mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Extend the nsupdate system test with DoT-related checks

Browse Source 
Add a simple test PKI based on the existing one in the doth test.

Check ephemeral, forward-secrecy, and forward-secrecy-mutual-tls
TLS configurations with different scenarios.
This commit is contained in:
Aram Sargsyan
2022-09-21 13:15:50 +00:00
parent 60f1a73754
commit f2bb80d6ae
27 changed files with 1455 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.reuse/dep5
View File

@@ -49,6 +49,11 @@ Files: **/*.after*
bin/tests/system/keepalive/expected
bin/tests/system/legacy/ns6/edns512.db.signed
bin/tests/system/legacy/ns7/edns512-notcp.db.signed
bin/tests/system/nsupdate/CA/CA.cfg
bin/tests/system/nsupdate/CA/README
bin/tests/system/nsupdate/CA/index.txt
bin/tests/system/nsupdate/CA/index.txt.attr
bin/tests/system/nsupdate/CA/serial
bin/tests/system/nsupdate/commandlist
bin/tests/system/nsupdate/verylarge.in
bin/tests/system/org.isc.bind.system.plist

5
bin/tests/system/nsupdate/.gitignore vendored Normal file
View File

@@ -0,0 +1,5 @@
# temporary files generated by "openssl ca"
/CA/*.old
# there is little point in keeping the certificate requests
# for the issued certificates
/CA/certs/*.csr

26
bin/tests/system/nsupdate/CA/CA-other.pem Normal file
View File

@@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEZTCCAs0CFDYlin3oeYDu16bFItl9tGZz1Ra4MA0GCSqGSIb3DQEBCwUAMG4x
CzAJBgNVBAYTAlVBMRcwFQYDVQQIDA5LaGFya2l2IE9ibGFzdDEQMA4GA1UEBwwH
S2hhcmtpdjEMMAoGA1UECgwDSVNDMSYwJAYDVQQLDB1Tb2Z0d2FyZSBFbmdlbmVl
cmluZyAoQklORCA5KTAgFw0yMjA5MDcyMTIzNTBaGA8yMDUyMDgzMDIxMjM1MFow
bjELMAkGA1UEBhMCVUExFzAVBgNVBAgMDktoYXJraXYgT2JsYXN0MRAwDgYDVQQH
DAdLaGFya2l2MQwwCgYDVQQKDANJU0MxJjAkBgNVBAsMHVNvZnR3YXJlIEVuZ2Vu
ZWVyaW5nIChCSU5EIDkpMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
10Xj8dH8/XCfUvhdL/S3E10TnrYY8IIDBmU0lkUR5IHwgP9IYVyR/0Mibg79FAs+
rvuEDifUK+6wvkpj+BXNVZCspo9/u3cl7dqrLH+1SeUs50OeQnbbTrBl0PuNwvzE
kbk7xwLlVDOyRmmvY/EEu7WkitQZgXSAYgttrk62CuJUQUmwUTX5Jxndsjydk/zW
/DiulTsX+zv8kG5NiwpXCfL6QxBoMZNI4fUmDL3bX1XfHaFA+45GT2lHu07xc+cV
eZIRCo0Nk+fIO53lDol8mmR8/5vna27gRnqEUSU7MZAMG6QBXkotnq3rHnrI/ku6
dCJW4tbWV/ANQ+TG17g2tygzC/smqTuLqavyP9V5cRrdU9awEqwvy8uVbGkTmUZd
tjkGWCcmBSWJvkH3MRJmijS7rDcb8m/g9+xKe79V1c8durGWvcfMRZZhWaoHyhnH
g9+JLUCC3EUCp/1206w5vTXEQNpqi9Z3AZfgboPzJyji4OeYfcQ5eaIZ3OuIpyQz
AgMBAAEwDQYJKoZIhvcNAQELBQADggGBAKdQkmmyUqcE1by7AeHoxkqFgqUeSAlh
flXi5DD+j5+Op2GAUrx84LGy4+heKEwAkV5Cw2c9IMHmDDMnGe/g4FjBS+dTZsTs
JRXXDR7t20eWiBpvO/3IMqVpPq9CAQY1L9PYAVuVM5cwdzsJXdH82z2BZ3Ttg3GX
NPnybxzD/auC051vqEp28Jzbswd4c3VvTmRnYY7rYNNKnLD7812BIp7lnE6s5X2D
y0PPSYdhscTqfJV0+GDF5hUduOFX1xTcPlXaXfyKLLelqtrw40p3ynww9v/J4mwt
FBV+a8gguM7tCZMoV/VJZghObglV/wpokAQchL/pnxL7+U8JklRqaU4DlxyGZ+K4
QlR5mJe19ZlkgHePk1MbwNZaTXjaOFirYmZzs4YynOp3iBHrW3CYY3kVlrUpKP08
o101hce32VxkyST6i5W24MU02O/wuPdyQpN+rJjYv32Axsrh/ePkI5qKew9eZ63i
WzNb7BW1LrHrQ/lXoJ3ekRQd10UX3xhk/w==
-----END CERTIFICATE-----

77
bin/tests/system/nsupdate/CA/CA.cfg Normal file
View File

@@ -0,0 +1,77 @@
# See ../../doth/CA/ca.cfg for more information
# certificate authority configuration
[ca]
default_ca = CA_default # The default ca section
[CA_default]
dir = .
new_certs_dir = $dir/newcerts # new certs dir (must be created)
certificate = $dir/CA.pem # The CA cert
private_key = $dir/private/CA.key # CA private key
serial = $dir/serial # serial number file for the next certificate
# Update before issuing it:
# xxd -l 8 -u -ps /dev/urandom > ./serial
database = $dir/index.txt # (must be created manually: touch ./index.txt)
default_days = 1 # how long to certify for
#default_crl_days = 30 # the number of days before the
default_crl_days = 10950 # next CRL is due. That is the
# days from now to place in the
# CRL nextUpdate field. If CRL
# is expired, certificate
# verifications will fail even
# for otherwise valid
# certificates. Clients might
# cache the CRL, so the expiry
# period should normally be
# relatively short (default:
# 30) for production CAs.
default_md = sha256 # digest to use
policy = policy_default # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
# We need the following in order to copy Subject Alt Name(s) from a
# request to the certificate.
copy_extensions = copy # copy extensions from request
[policy_default]
countryName = optional
stateOrProvinceName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# default certificate requests settings
[req]
# Options for the `req` tool (`man req`).
default_bits = 3072 # for RSA only
distinguished_name = req_default
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-256 instead.
default_md = sha256
# do not encrypt the private key file
encrypt_key = no
[req_default]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (e.g., city)
0.organizationName = Organization Name (e.g., company)
organizationalUnitName = Organizational Unit Name (e.g. department)
commonName = Common Name (e.g. server FQDN or YOUR name)
emailAddress = Email Address
# defaults
countryName_default = UA
stateOrProvinceName_default = Kharkiv Oblast
localityName_default = Kharkiv
0.organizationName_default = ISC
organizationalUnitName_default = Software Engeneering (BIND 9)

29
bin/tests/system/nsupdate/CA/CA.pem Normal file
View File

@@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL
BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G
A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0
aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1
NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh
cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l
dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j
b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo
Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI
B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF
ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5
3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee
wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia
eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX
z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ
ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD
VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y
SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB
AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc
TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig
TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod
CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz
qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO
70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS
wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE
rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2
8Q==
-----END CERTIFICATE-----

2
bin/tests/system/nsupdate/CA/README Normal file
View File

@@ -0,0 +1,2 @@
Please take a look at the contents of the CA.cfg file for further
instructions and configurations options.

