:50:20:89:85:16:b4:be:c6:6c:42:91:00:09:d7:55:9f: + c3:0c:9b:5f:58:bf:43:9d:42:ca:f3:25:1f:d8:f4:b2:87:86: + a8:59:60:e9:53:23:2e:27:e8:97:02:d6:a6:91:9a:81:fb:28: + e4:47:86:c3:3a:55:ca:f0:24:1f:be:dd:00:d3:db:6a:20:5c: + a3:b0:7a:5f:d9:a7:9b:35:f7:23:c7:2b:9d:98:f9:5c:89:5a: + 6d:d4:ed:1c:d7:ec:40:0c:b0:c2:92:24:4b:78:a1:ab:7e:27: + cf:19:2c:ec:3a:77 +-----BEGIN CERTIFICATE----- +MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSgMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr +aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE +AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMThaGA8yMDU0MDgy +NzE1MzMxOFowIjEgMB4GA1UEAwwXc3J2MDMuY3J0MDEuZXhhbXBsZS5jb20wdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQSbFty27RoRO7BPZFI9yM5V64xIUGMe4o4LYBA +6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X/x36gVJCzgXSBXPNktdMIxki9ctt +REvXo1cmELKl/n+PXDgxcbg/RbOjbDBqMCgGA1UdEQQhMB+CF3NydjAzLmNydDAx +LmV4YW1wbGUuY29thwQKNQADMB0GA1UdDgQWBBRqT4UZUg4IKSgbllOElw6qNcOW +JzAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF +AAOCAYEAYgW7Yk4qakYAST6Ds6f/QGgCNgYf58lH23IJvni85sW0jFF81ZMG7CSt +EacyFjpVeaOrTGgQePLoJLPAnDrNEUV6Ijc+o51dPu2RvVgELfZtLg9hHU+r10cR +G8cGnR0t34WT+gjcJzI6cDdheliVCspi6ihkoS03Dn35CmxxIyBqXS1r8v4j+HuJ +USHj3S1S56O8uWKGZSHekGpm+O8lqtrlt1/xjqstWlBfuJiKANB741Hs2KVn7iqT +tWKEm/XHzXLeU5moRbP2TDFY8lzNo+zxHDopz464YLrDzdl9vZqwQbPd+zcPVlRb +XpnRp1hXrJ5SxXQ+wt9ygge/skiHnhbYAzs7ogoDVYNpRPIUyGtQIImFFrS+xmxC +kQAJ11WfwwybX1i/Q51CyvMlH9j0soeGqFlg6VMjLifolwLWppGagfso5EeGwzpV +yvAkH77dANPbaiBco7B6X9mnmzX3I8crnZj5XIlabdTtHNfsQAywwpIkS3ihq34n +zxks7Dp3 +-----END CERTIFICATE----- diff --git a/bin/tests/system/notify/CA/newcerts/C58668397B1CC4A1.pem b/bin/tests/system/notify/CA/newcerts/C58668397B1CC4A1.pem new file mode 100644 index 0000000000..d8a1f41f67 --- /dev/null +++ b/bin/tests/system/notify/CA/newcerts/C58668397B1CC4A1.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c5:86:68:39:7b:1c:c4:a1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com + Validity + Not Before: Sep 2 15:33:27 2024 GMT + Not After : Sep 3 15:33:27 2024 GMT + Subject: CN=srv03.crt01-expired.example.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:4d:ac:8c:a8:ff:c7:00:0d:ce:69:b9:18:ec:4e: + 2a:c8:06:fb:be:bc:a9:ed:b8:c7:c4:52:06:a7:8d: + 77:ea:3b:f9:d8:ce:1d:d7:b4:2d:f1:1a:ff:0d:70: + 4f:8a:a9:9c:fa:a4:c4:30:f0:e5:d8:3d:dd:62:f2: + 7d:40:8e:5f:dc:57:6c:dd:54:38:20:0e:be:e6:8a: + 5c:c4:e9:f7:95:48:f9:34:26:bc:5d:b9:aa:95:f8: + c9:d7:26:2b:72:eb:94 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:srv03.crt01-expired.example.com, IP Address:10.53.0.3 + X509v3 Subject Key Identifier: + 72:38:25:01:CB:38:FF:CB:D3:78:24:43:BA:64:EA:76:FB:58:F6:EA + X509v3 Authority Key Identifier: + 7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4a:f3:59:df:4d:ff:fd:de:fc:c8:bc:34:4c:e1:39:00:62:09: + c8:34:2b:d0:3e:52:91:ea:ae:da:86:94:7d:83:84:48:5d:50: + ac:b7:a5:70:87:f4:62:f0:c6:9a:73:d2:78:29:cf:21:20:ae: + 0e:b0:55:36:1d:6c:c1:7f:0f:b7:26:d8:14:43:64:c6:58:8b: + 68:87:fd:cc:3f:d1:c1:f5:67:71:bc:71:7b:d4:f1:02:b0:4c: + dd:b2:4a:18:99:46:3a:44:b2:6b:c4:61:79:8f:be:e8:19:d4: + cc:f7:95:32:b0:74:18:76:c6:df:5f:c1:90:24:3c:a6:5d:2a: + 6f:90:7d:94:43:f3:df:1f:80:70:ff:8a:c8:b9:1f:c5:4e:08: + d1:54:f0:d8:72:af:07:30:9f:8a:65:66:ff:ff:a4:37:de:10: + 01:a6:00:c7:31:08:dd:f0:0a:5f:d3:e6:dd:d1:37:43:f2:44: + 13:bc:9e:68:40:bd:96:84:16:73:0f:01:95:40:65:ba:70:93: + a9:81:27:6e:b6:fb:ad:10:36:46:a3:75:94:00:62:f3:10:32: + c2:4a:0e:3a:bf:ab:07:14:a3:68:fd:eb:c7:c8:16:90:30:80: + f1:28:5c:64:a7:ba:8e:fa:27:09:4c:0b:08:d9:56:77:cd:25: + 7c:1f:58:78:48:c1:8c:73:10:39:f2:06:79:7c:8d:b9:ca:25: + 7c:b1:75:62:68:a7:14:c6:5b:00:78:67:e4:d8:e1:62:0b:6e: + 8d:5a:e6:23:d2:d4:dd:28:71:32:16:88:ad:b3:ee:a6:69:e7: + ff:1e:85:62:3c:65:88:c7:47:0c:1d:a0:d9:12:5c:31:98:01: + cd:a4:28:52:ad:dc:8b:1a:e6:d4:62:3d:1b:c6:52:00:b5:34: + 9d:1d:d8:6b:d3:ce:63:52:62:13:74:2a:7c:ff:0a:d7:0b:99: + a9:2b:b3:ba:e8:cf:a0:77:f0:85:12:ba:4c:54:71:74:dd:32: + 13:ca:44:c2:0f:d9 +-----BEGIN CERTIFICATE----- +MIIDcDCCAdigAwIBAgIJAMWGaDl7HMShMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV +BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr +aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE +AwwTY2EudGVzdC5leGFtcGxlLmNvbTAeFw0yNDA5MDIxNTMzMjdaFw0yNDA5MDMx +NTMzMjdaMCoxKDAmBgNVBAMMH3NydjAzLmNydDAxLWV4cGlyZWQuZXhhbXBsZS5j +b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARNrIyo/8cADc5puRjsTirIBvu+vKnt +uMfEUganjXfqO/nYzh3XtC3xGv8NcE+KqZz6pMQw8OXYPd1i8n1Ajl/cV2zdVDgg +Dr7milzE6feVSPk0JrxduaqV+MnXJity65SjdDByMDAGA1UdEQQpMCeCH3NydjAz +LmNydDAxLWV4cGlyZWQuZXhhbXBsZS5jb22HBAo1AAMwHQYDVR0OBBYEFHI4JQHL +OP/L03gkQ7pk6nb7WPbqMB8GA1UdIwQYMBaAFHyJ6Fzr5R9ySATFj/uSCJz1YCY5 +MA0GCSqGSIb3DQEBCwUAA4IBgQBK81nfTf/93vzIvDRM4TkAYgnINCvQPlKR6q7a +hpR9g4RIXVCst6Vwh/Ri8Maac9J4Kc8hIK4OsFU2HWzBfw+3JtgUQ2TGWItoh/3M +P9HB9WdxvHF71PECsEzdskoYmUY6RLJrxGF5j77oGdTM95UysHQYdsbfX8GQJDym +XSpvkH2UQ/PfH4Bw/4rIuR/FTgjRVPDYcq8HMJ+KZWb//6Q33hABpgDHMQjd8Apf +0+bd0TdD8kQTvJ5oQL2WhBZzDwGVQGW6cJOpgSdutvutEDZGo3WUAGLzEDLCSg46 +v6sHFKNo/evHyBaQMIDxKFxkp7qO+icJTAsI2VZ3zSV8H1h4SMGMcxA58gZ5fI25 +yiV8sXViaKcUxlsAeGfk2OFiC26NWuYj0tTdKHEyFoits+6maef/HoViPGWIx0cM +HaDZElwxmAHNpChSrdyLGubUYj0bxlIAtTSdHdhr085jUmITdCp8/wrXC5mpK7O6 +6M+gd/CFErpMVHF03TITykTCD9k= +-----END CERTIFICATE----- diff --git a/bin/tests/system/notify/CA/private/CA.key b/bin/tests/system/notify/CA/private/CA.key new file mode 100644 index 0000000000..2d5419d89a --- /dev/null +++ b/bin/tests/system/notify/CA/private/CA.key @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5AIBAAKCAYEAouoRHoAc6VCmxNTU6Ge7s+xDFGO0wXJJIsP+8nUyyjWvGCOC +aQYLhb1kLA2NHRhSSKFcMh8jcd7Hlvy6CAec1j2dsWzryy3HgPrdjWaW3PfBO41D +lUtdt8hA/p6pX2YwqvWbdK/3s8J0LY5xRZKNZnFOB/Sb4PGiIJ1NgMRO/M3IlPQm +PO/faRRTU4SI26KCPKFW342826Zi88YwOd6w5mQU4fskk5TGtlNqE+Fj40ZbWVpy +VXoEUS6RveRp020NX5CQG49SLtdF05AnnsATqmgNVCXptGuqW8uaHRONeGO3NBEy +nJmibWBDUMjtCCcGVgyrVXuTkyAJJWpImnshUwgMNYebRwmC2iVv2LtsJS5eUTUH +EWffnFl55XU2PkyNYgY35gA4y3SiWFJYV8+5FibU4ut0nb+lmHBF8WlqcU/kd3tp +Gkf0exjqOIHZFqV9bIhpUbXhxx9v9+gkkGQ9nrXE1KRlvigxxUeIK5xHy9a7fVIL +wo6WuCnLLJmbVkklAgMBAAECggGBAI5ZV3v/FUQIZK+4CBDKEwizeClotZgR9DWc +bDgOj8KABe5hmKGL1qWVRuH3NUYm6j7sP1LMQnxM3LjhOuupOzE3xYIyWhW+eoQI +r23OJiQNl5ohZNweblUXdTMGD5h8AipfUOY0m4tGbZ0gyXixBTxt5HCvG0UB3VgC +GqZY4Wujo5ADhSXZsqxuRiDDvZGr/YBcuTu87Tg/ulam5ZyrKIcnC9gpSVxqsva9 +DAMy/cSoxUjd7ukhJISK3G3AF3fV4GSslQcJTlyJ2D3+LnqPuHJKYTI4hc46lN3x +E2g24GdSCPYf6SoEPwACXtbavV8TXwQPJrHN+f+0/ePCI4jkYe5NoA3gwVgMb/WB +wFchxzVh3V4e8tPGiG+ofKl81DSAW8VZCJLUIbTEce9oxafPT78WJxdC0wWbh5S8 +V/qN6sW/yWnK3oY9SilWhJGRwKOZ+8xtStaDeCzyCaOqEcWi8ZR0QfC33UozlhdC +SrMKnOXmn/rUuXGrVR56IzIl0M7YAQKBwQDM3GJDdlFuHn6L0syKYdHDS8gXD9ke +s+ochIP6jvkEPcayaEoZGl8s7RT3iztqXod7wLaZdotktxfDAZnJfeuOcVrCu+Bx +HLytnBvV6czMfp3REGgQAJQeusSgtlBCTHHVOsDzIjdnkY3WBa7IiFYWO5wnYrGx +r3ucnwnHaUVDMj1r4YI7mYIpCuYQl6eGyW7mhWewyhVwoQXKbifdrXxjvOigL0Cp +tgsoU9pql3hpphOaYMX6hLOincTfaMxfnCECgcEAy5UXp3dA0OwK+4iDGKr+cUpk +AtGTheiE+8zEVh2KYFLt921mW/QZiB1+xtnkknp3c7u07Ugk8jAEXzCkwMnN5ZCx +LrJ72fC+cLIAbRm6/vMMP8iz83wyttao4qNMeoOBBfE9rEiP+lrugpv282V3ZHYa +IUZWTeugJbckUHTbD3RZQExmQcRVG3m/TzonBfoZ8HoRj/n3d7V2T911cHUhi8Xn +RQIi2m63VofOIep86LgartlKneMWnL0oOPq4RKyFAoHAZUzpDkD4nUJZAx025Yrf +ZfoYNEcy7vq6XmWsuX5vZoiBs4DcezNOMvH9NzdTJxMdXbV61cIHxcK/7j7hZABv +NZ2Z6sdqgaRbLGIQZaPaEJjfwxygyKDwnY1vY6UjZNVWSMFn3hJiYUVZZKakuiao +ow/Q9KzZ/2ot7tG5zTCh/ktekfUOKBiNg2wPPc8wGPeMblMzZflXxrzpFyOHdRev +dcZZJbSX/hO1yrhEPgculNd5xBHsdCegiF4JlwvEW9bhAoHAZQQiy5bx03j8bhkr +q6bVQFPAUmG5iL16lxLg7TYVPnyH1bk0DDaQIKk6CeN+dmxML2IZgY/FvWK0GKOj +bIH2J43nTRuFNvwtEvBQI9KbpfvlvRSSriOXaoATJvoObdAoylEM4BrVTk2mgapw +HA/h8Thk+NPU6S8ctPouC7ogJIf/7Va7erC35j0//0kEqgOSsW9wnXdUItMo1LI3 +nsiQD7Hwcp5/utErKcWTM+MNfdA0dUQesT9ILhfyCGvn2TOdAoHBAKldZkDyRcu9 +r9uDF1bhUEnpV2k4hgvTuCvQ3rzyx3WrVT8ChEmePC8Ke5A54ffu/YdbpDLbdf2c +j4n5CQhHbMIZs3P2hB3WqDCImApCfMbXaltfBbaT0j7uLJPMp+2+f/wWYpc3R+bn +HVnaRI2PoXXmG9OjQSQdVZ5gNpkEuemAo3dJOSS6BMqQaSxUynGy7o/a/d4izBjd +B58Fwq3sZI/Xv90Se9+b6ICST3YJ3p0vn8RKzmlCQjLg/xynpCByiw== +-----END RSA PRIVATE KEY----- diff --git a/bin/tests/system/notify/CA/serial b/bin/tests/system/notify/CA/serial new file mode 100644 index 0000000000..c611a6a182 --- /dev/null +++ b/bin/tests/system/notify/CA/serial @@ -0,0 +1 @@ +C58668397B1CC4A2 diff --git a/bin/tests/system/notify/dhparam3072.pem b/bin/tests/system/notify/dhparam3072.pem new file mode 100644 index 0000000000..9c2e0aa42b --- /dev/null +++ b/bin/tests/system/notify/dhparam3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEA5D/Oioe+G+EMf/9RVxmcV4rZAtqZpVTFHcX0ZulvdiQGCQmopm6K +3+0uoU2J6WVMjhna5nHD2NO9miRDI/jIxX9g9k6PedSB4o3fSTtkAnGtUbB8S+Ab +EHtWfd7FTES8P1n16HN7BfPXVbP8zTcK+jO63KdQoxueYoETcrw0Myi9Lm8ri8os +O4oQ+XAH7GzZ60bcYV9jge0XIRUGVnYZDjWMlnwMvZyjLivxKXTC9HPNA6FF1/0H +0LPhsfjdoLNsVHFzfQz7QELMfHbTd0C8y0UMDQw9FqUp0esHZ5gsTlqnDHp2ZHoR +JDfNl4yVO5Gv4HiFJ0NSdggefhESU3FRAOhMmUkctOCxk5hyPqGMsvofOajY2MBp +eCffrKuAU6/dGUeq8inwrZlAMIZ20WyskHmbHnc4DXo2Uo6xSZo3xyEq1ofXXwTZ +vPw4e12so3RJAT2a8UsHf7DG1tH+9ke7HCAJQWxUizRFRsMi1Nl/7ikS4f3zgIbX +GKz9+uk5eS6jAgEC +-----END DH PARAMETERS----- diff --git a/bin/tests/system/notify/ns2/named-tls.conf.in b/bin/tests/system/notify/ns2/named-tls.conf.in new file mode 100644 index 0000000000..16fe186f97 --- /dev/null +++ b/bin/tests/system/notify/ns2/named-tls.conf.in @@ -0,0 +1,90 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +tls tls-forward-secrecy { + protocols { TLSv1.2; }; + ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; + dhparam-file "../dhparam3072.pem"; + ca-file "../CA/CA.pem"; +}; + +tls tls-forward-secrecy-remote-hostname { + protocols { TLSv1.2; }; + ca-file "../CA/CA.pem"; + remote-hostname "srv03.crt01.example.com"; +}; + +tls tls-forward-secrecy-bad-remote-hostname { + protocols { TLSv1.2; }; + ca-file "../CA/CA.pem"; + remote-hostname "srv03-bad.crt01.example.com"; +}; + +tls tls-forward-secrecy-mutual-tls { + protocols { TLSv1.2; }; + ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; + key-file "../CA/certs/srv02.crt01.example.com.key"; + cert-file "../CA/certs/srv02.crt01.example.com.pem"; + dhparam-file "../dhparam3072.pem"; + ca-file "../CA/CA.pem"; +}; + +tls tls-expired { + protocols { TLSv1.2; }; + ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; + prefer-server-ciphers yes; + dhparam-file "../dhparam3072.pem"; + ca-file "../CA/CA.pem"; +}; + +zone tls-x1 { + type primary; + file "generic.db"; + notify explicit; + also-notify { 10.53.0.3 tls ephemeral; }; +}; + +zone tls-x2 { + type primary; + file "generic.db"; + notify explicit; + also-notify { 10.53.0.3 port @EXTRAPORT1@ tls tls-expired; }; +}; + +zone tls-x3 { + type primary; + file "generic.db"; + notify explicit; + also-notify { 10.53.0.3 port @EXTRAPORT1@ tls tls-forward-secrecy-remote-hostname; }; +}; + +zone tls-x4 { + type primary; + file "generic.db"; + notify explicit; + also-notify { 10.53.0.3 port @EXTRAPORT1@ tls tls-forward-secrecy-bad-remote-hostname; }; +}; + +zone tls-x5 { + type primary; + file "generic.db"; + notify explicit; + also-notify { 10.53.0.3 port @EXTRAPORT3@ tls tls-forward-secrecy-mutual-tls; }; +}; + +zone tls-x6 { + type primary; + file "generic.db"; + notify explicit; + also-notify { 10.53.0.3 port @EXTRAPORT4@ tls tls-expired; }; +}; diff --git a/bin/tests/system/notify/ns2/named.conf.in b/bin/tests/system/notify/ns2/named.conf.in index 71a7055940..f655551c8c 100644 --- a/bin/tests/system/notify/ns2/named.conf.in +++ b/bin/tests/system/notify/ns2/named.conf.in @@ -11,12 +11,15 @@ * information regarding copyright ownership. */ +include "named-tls.conf"; + options { query-source address 10.53.0.2; notify-source 10.53.0.2; notify-source-v6 fd92:7065:b8e:ffff::2; transfer-source 10.53.0.2; port @PORT@; + include "options-tls.conf"; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/notify/ns2/options-tls.conf.in b/bin/tests/system/notify/ns2/options-tls.conf.in new file mode 100644 index 0000000000..fe3491e6c8 --- /dev/null +++ b/bin/tests/system/notify/ns2/options-tls.conf.in @@ -0,0 +1,14 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + tls-port @TLSPORT@; diff --git a/bin/tests/system/notify/ns3/named-tls.conf.in b/bin/tests/system/notify/ns3/named-tls.conf.in new file mode 100644 index 0000000000..429f3a8b85 --- /dev/null +++ b/bin/tests/system/notify/ns3/named-tls.conf.in @@ -0,0 +1,40 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +tls tls-forward-secrecy { + protocols { TLSv1.2; }; + ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; + prefer-server-ciphers yes; + key-file "../CA/certs/srv03.crt01.example.com.key"; + cert-file "../CA/certs/srv03.crt01.example.com.pem"; + dhparam-file "../dhparam3072.pem"; +}; + +tls tls-forward-secrecy-mutual-tls { + protocols { TLSv1.2; }; + ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; + prefer-server-ciphers yes; + key-file "../CA/certs/srv03.crt01.example.com.key"; + cert-file "../CA/certs/srv03.crt01.example.com.pem"; + dhparam-file "../dhparam3072.pem"; + ca-file "../CA/CA.pem"; +}; + +tls tls-expired { + protocols { TLSv1.2; }; + ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384"; + prefer-server-ciphers yes; + key-file "../CA/certs/srv03.crt01-expired.example.com.key"; + cert-file "../CA/certs/srv03.crt01-expired.example.com.pem"; + dhparam-file "../dhparam3072.pem"; +}; diff --git a/bin/tests/system/notify/ns3/named.conf.in b/bin/tests/system/notify/ns3/named.conf.in index 8a744cd637..832043d9f6 100644 --- a/bin/tests/system/notify/ns3/named.conf.in +++ b/bin/tests/system/notify/ns3/named.conf.in @@ -11,11 +11,14 @@ * information regarding copyright ownership. */ +include "named-tls.conf"; + options { query-source address 10.53.0.3; notify-source 10.53.0.3; transfer-source 10.53.0.3; port @PORT@; + include "options-tls.conf"; pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { fd92:7065:b8e:ffff::3; }; diff --git a/bin/tests/system/notify/ns3/options-tls.conf.in b/bin/tests/system/notify/ns3/options-tls.conf.in new file mode 100644 index 0000000000..23c0658bd5 --- /dev/null +++ b/bin/tests/system/notify/ns3/options-tls.conf.in @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + tls-port @TLSPORT@; + listen-on tls ephemeral { 10.53.0.3; }; + listen-on port @EXTRAPORT1@ tls tls-forward-secrecy { 10.53.0.3; }; + listen-on port @EXTRAPORT3@ tls tls-forward-secrecy-mutual-tls { 10.53.0.3; }; + listen-on port @EXTRAPORT4@ tls tls-expired { 10.53.0.3; }; diff --git a/bin/tests/system/notify/setup.sh b/bin/tests/system/notify/setup.sh index 19c41fc2c1..6793a33f8d 100644 --- a/bin/tests/system/notify/setup.sh +++ b/bin/tests/system/notify/setup.sh @@ -14,8 +14,24 @@ . ../conf.sh copy_setports ns1/named.conf.in ns1/named.conf -copy_setports ns2/named.conf.in ns2/named.conf -copy_setports ns3/named.conf.in ns3/named.conf +if $FEATURETEST --have-fips-dh; then + copy_setports ns2/named-tls.conf.in ns2/named-tls.conf + copy_setports ns2/options-tls.conf.in ns2/options-tls.conf + copy_setports ns2/named.conf.in ns2/named.conf +else + cp /dev/null ns2/named-tls.conf + cp /dev/null ns2/options-tls.conf + copy_setports ns2/named.conf.in ns2/named.conf +fi +if $FEATURETEST --have-fips-dh; then + copy_setports ns3/named-tls.conf.in ns3/named-tls.conf + copy_setports ns3/options-tls.conf.in ns3/options-tls.conf + copy_setports ns3/named.conf.in ns3/named.conf +else + cp /dev/null ns3/named-tls.conf + cp /dev/null ns3/options-tls.conf + copy_setports ns3/named.conf.in ns3/named.conf +fi copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh index a827e6da5c..2fbccbd37f 100644 --- a/bin/tests/system/notify/tests.sh +++ b/bin/tests/system/notify/tests.sh @@ -119,6 +119,18 @@ grep 'notify from 10.53.0.2#[0-9][0-9]*: serial 2$' ns3/named.run >/dev/null || grep 'refused notify from non-primary: fd92:7065:b8e:ffff::2#[0-9][0-9]*$' ns3/named.run >/dev/null || ret=1 test_end +test_start "checking notify over TLS successful" +grep "zone tls-x1/IN: notify to 10.53.0.3#${TLSPORT} successful" ns2/named.run >/dev/null || ret=1 +grep "zone tls-x2/IN: notify to 10.53.0.3#${EXTRAPORT1} successful" ns2/named.run >/dev/null || ret=1 +grep "zone tls-x3/IN: notify to 10.53.0.3#${EXTRAPORT1} successful" ns2/named.run >/dev/null || ret=1 +grep "zone tls-x5/IN: notify to 10.53.0.3#${EXTRAPORT3} successful" ns2/named.run >/dev/null || ret=1 +test_end + +test_start "checking notify over TLS failed" +grep "zone tls-x4/IN: notify to 10.53.0.3#${EXTRAPORT1} failed: TLS peer certificate verification failed" ns2/named.run >/dev/null || ret=1 +grep "zone tls-x6/IN: notify to 10.53.0.3#${EXTRAPORT4} failed: TLS peer certificate verification failed" ns2/named.run >/dev/null || ret=1 +test_end + test_start "checking example2 loaded" dig_plus_opts a.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1 grep "10.0.0.2" dig.out.ns2.test$n >/dev/null || ret=1