40
bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.key Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQCrYC6cYeOJxlIr
vOnhBf0YZUIg9lYWQDPSy5/37yJUp8lVcMpS8OKiWDh/EK0rBeARtmkhfy04Vt3V
5PPepzI19zMqUoCut9Z8NXTDDIrDOhhhaHNiWFb/eCVXHHu+mIgh3RyKE6WaUkiY
2T3EKKZ+mxFWfs4Ju1GJiqgbALVzK0GTsWJAMCnq9qPnvPDpngcrrqmgHU3Z+BhN
g0dOaO5XyFUVhjxtHvUx8d7Pwn5rjiJaxXav0AHeq3oDspYzzKAmrt7EvXaFlseI
5Ea8P8ZUyZWDh5xJDTHdxBdSmeRlSZud863OZghX9IO+XofaQloBKm1o0Y042Riu
Xi5UcosBRZav9aPQKV0ii7TUMK8CNsUt6SnrLOpqfiezcPyHHyvEsTqmwum3wm9G
Y7eWLlPYt83D9LVtsvxXSayfmMn+tPV8k0guk9zpGFRjXxij5xKq/jjwc+UXHv5A
ZYGoj2BGwhbyqJ2xG7zOBd43sqiGR72Nkt7g5UKJuOP4sSQIfpkCAwEAAQKCAYEA
i3PT2fsp3cXcvayXID3wSvayzgHF4YtS4FhEDsuvwvVZtsX2TXGo6fQh3Pvj/dtl
DuTBPbmwQWUmVNRewbKKADHsl6bVAdekmCQjpEhDbkOK7VDCe6do+693qyAJbfnO
5Md5Xr5IBoCohIBaa5Gskd97R0gePvsHiYWj730vKc1sKlOwoIzQv1r92yf7Xg7y
xM/3RcwyuojQtdp6nspyEEp7Oe2mpCEJ4x9vcN5SYxEg0X5Xaw83RkuBGRsscHA0
GN+4eJ59Ld1R9uktLYvUA06ZdoAVZyblE4xxjk2vueE3K2/kT2ooKHVWulGI+PnF
2xYedZsZkgwLbXcEhPXBo3vMTjzRlePh668ULi9B6ntMjWpCSCvGnz142Uwatfq0
PeasBVgRngu9Wg+smkA4kHnDi7ih3zpLh6sTcOKL7F1cBgvtjgIyzZDp9eJUEfVH
G/89mTCswhqV1WtQ3n9zbYVbSK9vaAxCrfK50pG+IfHXG9EqnrQPzKsRxNsDpN91
AoHBANeNLQb3gSk6sBg53smh9oFUEwwgAjHY31ZOOInO4X7udXrtRcON6SCkZjaD
6y1N3Orjama6mr+/eHxJeDEbWBB7INOsaqHewoQF8qaOa7HHmCbXcUIlAQFvaE6e
Qd5e+YHLmbYZbkPfntqWmXuSmk7hUxjnPPOv1P9sgv/3b4TJQJ4FEJasKpWgIOAy
3g8UrjtbI3ITSo3SKCei3wvOCzIdnzwgcHY420jU1yU/oDzN07D4K0iODAbasUl1
ZH5UvwKBwQDLiNual2aCUtjKAoRLnGDtP6LOYV3eXchBrywIj2tNAMlD7TXbjG04
Le+I9O+azRorvXQ2WBBIYzka1JozK8WTsxkQYRd9AEy2AsQgPlK5hfy3xcGxSscC
vdxSdQQQ/ASKHHbCTKhDhnA2b2fvLhWxZqsbSO4hSmvjXrSUpGrAABFipK9VqS6Y
Sg6uEo1AlTrwsGW66LHpFeG6YQ0uj4sF0x5mzH7R50And30lVg8DjJASdClzOIWJ
WV+3opbgSqcCgcEAvGGJhJkyrJG57LJG3vlJsmWD8AjZYi8joQ3jo6zGrmRBEBnl
6q5PnFORcPuBwapW9IGkL/vN2t6/sf+Tp3c6U80IN3ZsCuPgI/n+w0mdHVZOx0Nq
nGAyrMps4qi08F8YuDL0N42qLG93KZqMsM7DRUTvlsghIOf+wuxW4NWjBO3OJ0xN
3yDAZtv3X3mVUKDGVOGl7MCnW6LbrShOvsZoSnhQ/f9ryiaOnuxEyyz8IafQ5s09
Jr/eCu9+GbEbDr2JAoHAXUZg7Z3IupzhAOLaYhROTyvEnrP8YrWz2nY+xcWENQvR
MLH65pyaSQ60IZ2uWND512XBZk5BWAsw1lzsNdsvdpqzN9BnBUAn55mo6+Xj32XK
BSY5t9g/D8CWwasiq+3y3qBgxHaA/kEUF75CcVg7VMtqStzHVLZYbyCtvRkEWu0t
CnnSaH1Z/yyhQaD63sgE9NzCIkAVmG4QvmtPsTDTU14HJrE8xVEnE28tCPlBdCzs
sahOfqE+gU1WEkAOyMctAoHAASVc1KFfBI48tM+cr8vDt1QklVgnKn44DL6HF5tp
iA8/xhB2fHKq6a+xuGxubXo7jo0KbKyYXPFyE5MDrzIDKp0GLUr7WtaunNVMKbKs
B/2YSw+PELoIc5GpiH4lqP5iFYyHKmJighou4oxLcjMlHpRWUERPdxA+L6zggPyJ
56PX2tcezcCZMVm65VpHsX3CqEQyWnFDCt0zclRNFWPKCENsl10emenBZVnxb8fc
smxv7aRpgoWBRa5vinKvOv2T
-----END PRIVATE KEY-----

93
bin/tests/system/nsupdate/CA/certs/srv01.client01.example.nil.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010842 (0x70b9f4eb2fa1959a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 8 08:20:17 2022 GMT
Not After : Aug 31 08:20:17 2052 GMT
Subject: CN=srv01.client01.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:ab:60:2e:9c:61:e3:89:c6:52:2b:bc:e9:e1:05:
fd:18:65:42:20:f6:56:16:40:33:d2:cb:9f:f7:ef:
22:54:a7:c9:55:70:ca:52:f0:e2:a2:58:38:7f:10:
ad:2b:05:e0:11:b6:69:21:7f:2d:38:56:dd:d5:e4:
f3:de:a7:32:35:f7:33:2a:52:80:ae:b7:d6:7c:35:
74:c3:0c:8a:c3:3a:18:61:68:73:62:58:56:ff:78:
25:57:1c:7b:be:98:88:21:dd:1c:8a:13:a5:9a:52:
48:98:d9:3d:c4:28:a6:7e:9b:11:56:7e:ce:09:bb:
51:89:8a:a8:1b:00:b5:73:2b:41:93:b1:62:40:30:
29:ea:f6:a3:e7:bc:f0:e9:9e:07:2b:ae:a9:a0:1d:
4d:d9:f8:18:4d:83:47:4e:68:ee:57:c8:55:15:86:
3c:6d:1e:f5:31:f1:de:cf:c2:7e:6b:8e:22:5a:c5:
76:af:d0:01:de:ab:7a:03:b2:96:33:cc:a0:26:ae:
de:c4:bd:76:85:96:c7:88:e4:46:bc:3f:c6:54:c9:
95:83:87:9c:49:0d:31:dd:c4:17:52:99:e4:65:49:
9b:9d:f3:ad:ce:66:08:57:f4:83:be:5e:87:da:42:
5a:01:2a:6d:68:d1:8d:38:d9:18:ae:5e:2e:54:72:
8b:01:45:96:af:f5:a3:d0:29:5d:22:8b:b4:d4:30:
af:02:36:c5:2d:e9:29:eb:2c:ea:6a:7e:27:b3:70:
fc:87:1f:2b:c4:b1:3a:a6:c2:e9:b7:c2:6f:46:63:
b7:96:2e:53:d8:b7:cd:c3:f4:b5:6d:b2:fc:57:49:
ac:9f:98:c9:fe:b4:f5:7c:93:48:2e:93:dc:e9:18:
54:63:5f:18:a3:e7:12:aa:fe:38:f0:73:e5:17:1e:
fe:40:65:81:a8:8f:60:46:c2:16:f2:a8:9d:b1:1b:
bc:ce:05:de:37:b2:a8:86:47:bd:8d:92:de:e0:e5:
42:89:b8:e3:f8:b1:24:08:7e:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client01.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
07:97:69:51:12:50:6a:e1:02:a0:b0:dc:93:75:16:c4:38:0f:
5c:b3:47:da:bf:fa:9c:b6:de:c0:ef:38:f7:cc:d9:8d:71:ba:
51:89:e5:48:36:dd:e1:f8:73:9d:92:80:1c:42:30:69:4f:8c:
19:5d:f7:1d:03:e4:f2:76:e0:58:7b:c2:76:c4:0a:7e:20:69:
26:6c:3e:cb:31:45:93:1d:07:5f:45:44:8e:5a:fb:87:17:7b:
4d:5c:bf:37:bd:5e:ba:5c:22:84:bf:26:21:4a:c4:e9:f9:cb:
73:de:fc:62:04:96:ad:aa:fd:89:09:5c:74:d6:bd:5f:07:17:
ef:9c:3d:ee:b7:dc:08:11:7f:12:66:ab:c4:ff:43:6d:7f:1e:
01:b6:d1:19:73:53:18:e4:02:b0:7c:9e:99:63:d8:57:dd:07:
79:fb:83:39:09:de:76:6e:68:b7:87:81:13:b8:26:e5:1c:c9:
a0:23:e5:97:39:ff:93:c7:8d:08:d8:ce:97:34:fc:ad:22:14:
89:c0:ae:83:7d:0a:3f:cf:a0:9b:b4:6a:5c:b3:6d:5d:3b:88:
ca:1e:9b:99:54:64:57:58:3c:4c:bd:26:ee:11:c3:13:0b:1d:
f5:fd:d9:37:b0:31:72:6f:1d:e8:ba:43:37:46:f7:71:fe:6d:
4a:30:33:29:c5:7b:37:8b:7e:06:22:89:a4:46:36:f0:fe:c6:
f5:f0:53:04:c0:35:52:78:6e:10:24:3a:d8:bf:7b:13:2f:98:
bc:69:31:41:68:02:5a:c4:f9:11:a2:6b:3f:c8:e0:d4:b3:80:
af:d2:be:fe:28:70:61:18:ed:8a:de:c4:cb:da:c9:60:94:91:
76:63:69:8c:6e:96:f5:ba:e7:be:1e:1c:c3:84:b1:8d:e8:31:
f7:66:8c:0d:da:a8:78:57:19:fd:a0:8d:fa:9a:7e:51:1c:d1:
d0:84:07:a2:45:40:2d:c4:6b:e9:9f:86:4a:08:20:8f:9c:79:
97:e3:7f:2a:14:73
-----BEGIN CERTIFICATE-----
MIIEVTCCAr2gAwIBAgIIcLn06y+hlZowDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwODA4MjAxN1oYDzIwNTIwODMx
MDgyMDE3WjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbDCC
AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKtgLpxh44nGUiu86eEF/Rhl
QiD2VhZAM9LLn/fvIlSnyVVwylLw4qJYOH8QrSsF4BG2aSF/LThW3dXk896nMjX3
MypSgK631nw1dMMMisM6GGFoc2JYVv94JVcce76YiCHdHIoTpZpSSJjZPcQopn6b
EVZ+zgm7UYmKqBsAtXMrQZOxYkAwKer2o+e88OmeByuuqaAdTdn4GE2DR05o7lfI
VRWGPG0e9THx3s/CfmuOIlrFdq/QAd6regOyljPMoCau3sS9doWWx4jkRrw/xlTJ
lYOHnEkNMd3EF1KZ5GVJm53zrc5mCFf0g75eh9pCWgEqbWjRjTjZGK5eLlRyiwFF
lq/1o9ApXSKLtNQwrwI2xS3pKess6mp+J7Nw/IcfK8SxOqbC6bfCb0Zjt5YuU9i3
zcP0tW2y/FdJrJ+Yyf609XyTSC6T3OkYVGNfGKPnEqr+OPBz5Rce/kBlgaiPYEbC
FvKonbEbvM4F3jeyqIZHvY2S3uDlQom44/ixJAh+mQIDAQABoy8wLTArBgNVHREE
JDAighpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0B
AQsFAAOCAYEAB5dpURJQauECoLDck3UWxDgPXLNH2r/6nLbewO8498zZjXG6UYnl
SDbd4fhznZKAHEIwaU+MGV33HQPk8nbgWHvCdsQKfiBpJmw+yzFFkx0HX0VEjlr7
hxd7TVy/N71eulwihL8mIUrE6fnLc978YgSWrar9iQlcdNa9XwcX75w97rfcCBF/
EmarxP9DbX8eAbbRGXNTGOQCsHyemWPYV90HefuDOQnedm5ot4eBE7gm5RzJoCPl
lzn/k8eNCNjOlzT8rSIUicCug30KP8+gm7RqXLNtXTuIyh6bmVRkV1g8TL0m7hHD
Ewsd9f3ZN7Axcm8d6LpDN0b3cf5tSjAzKcV7N4t+BiKJpEY28P7G9fBTBMA1Unhu
ECQ62L97Ey+YvGkxQWgCWsT5EaJrP8jg1LOAr9K+/ihwYRjtit7Ey9rJYJSRdmNp
jG6W9brnvh4cw4Sxjegx92aMDdqoeFcZ/aCN+pp+URzR0IQHokVALcRr6Z+GSggg
j5x5l+N/KhRz
-----END CERTIFICATE-----

40
bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.key Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQDAEScXJTqthaA7
WQsiZGN9uwUyNU9o1RkrzUa94rZCjAjPCQ2ozVjZG3fbF4r88FXy4VD0/ZCqSRVd
6ptaR8QvggdGh/YF7xUCpDyh2vxbdTYS9xJQVfi+DH0hkeKS2EE/cf6yF8BoHQm+
/MQk7O/SXFKpT9ZdMLiraC456YtbxvBkQve4vbKQMiJovDhwLxSuyHxjBNURsgrx
jhMQsjtp9P464vFYViiTwSiqpxnJkRJD+PUdNFg9Mp8RZ9EfU9Tg1Qx4LG84P+GJ
abUJPBL0qe7lL8VHZaaC+up4SDGJEbYjiiftfB1t6KugKd5A9PKbYSLanCIy9z34
TOE4p+LDr6Rnf5Sk/VIliU30mtY1upgg8UvJpc+sclgqzTtKPukEMeKadDLVUmA0
rQyFAmVYQXQqV5E0VTapFFtFzCgn1226VaPdnwAEpEPCr1yvhlOm1adJqjHWXpJ9
Jt2N9IeKm0joJfTHNMrP4/eEGTtDx2q42m5vha+NDPt86sdznJsCAwEAAQKCAYBv
D3wTHiv3+rTUnICbuoDtSx+OENWCQPb1JRYq5tWNVXwie5GycktV/1QnFE4CRNbu
QuuVPqpQTUJVtDtw0N7Yuc+LMUNJ2x3DEUUeMoqKOBS0krm8SnozKvWQW9MwJmxU
S46DXMida20fSvoAgCGM+mWyEcBa0rl2JB/WzP0QbNDEqRSldsuyJctP1Mat2AuV
pciHWVv7h4BcfVL47Jb+hfQcCO6Vrfx4s9DYHRgEPibZtzPFV2dOu97PKcD65HXL
o30hP9xhhy8nT4oFijEQ9rPi0JvOpvB5bJQ42OAznWByR0uL9ZoXopkYDDemzt7t
D5F9X/2iH9dv3GA0AiPCF6DjyVMwbh/NOt8oxS+NMY2RPlzA+r9SZpCcyPFk1hMi
LHzrPU8dwC2GmaMKB3Uw/bA5ufw3IpcbJIZEBJQ5Ttf7zEFcfDo/jidTz3ZOptOT
kSKoCN73AUlmcx8UoKF9JwcpJq63ww8eef+1HLL5Dk0uM4YSKd15gI6477RgfgEC
gcEA48ZpMdz4mz7rO0CMyPfOLdHOcxHuZI4oJg6gJ1IBxCnIB1mhy6xn+NdkS5Mm
/1S6eFuo+DgabXO/A2xSDrJ4Lnlf4H4OjQKCeJdO9JglHjdTzv7TB8Vm/IdGC0Jk
eDRY1lmkSXcdSmGqPVgd2AHpkcTgLyUb+iIWkIspelsaNNQBHJzd4S/x9Pp/ftrg
CpfwGKsmNia3n3m21lkeTLtKVsPuK8CAJnCDaEI22mhV83x6grPxA0GVFZ0VHfCL
qZVhAoHBANfd/oVKWGTiJzlc+aHJAb4XRROQzCL4yi6uspT3h9QN5QiFD7PhgIOg
mES35mpGocN78oc19zhfD4XLNkLbQuMQhpk0D4MjLfUS/IskFoOJWuQbIBPqrMzY
Z93DDkiBno2As1IN7fZ9amw7Thcf8Qt6yVNFjIMcfk63VmC+AnPUj4KCes7IuGDH
SA/LjjiKgMa3g3I5/HVB6q1dyZQggBF3dCJ/V8ecgtdibUfzvvViZ52Hd7XDs1SX
yCas+IE3ewKBwQC/YSFYBRtZjacmFNl1rkitVQCKzMEp+guf1mAYSZ40TQrFqjj4
obaGbavWmCCHHpDCufkh/jmuRzdyT9wufyPdoJu/Sws8zaQEYNW1S/S8C66+WHvF
psYeXiarJTC3kvwlthIErDGPIrpgap5AtXKjyPC4jAySwXuGHXdPWCaPxqXcfa0s
HRXGSYdAdfUS0ZCpmXw0uZlFRIYsWZrMy/ztJBkE5+yE37p5qlDeeBXnzGo/UaOq
obr6+w4YJtmiNmECgcEAsSAPqzEgrM7AnpoCn1S+4EpZvL8wMXXw+DMSh5dAVah9
COudwdzDxb2tk51OLF/+dderXnTSgOfHZeIjiOI+1PAHcYg9Pj5MhG5q2ITpEE9R
TCBRxuXlmkPrnhRiEO6CudsjyK1zV7D69QoIfoMQF3pN3c0QibiEj3RyJPlkK8T7
aHxF5ozedVKvd35wGUbUebm02rJny5Mly9FMCQZN74cTvQa+cSSkW7UAtGx1gQWY
vbKdcIC/Eidk7Q867VQnAoHBAKqiugBoItfhuN1GUI5bqIx0ya4DSVECpSFiF8h3
eK+bO7uG4OBH+qoAmC8EqQNVPtivxpsA2aBvdoUMTYPu/S5cVFXcMkEJ1jX8L8IZ
ImE5LXC+SiZO3G9SyHfj+rgwr66G7NWDVJhZ2t/56s4qEdewwR4Vjm99gVvHHAFP
rrkT9jfHVmozRroL/XAMNITZpJw+vwPMwWOaRncjzyyPp0JWt0h+Wv0+A3SjBIh2
c+Ctg5Ig6vwr2weVc7s/4jz9Kg==
-----END PRIVATE KEY-----

93
bin/tests/system/nsupdate/CA/certs/srv01.client02-expired.example.nil.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010843 (0x70b9f4eb2fa1959b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 7 08:14:18 2022 GMT
Not After : Sep 8 08:14:18 2022 GMT
Subject: CN=srv01.client02-expired.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:c0:11:27:17:25:3a:ad:85:a0:3b:59:0b:22:64:
63:7d:bb:05:32:35:4f:68:d5:19:2b:cd:46:bd:e2:
b6:42:8c:08:cf:09:0d:a8:cd:58:d9:1b:77:db:17:
8a:fc:f0:55:f2:e1:50:f4:fd:90:aa:49:15:5d:ea:
9b:5a:47:c4:2f:82:07:46:87:f6:05:ef:15:02:a4:
3c:a1:da:fc:5b:75:36:12:f7:12:50:55:f8:be:0c:
7d:21:91:e2:92:d8:41:3f:71:fe:b2:17:c0:68:1d:
09:be:fc:c4:24:ec:ef:d2:5c:52:a9:4f:d6:5d:30:
b8:ab:68:2e:39:e9:8b:5b:c6:f0:64:42:f7:b8:bd:
b2:90:32:22:68:bc:38:70:2f:14:ae:c8:7c:63:04:
d5:11:b2:0a:f1:8e:13:10:b2:3b:69:f4:fe:3a:e2:
f1:58:56:28:93:c1:28:aa:a7:19:c9:91:12:43:f8:
f5:1d:34:58:3d:32:9f:11:67:d1:1f:53:d4:e0:d5:
0c:78:2c:6f:38:3f:e1:89:69:b5:09:3c:12:f4:a9:
ee:e5:2f:c5:47:65:a6:82:fa:ea:78:48:31:89:11:
b6:23:8a:27:ed:7c:1d:6d:e8:ab:a0:29:de:40:f4:
f2:9b:61:22:da:9c:22:32:f7:3d:f8:4c:e1:38:a7:
e2:c3:af:a4:67:7f:94:a4:fd:52:25:89:4d:f4:9a:
d6:35:ba:98:20:f1:4b:c9:a5:cf:ac:72:58:2a:cd:
3b:4a:3e:e9:04:31:e2:9a:74:32:d5:52:60:34:ad:
0c:85:02:65:58:41:74:2a:57:91:34:55:36:a9:14:
5b:45:cc:28:27:d7:6d:ba:55:a3:dd:9f:00:04:a4:
43:c2:af:5c:af:86:53:a6:d5:a7:49:aa:31:d6:5e:
92:7d:26:dd:8d:f4:87:8a:9b:48:e8:25:f4:c7:34:
ca:cf:e3:f7:84:19:3b:43:c7:6a:b8:da:6e:6f:85:
af:8d:0c:fb:7c:ea:c7:73:9c:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client02-expired.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
18:f1:7c:24:5b:d2:03:b0:60:0e:60:e6:32:f9:a7:47:d1:e4:
bd:3f:a3:21:53:90:84:9a:c6:2c:87:b2:16:28:95:07:a3:2a:
c3:33:8f:60:70:3f:26:58:be:ec:a2:6c:44:89:d3:4e:ef:bb:
ce:af:9b:5f:15:06:03:21:74:e3:6f:2a:dc:5c:19:4e:d3:cb:
ba:c3:5f:d8:76:89:59:50:82:69:5f:a1:ac:9f:be:79:e1:22:
12:37:f9:d3:2e:00:35:03:03:9d:08:24:45:65:7a:e9:72:31:
e1:67:44:32:17:25:dd:b9:72:eb:c6:40:d7:5d:8d:5f:00:48:
07:09:0d:3c:4c:a1:f1:05:4b:05:9b:2b:5a:21:09:46:f4:17:
7a:cf:34:87:ad:bf:ef:bd:56:74:d7:1a:8f:07:ce:70:b1:aa:
4d:82:4f:08:dc:56:27:f9:21:20:b8:06:c7:29:b4:8e:36:82:
b8:43:85:1c:2d:9f:be:2d:b9:9d:40:de:52:55:6a:2e:0b:28:
33:fc:f8:1b:70:e9:c5:46:50:f3:05:be:8d:ed:99:ec:f1:8c:
51:8a:1c:4b:95:f4:c4:dd:cd:42:74:bc:6f:66:64:54:b8:c1:
6e:c8:3d:e9:fe:10:02:61:50:77:38:b9:b0:b8:13:37:8f:0e:
5b:49:92:3a:9d:9a:60:51:68:99:8a:d5:7e:92:71:7e:fa:db:
52:37:4d:f9:0d:6c:3b:79:a3:b9:16:b7:95:00:ea:eb:17:54:
e2:50:d7:a5:08:54:58:2c:79:66:01:4b:95:65:ed:b8:81:f7:
4c:fa:f8:89:37:ad:d9:dc:c9:75:9d:02:3e:e5:92:b3:03:ab:
70:69:83:f5:6c:a6:27:7e:2e:fc:9d:b2:59:0a:43:ad:3f:55:
2f:5d:ec:ef:52:f0:3e:be:b5:d6:e2:c3:91:9d:dd:5d:e1:9e:
e6:18:90:0b:6a:85:f8:e3:83:2a:7c:91:c3:52:1c:6d:aa:2b:
44:b8:6f:2b:af:6e
-----BEGIN CERTIFICATE-----
MIIEYzCCAsugAwIBAgIIcLn06y+hlZswDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNzA4MTQxOFoXDTIyMDkwODA4
MTQxOFowLTErMCkGA1UEAwwic3J2MDEuY2xpZW50MDItZXhwaXJlZC5leGFtcGxl
Lm5pbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMARJxclOq2FoDtZ
CyJkY327BTI1T2jVGSvNRr3itkKMCM8JDajNWNkbd9sXivzwVfLhUPT9kKpJFV3q
m1pHxC+CB0aH9gXvFQKkPKHa/Ft1NhL3ElBV+L4MfSGR4pLYQT9x/rIXwGgdCb78
xCTs79JcUqlP1l0wuKtoLjnpi1vG8GRC97i9spAyImi8OHAvFK7IfGME1RGyCvGO
ExCyO2n0/jri8VhWKJPBKKqnGcmREkP49R00WD0ynxFn0R9T1ODVDHgsbzg/4Ylp
tQk8EvSp7uUvxUdlpoL66nhIMYkRtiOKJ+18HW3oq6Ap3kD08pthItqcIjL3PfhM
4Tin4sOvpGd/lKT9UiWJTfSa1jW6mCDxS8mlz6xyWCrNO0o+6QQx4pp0MtVSYDSt
DIUCZVhBdCpXkTRVNqkUW0XMKCfXbbpVo92fAASkQ8KvXK+GU6bVp0mqMdZekn0m
3Y30h4qbSOgl9Mc0ys/j94QZO0PHarjabm+Fr40M+3zqx3OcmwIDAQABozcwNTAz
BgNVHREELDAqgiJzcnYwMS5jbGllbnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQK
NQABMA0GCSqGSIb3DQEBCwUAA4IBgQAY8XwkW9IDsGAOYOYy+adH0eS9P6MhU5CE
msYsh7IWKJUHoyrDM49gcD8mWL7somxEidNO77vOr5tfFQYDIXTjbyrcXBlO08u6
w1/YdolZUIJpX6Gsn7554SISN/nTLgA1AwOdCCRFZXrpcjHhZ0QyFyXduXLrxkDX
XY1fAEgHCQ08TKHxBUsFmytaIQlG9Bd6zzSHrb/vvVZ01xqPB85wsapNgk8I3FYn
+SEguAbHKbSONoK4Q4UcLZ++LbmdQN5SVWouCygz/PgbcOnFRlDzBb6N7Zns8YxR
ihxLlfTE3c1CdLxvZmRUuMFuyD3p/hACYVB3OLmwuBM3jw5bSZI6nZpgUWiZitV+
knF++ttSN035DWw7eaO5FreVAOrrF1TiUNelCFRYLHlmAUuVZe24gfdM+viJN63Z
3Ml1nQI+5ZKzA6twaYP1bKYnfi78nbJZCkOtP1UvXezvUvA+vrXW4sORnd1d4Z7m
GJALaoX444MqfJHDUhxtqitEuG8rr24=
-----END CERTIFICATE-----

40
bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.key Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/AIBADANBgkqhkiG9w0BAQEFAASCBuYwggbiAgEAAoIBgQC0mmOYBK29qym/
InBUMN/Ha3dduF4LzQ6gbHQ350t40Zbaypl9krHkGgoetBy+7syVjFIDk4XhQENo
hoa8amJt1grK7k+TLe5r33r23PpEpjmALDh8ic3Zo5ns6CtIbYRBPQ4aH2heF4iP
pdpNHDYmrrR+0v6iWdVnOlbCIWUN3Zdv8OW0HoeulzUN9Juu3Io+KKq4oqvunbLF
kfZxmaWGyzGcBdablBNGqZrJpVVfbMzQhCfisbVzOQh/gC8EJpYMjSmbvl7MOa+i
24KCVwfmskrZPch5bmdh80g3qE+fs8+EtlAIPemF6al2UIDnLG9llcviI0FYOXDn
eCk9wtYgfCuHML2Yh2PtSq257XpLE6E9Yl62dGTvJaPdk0eq0yV+KtcJG1xZUPHU
xpzyZIp8y8xSN1CIS4Q1QFEOoQaiYLaw44/52I5Fd30OfRGSIhUPozeExCXcFLQg
ercWlnLUv01d0qtxQ0S+h0TSuHT3hj/SXd1e5nSr+8yjXaaEgAsCAwEAAQKCAYAG
wzkzeglfbsdTZuC55lKazwVbNwoeewEvNKBtb3W+AmsZqjhxIUsT9X2nhKsG4z45
41U22RFMS/G6Oj9VUs54umkRDDdilXe2Blo+YCvm4iqJCB7dWvOgUKX03wSv45nu
L3EVvVNVIqB0cItqE8JbVHNhxFjQj3iUMvUIs+Nqz39aK7UON45xFSxhZ2Vk+NEc
Xr11yHGTr8f/6eVGf7BZCcbDxtwwWy0Vmkg3gL9foV1R+YDc1jarJ9mPnKcmCqPH
lW5aT5putR0kO1vO6Rh7YfbHsqw334B9v1yjB4TgaJBKVHz5Z8KTvDFHodMtLqCC
WV61O2h7gh4mQ6lEX5tjArqYdKMuWLAhZ+9AK9sSs4k+/nlvEbqAOCbkx7UmrZoF
QkYfDt2Gjrk7WLwb9CCFIH0a2EEB2Fms1iHBK++S3iA4w0kfbePP0mo4GTsTwA45
DKDbYByzJzVUvGmowMaaypE548sopQ9K4kQJ9okLV+Gc1V7fjklYIIBmwDgqfIEC
gcEA5Xt0qFjYn4H2gu2xyD0etx83CjKUx0mjwPvdwLg79HMb9P+OTTU+NzsHTa2I
CTEJ1gA4VkqOtKxEBJQarQmJnVL/fiIp88h9fmLBQ48HLefH33S+bF3VWvKOgJeY
uVyyWnhTwHNQv3RsO+DEcjqG3aJ2vdzCnDLBr9ATFV8uzpk1Op0h7QljUbhHv1mS
ip2yQVeuJwtWFixjqEp7BuTluqk/UlGP39PBjgG04Tpw3MkiZNJgk/kSnN+YYOiu
i91rAoHBAMl4/WAaIL5lHiyakHAmE0fwUm+LUKPG1rF22qvqdBFV6OE14/VgTKNP
LfcS7Ulzmt7hM7fbcJ0FYxeyPbbQRjBRsGXFzLU96VgoUxoI/IyFXFY83UJ0s63L
RhZmg4GNvpO0qfOjL4wQtB3N6LPhxpF+pLkkHXSdFkUyocaXGUGOBC+ZEBaCd8Lm
2GlGoi/f+zSl4xSY4crspS7GNG2+jcXh5K/OMdjEb1/tyRYnHf0D89WNmr10EeYG
Pe9alaDv4QKBwDROcYa1yZqB6who2W8Ez216BfejE9pg5JxmTGNTGwda/XJYlbzv
d+Dq6X1BIpLFxLIslqrEj8aKxW4tu+7ZD672bhn3+4v/lOsr41Vc0owaGqrKV2Un
9iumweh5pWwKvvR0HNLu9ebNyKXVU7GduYPnNh2MpicoQpGqYc8rROX+ce2MR2Fa
FHNaB7CL4CUMUMcoDyADK3oeYBDJ+UTXA64KSc6fnKWuBJ4zsWDtCzCn/9jvQug3
i5CKPpdIMhDbRQKBwEekz61B/UzXVnCUEjLfR1H4osfpqaZjyerXkhE6UUXs3+Be
Mo8KTJZyTK0kvN62zmbdfG+wCA6+YKuHhayhyaPbGLhIK3Bz8KuZw1tpwK0Tq287
O48rQs3VkDndAHysdA3AXAM4j2rmcbZ7h3mYGu2YNGll71eNmOLIi4C8MI4AO3rV
mkP25zGWt3RQWtJdes4RA3xKlVh86IyGjRRNg8rPdmwSDeXAjL53J1/KTz6vDiFt
to4SXV8H7zRTaQwO4QKBwBwMU2zjMYXLJq0LAmn3h4h6CVZjPrqzR8PeSd/YM831
qdH7OvnkadqIdqMOo6BUA9PvUIY/B5c5zSSOJg9gh1PJ3vDLIZY23zkXigh7poBe
YW6/PLvGQJ0Rzyz5pf6uPX8AWkAqTyI1Ox3NdxzirarxWDPznvA2KsVxVF/jxnvr
TD/R5kCQUcxZuInguahGYd1JF3dArYh6NKRPyVO0r73LfVeZ+udlo/+ZMNVGlNNF
v3Tmy/b2gUdEwuKFCxx97g==
-----END PRIVATE KEY-----

93
bin/tests/system/nsupdate/CA/certs/srv01.crt01.example.nil.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010840 (0x70b9f4eb2fa19598)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 7 20:28:03 2022 GMT
Not After : Aug 30 20:28:03 2052 GMT
Subject: CN=srv01.crt01.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:b4:9a:63:98:04:ad:bd:ab:29:bf:22:70:54:30:
df:c7:6b:77:5d:b8:5e:0b:cd:0e:a0:6c:74:37:e7:
4b:78:d1:96:da:ca:99:7d:92:b1:e4:1a:0a:1e:b4:
1c:be:ee:cc:95:8c:52:03:93:85:e1:40:43:68:86:
86:bc:6a:62:6d:d6:0a:ca:ee:4f:93:2d:ee:6b:df:
7a:f6:dc:fa:44:a6:39:80:2c:38:7c:89:cd:d9:a3:
99:ec:e8:2b:48:6d:84:41:3d:0e:1a:1f:68:5e:17:
88:8f:a5:da:4d:1c:36:26:ae:b4:7e:d2:fe:a2:59:
d5:67:3a:56:c2:21:65:0d:dd:97:6f:f0:e5:b4:1e:
87:ae:97:35:0d:f4:9b:ae:dc:8a:3e:28:aa:b8:a2:
ab:ee:9d:b2:c5:91:f6:71:99:a5:86:cb:31:9c:05:
d6:9b:94:13:46:a9:9a:c9:a5:55:5f:6c:cc:d0:84:
27:e2:b1:b5:73:39:08:7f:80:2f:04:26:96:0c:8d:
29:9b:be:5e:cc:39:af:a2:db:82:82:57:07:e6:b2:
4a:d9:3d:c8:79:6e:67:61:f3:48:37:a8:4f:9f:b3:
cf:84:b6:50:08:3d:e9:85:e9:a9:76:50:80:e7:2c:
6f:65:95:cb:e2:23:41:58:39:70:e7:78:29:3d:c2:
d6:20:7c:2b:87:30:bd:98:87:63:ed:4a:ad:b9:ed:
7a:4b:13:a1:3d:62:5e:b6:74:64:ef:25:a3:dd:93:
47:aa:d3:25:7e:2a:d7:09:1b:5c:59:50:f1:d4:c6:
9c:f2:64:8a:7c:cb:cc:52:37:50:88:4b:84:35:40:
51:0e:a1:06:a2:60:b6:b0:e3:8f:f9:d8:8e:45:77:
7d:0e:7d:11:92:22:15:0f:a3:37:84:c4:25:dc:14:
b4:20:7a:b7:16:96:72:d4:bf:4d:5d:d2:ab:71:43:
44:be:87:44:d2:b8:74:f7:86:3f:d2:5d:dd:5e:e6:
74:ab:fb:cc:a3:5d:a6:84:80:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt01.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
94:15:c0:4a:f1:aa:15:30:f7:cb:fe:f9:fa:ba:5f:f0:18:1f:
7e:44:9a:b1:d4:9c:f9:78:d3:a7:c7:65:f2:d1:48:62:f4:cb:
2f:20:ea:7c:af:08:cf:db:e2:0f:ab:c0:22:38:16:c5:0c:e5:
c7:6e:34:b1:ed:f6:02:1a:69:c0:09:d1:43:b3:30:77:fc:00:
07:1b:da:88:97:5b:28:4e:e6:92:ca:00:cc:86:66:a9:a9:0a:
75:be:74:88:7d:09:52:e7:a9:82:8f:a9:62:5e:b3:19:64:14:
e5:54:9e:6d:9c:98:39:8b:1f:92:92:59:f9:a2:46:75:96:11:
71:8a:c8:71:05:10:2a:b8:f3:a4:19:db:eb:05:17:0a:dd:98:
2c:58:54:3a:7f:8c:c2:26:9e:62:ca:04:dd:3c:99:1f:a0:64:
69:fb:d6:04:c1:0b:8c:62:f6:2d:ea:bc:6c:a9:39:7b:f1:20:
b8:b7:04:3c:a7:65:fa:1f:db:22:e2:5b:8b:91:75:60:be:e1:
1e:50:13:23:d5:4b:93:87:20:ec:46:6f:5f:94:dc:b1:60:d1:
79:4b:5e:76:c9:6d:0d:be:a6:9a:6b:67:8b:a7:48:7e:51:b5:
9b:9d:ec:a6:0c:c1:b3:d9:0b:26:8b:f2:7c:cf:61:d0:a2:a0:
90:90:18:6b:b4:ca:56:b8:5e:5a:8b:78:71:c4:d1:fc:15:30:
0a:03:26:74:85:3d:6c:ed:d3:e1:c9:c1:b0:d4:0c:b9:f3:04:
93:0d:e3:a6:2c:a7:ee:e0:24:0d:dd:37:fc:6b:09:d5:b5:55:
33:12:82:cf:f2:ba:0f:b0:e2:ce:f7:c0:ac:2c:7f:ab:f9:dd:
87:b1:9b:95:f2:d7:32:98:dd:4c:b3:28:b7:0d:2b:2f:62:65:
ce:59:fb:95:d4:5f:9d:fd:83:5a:01:3b:5f:48:5f:3c:fa:4b:
52:91:66:e1:49:8e:cd:09:78:f5:ce:f8:cd:5c:85:3e:ad:bd:
1c:4e:e0:3f:0a:8b
-----BEGIN CERTIFICATE-----
MIIETzCCAregAwIBAgIIcLn06y+hlZgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwNzIwMjgwM1oYDzIwNTIwODMw
MjAyODAzWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbDCCAaIw
DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALSaY5gErb2rKb8icFQw38drd124
XgvNDqBsdDfnS3jRltrKmX2SseQaCh60HL7uzJWMUgOTheFAQ2iGhrxqYm3WCsru
T5Mt7mvfevbc+kSmOYAsOHyJzdmjmezoK0hthEE9DhofaF4XiI+l2k0cNiautH7S
/qJZ1Wc6VsIhZQ3dl2/w5bQeh66XNQ30m67cij4oqriiq+6dssWR9nGZpYbLMZwF
1puUE0apmsmlVV9szNCEJ+KxtXM5CH+ALwQmlgyNKZu+Xsw5r6LbgoJXB+ayStk9
yHluZ2HzSDeoT5+zz4S2UAg96YXpqXZQgOcsb2WVy+IjQVg5cOd4KT3C1iB8K4cw
vZiHY+1KrbnteksToT1iXrZ0ZO8lo92TR6rTJX4q1wkbXFlQ8dTGnPJkinzLzFI3
UIhLhDVAUQ6hBqJgtrDjj/nYjkV3fQ59EZIiFQ+jN4TEJdwUtCB6txaWctS/TV3S
q3FDRL6HRNK4dPeGP9Jd3V7mdKv7zKNdpoSACwIDAQABoywwKjAoBgNVHREEITAf
ghdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0BAQsFAAOC
AYEAlBXASvGqFTD3y/75+rpf8BgffkSasdSc+XjTp8dl8tFIYvTLLyDqfK8Iz9vi
D6vAIjgWxQzlx240se32AhppwAnRQ7Mwd/wABxvaiJdbKE7mksoAzIZmqakKdb50
iH0JUuepgo+pYl6zGWQU5VSebZyYOYsfkpJZ+aJGdZYRcYrIcQUQKrjzpBnb6wUX
Ct2YLFhUOn+MwiaeYsoE3TyZH6BkafvWBMELjGL2Leq8bKk5e/EguLcEPKdl+h/b
IuJbi5F1YL7hHlATI9VLk4cg7EZvX5TcsWDReUtedsltDb6mmmtni6dIflG1m53s
pgzBs9kLJovyfM9h0KKgkJAYa7TKVrheWot4ccTR/BUwCgMmdIU9bO3T4cnBsNQM
ufMEkw3jpiyn7uAkDd03/GsJ1bVVMxKCz/K6D7DizvfArCx/q/ndh7GblfLXMpjd
TLMotw0rL2Jlzln7ldRfnf2DWgE7X0hfPPpLUpFm4UmOzQl49c74zVyFPq29HE7g
PwqL
-----END CERTIFICATE-----

40
bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.key Normal file
View File

@@ -0,0 +1,40 @@
-----BEGIN PRIVATE KEY-----
MIIG/gIBADANBgkqhkiG9w0BAQEFAASCBugwggbkAgEAAoIBgQDsLIgBtYs6dFYN
V7N1/QVYBe2Kq+gpDvFSNC4iYm5BdP94M7T/FXP6zpAQpP7SZhR7C3l71iCI+UEx
FJpJNow4dEvz4lHn5W+9ZTjmnDCAPyRW9mieCXaBW1mBRFafHD9I8JW/YEAp36xC
PcNvhS3DDgi29xIqUQC/z/5srtd93sFy+DIDX8k/St7l+iSQRvBKXwnYk0y/HGFM
0tzbbPivc1u3O3robRy7JiNHh/1QBg/xtYiKqCVpV+NGO9JrUvtaAfaW6SrPE+cW
TP1a9h8Ljfclo2jXFfxcSEkF4oUkcFex2AUkriY6AJtyqEcFxfN8LfJYcjf7wYtP
Qo/dmqxbrm8hYq0pgbmLS2z/YZkPfAnTbQAgLbEMAGyZTJLcDhEt57p7x8ixoxph
+Mwsrxe228w2Av77ZhV3hHDNQiW3FmQorp2MgYWg4FCCqujprFH8K2NEsQi4kNeM
HCOyGwhZhdXdOUT3R15ICDTrLN91Rwi2tuYy7XZ0d849Tf4CsTMCAwEAAQKCAYA+
B7AtKr6HutiDJp63BZ6qsNvkCSSv7AHMAnJ/i3TD8nPK4WHPgZX1sN070eov3qnQ
a4Ib2XCwKS9LMcsYIaCQj1MHmlDC5IsFpplcUHeYp3zm7k8p+vhKH3ERt548qhGh
GbdrDV+s39eBinFTUBpl2cDGNXxq6t2Ug4+iggWNRL1wcenI4xabbhG/O4Tw9ADW
t8GBRabppw2TPOrPIv7qLhVPueqdM1NRgEHR3tDUfNMhO/nB2UoCMhg6cSniEGf8
32NDQHI7ajIcETnn9z0tAP67+w5VUYMlP3+VGr8v4UZCL6Qal9Swv4XWPqHjHoIi
q5by4H6HEYeoUPT5hCJjMdXlHrWWUgsX/YdgY4tJJBowMR6rovA7Ypy71FxRnXkP
2iD36jZmDI1mBQ41Yx7P5iM+veRQmBOH/x70Bd9ZbSLlmeTX5dhjAxNShjZxxeUy
QbQGe3JLzdCGzRY9TKFMmLa/qs+Ggqxopdh4AZuHtQpKUej6g9GI9Eo0IIWTKEkC
gcEA+EC1ms0MEIIq/JJrsN4ByEyZXbuNKny/04h8dfkT0lTXk8QihQLke6ZLLOl9
mwgO9NOHkghtU9wdNXg/dNR2VDevUZCjIlYZT6stjEX7X0oNACJwSeBwEXxn6I94
umuvJ9hq9WchTnQA4lrIXCETIUxThjm7jfJe9RKzghQkCfGnxzclXg0viqxvm21j
eg0iide23y9xpFd8Qn1oq+hhzcKqHWdkHuDjRJD5gfAEPD7MJ7oT5jR4szQoIUcP
4C+NAoHBAPOLUwAwcY5zUBAZ7oZ8wRgnAFZjHdYYWDr04ahA1DpwPeX67MczdGud
L7hUq3APa3qcj4hrDL2jkF6FkbURhtdguMccb4hBENyYr+qjoTAfYJIZwJ9akQ/j
x8u+5kGsN+ozaKikHFsI2xXHJhbShICL3sIfNeqGFB2onp/dv8WdywTnSf2aXGjf
NFvVJYnaEOGiTM7uIf/F0n8Iae8HSdPZXtDTXNjnLFzzHjvFe1mfyYO55BDkxmr2
PDnhVkbTvwKBwQCNPwQU16WNnwImQojTUP1ioXKBSjy/d8sM6BMobFdCzNL7WBTr
6QFm+O681vyIQMWBtvjjtbe+hvZ3fbtdFaVdtXEiz1CCMMql8ZcwwICNbuyGrxGE
dxZMXKQiRb9DEhHOcewpRExG/umh4FUvVgI0Z+D99csosEYm2kUYNa1rmvsC9fVk
1cu+8u1tWYfH4cFM/FcoFS5revtQOVpctRMwpxlzMWhdyUaFtJbBv3YpcPFniQ/Z
YvFpxLswc+Ysf+ECgcEAhEeMUXH+e6zOM7CiCZIBHykv2bwEHKEkawFO/6AWpZcJ
R7y+loOwHDNIFAqJA1icvAAFRcc/KFGKvIw30+0tHBaAxkT/nzYX/nlAM2Wkywp/
3Vr3cJY0bDj/7/5D+i+cPyylD9PzQs7QkEeWvJajOV6/Ixjoo/UnP+SyI4rB+of2
GTe2zHPm9V8mhSqENReoS6Vnqo1VEiNUbYMYZqfCxbou8aWbrIQDaIj0RurAULGl
NlLlOPfJfZc4pwdpYRbpAoHAJ7Vxdfn1ec+8xIpjn6dQzWDQWrOw+4pyi54sPlVb
RUWC9nYDbTwEKkWdQ0FdyJkU7tiYIIFlVNfPAa1lkujIiC5zxe41VJ1598pXPEXn
a6UB1yn2Ay7kmCq7/qOD6IRkAS8TKyzM6Z7nFgglMEPPdzYBkeKP/aWl75el1B4e
mpGz7o6u6kSHXt0UWZ7VT9AspEw0oyHIoaXmYHvpXjGtWghn6MKPMngKIb87Xjvt
bKvcUjDKJOb0BURXpKzS8Rf9
-----END PRIVATE KEY-----

93
bin/tests/system/nsupdate/CA/certs/srv01.crt02-expired.example.nil.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010841 (0x70b9f4eb2fa19599)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 6 20:34:09 2022 GMT
Not After : Sep 7 20:34:09 2022 GMT
Subject: CN=srv01.crt02-expired.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:ec:2c:88:01:b5:8b:3a:74:56:0d:57:b3:75:fd:
05:58:05:ed:8a:ab:e8:29:0e:f1:52:34:2e:22:62:
6e:41:74:ff:78:33:b4:ff:15:73:fa:ce:90:10:a4:
fe:d2:66:14:7b:0b:79:7b:d6:20:88:f9:41:31:14:
9a:49:36:8c:38:74:4b:f3:e2:51:e7:e5:6f:bd:65:
38:e6:9c:30:80:3f:24:56:f6:68:9e:09:76:81:5b:
59:81:44:56:9f:1c:3f:48:f0:95:bf:60:40:29:df:
ac:42:3d:c3:6f:85:2d:c3:0e:08:b6:f7:12:2a:51:
00:bf:cf:fe:6c:ae:d7:7d:de:c1:72:f8:32:03:5f:
c9:3f:4a:de:e5:fa:24:90:46:f0:4a:5f:09:d8:93:
4c:bf:1c:61:4c:d2:dc:db:6c:f8:af:73:5b:b7:3b:
7a:e8:6d:1c:bb:26:23:47:87:fd:50:06:0f:f1:b5:
88:8a:a8:25:69:57:e3:46:3b:d2:6b:52:fb:5a:01:
f6:96:e9:2a:cf:13:e7:16:4c:fd:5a:f6:1f:0b:8d:
f7:25:a3:68:d7:15:fc:5c:48:49:05:e2:85:24:70:
57:b1:d8:05:24:ae:26:3a:00:9b:72:a8:47:05:c5:
f3:7c:2d:f2:58:72:37:fb:c1:8b:4f:42:8f:dd:9a:
ac:5b:ae:6f:21:62:ad:29:81:b9:8b:4b:6c:ff:61:
99:0f:7c:09:d3:6d:00:20:2d:b1:0c:00:6c:99:4c:
92:dc:0e:11:2d:e7:ba:7b:c7:c8:b1:a3:1a:61:f8:
cc:2c:af:17:b6:db:cc:36:02:fe:fb:66:15:77:84:
70:cd:42:25:b7:16:64:28:ae:9d:8c:81:85:a0:e0:
50:82:aa:e8:e9:ac:51:fc:2b:63:44:b1:08:b8:90:
d7:8c:1c:23:b2:1b:08:59:85:d5:dd:39:44:f7:47:
5e:48:08:34:eb:2c:df:75:47:08:b6:b6:e6:32:ed:
76:74:77:ce:3d:4d:fe:02:b1:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt02-expired.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
2a:52:c4:cb:a9:2f:f7:2b:ed:04:b5:03:d5:06:59:ed:5c:7c:
b7:00:9e:c4:33:90:fe:d0:b0:18:f3:f2:06:30:54:18:fe:34:
cb:ea:61:4f:9c:23:67:3c:ae:ed:20:df:82:52:ec:59:88:45:
ad:3c:6c:a7:34:24:1c:4d:66:ab:71:3d:59:8c:ef:cd:a0:e2:
7b:59:2d:43:94:cd:f5:0a:3c:4e:81:24:e8:fd:c6:d0:fd:ad:
6f:cc:29:5b:67:0b:b7:ee:43:38:a4:91:c2:d9:3b:f8:d6:97:
bc:92:dd:ec:a1:ab:85:35:44:f4:0a:df:ad:8d:8c:52:c3:49:
7e:39:10:a1:13:43:78:71:e2:92:aa:31:3d:d9:94:15:7f:86:
c8:aa:b4:a1:6d:bf:eb:55:b1:d7:41:6f:c3:7d:88:5e:9c:b7:
b1:4b:0d:a7:17:4f:3e:4a:46:3f:6f:48:27:8c:d0:e5:51:fc:
42:ba:c5:b9:4f:63:6f:2e:f2:fd:0c:c0:6e:23:b4:59:93:68:
a4:2d:16:ce:f4:7b:3a:45:1d:a0:6e:98:0b:f7:6a:e6:75:0c:
db:56:19:6b:88:f0:7f:6b:08:f8:fc:bb:d1:3f:25:25:1a:6c:
8e:34:cb:91:18:54:d5:2d:ce:9c:d0:b7:c3:bc:b5:0a:e0:b9:
73:6f:4d:ad:6b:3c:b6:49:ef:c0:10:13:c7:0a:78:4d:98:7d:
cb:84:a1:29:40:8c:dd:31:7d:ae:c4:f5:25:5d:b9:74:b2:f5:
e2:2b:e0:43:c8:50:61:a3:a8:26:1a:03:ab:1a:24:3b:13:56:
da:0d:ee:ff:2f:bd:d5:77:82:72:63:b8:aa:e1:18:f7:3b:c1:
a1:f8:51:b1:70:b9:25:39:df:a3:41:79:d7:2b:ec:32:f6:cb:
30:28:d2:1e:f1:b4:e1:80:03:9f:c2:0f:36:85:82:5e:39:ba:
9e:eb:67:76:42:93:bf:e0:df:64:b2:b5:5f:98:a1:45:3f:4a:
1f:5c:c5:04:10:f6
-----BEGIN CERTIFICATE-----
MIIEXTCCAsWgAwIBAgIIcLn06y+hlZkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNjIwMzQwOVoXDTIyMDkwNzIw
MzQwOVowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDItZXhwaXJlZC5leGFtcGxlLm5p
bDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOwsiAG1izp0Vg1Xs3X9
BVgF7Yqr6CkO8VI0LiJibkF0/3gztP8Vc/rOkBCk/tJmFHsLeXvWIIj5QTEUmkk2
jDh0S/PiUeflb71lOOacMIA/JFb2aJ4JdoFbWYFEVp8cP0jwlb9gQCnfrEI9w2+F
LcMOCLb3EipRAL/P/myu133ewXL4MgNfyT9K3uX6JJBG8EpfCdiTTL8cYUzS3Nts
+K9zW7c7euhtHLsmI0eH/VAGD/G1iIqoJWlX40Y70mtS+1oB9pbpKs8T5xZM/Vr2
HwuN9yWjaNcV/FxISQXihSRwV7HYBSSuJjoAm3KoRwXF83wt8lhyN/vBi09Cj92a
rFuubyFirSmBuYtLbP9hmQ98CdNtACAtsQwAbJlMktwOES3nunvHyLGjGmH4zCyv
F7bbzDYC/vtmFXeEcM1CJbcWZCiunYyBhaDgUIKq6OmsUfwrY0SxCLiQ14wcI7Ib
CFmF1d05RPdHXkgINOss33VHCLa25jLtdnR3zj1N/gKxMwIDAQABozQwMjAwBgNV
HREEKTAngh9zcnYwMS5jcnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQKNQABMA0G
CSqGSIb3DQEBCwUAA4IBgQAqUsTLqS/3K+0EtQPVBlntXHy3AJ7EM5D+0LAY8/IG
MFQY/jTL6mFPnCNnPK7tIN+CUuxZiEWtPGynNCQcTWarcT1ZjO/NoOJ7WS1DlM31
CjxOgSTo/cbQ/a1vzClbZwu37kM4pJHC2Tv41pe8kt3soauFNUT0Ct+tjYxSw0l+
ORChE0N4ceKSqjE92ZQVf4bIqrShbb/rVbHXQW/DfYhenLexSw2nF08+SkY/b0gn
jNDlUfxCusW5T2NvLvL9DMBuI7RZk2ikLRbO9Hs6RR2gbpgL92rmdQzbVhlriPB/
awj4/LvRPyUlGmyONMuRGFTVLc6c0LfDvLUK4Llzb02tazy2Se/AEBPHCnhNmH3L
hKEpQIzdMX2uxPUlXbl0svXiK+BDyFBho6gmGgOrGiQ7E1baDe7/L73Vd4JyY7iq
4Rj3O8Gh+FGxcLklOd+jQXnXK+wy9sswKNIe8bThgAOfwg82hYJeObqe62d2QpO/
4N9ksrVfmKFFP0ofXMUEEPY=
-----END CERTIFICATE-----

4
bin/tests/system/nsupdate/CA/index.txt Normal file
View File

@@ -0,0 +1,4 @@
V 20520830202803Z 70B9F4EB2FA19598 unknown /CN=srv01.crt01.example.nil
V 220907203409Z 70B9F4EB2FA19599 unknown /CN=srv01.crt02-expired.example.nil
V 20520831082017Z 70B9F4EB2FA1959A unknown /CN=srv01.client01.example.nil
V 220908081418Z 70B9F4EB2FA1959B unknown /CN=srv01.client02-expired.example.nil

1
bin/tests/system/nsupdate/CA/index.txt.attr Normal file
View File

@@ -0,0 +1 @@
unique_subject = yes

93
bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19598.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010840 (0x70b9f4eb2fa19598)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 7 20:28:03 2022 GMT
Not After : Aug 30 20:28:03 2052 GMT
Subject: CN=srv01.crt01.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:b4:9a:63:98:04:ad:bd:ab:29:bf:22:70:54:30:
df:c7:6b:77:5d:b8:5e:0b:cd:0e:a0:6c:74:37:e7:
4b:78:d1:96:da:ca:99:7d:92:b1:e4:1a:0a:1e:b4:
1c:be:ee:cc:95:8c:52:03:93:85:e1:40:43:68:86:
86:bc:6a:62:6d:d6:0a:ca:ee:4f:93:2d:ee:6b:df:
7a:f6:dc:fa:44:a6:39:80:2c:38:7c:89:cd:d9:a3:
99:ec:e8:2b:48:6d:84:41:3d:0e:1a:1f:68:5e:17:
88:8f:a5:da:4d:1c:36:26:ae:b4:7e:d2:fe:a2:59:
d5:67:3a:56:c2:21:65:0d:dd:97:6f:f0:e5:b4:1e:
87:ae:97:35:0d:f4:9b:ae:dc:8a:3e:28:aa:b8:a2:
ab:ee:9d:b2:c5:91:f6:71:99:a5:86:cb:31:9c:05:
d6:9b:94:13:46:a9:9a:c9:a5:55:5f:6c:cc:d0:84:
27:e2:b1:b5:73:39:08:7f:80:2f:04:26:96:0c:8d:
29:9b:be:5e:cc:39:af:a2:db:82:82:57:07:e6:b2:
4a:d9:3d:c8:79:6e:67:61:f3:48:37:a8:4f:9f:b3:
cf:84:b6:50:08:3d:e9:85:e9:a9:76:50:80:e7:2c:
6f:65:95:cb:e2:23:41:58:39:70:e7:78:29:3d:c2:
d6:20:7c:2b:87:30:bd:98:87:63:ed:4a:ad:b9:ed:
7a:4b:13:a1:3d:62:5e:b6:74:64:ef:25:a3:dd:93:
47:aa:d3:25:7e:2a:d7:09:1b:5c:59:50:f1:d4:c6:
9c:f2:64:8a:7c:cb:cc:52:37:50:88:4b:84:35:40:
51:0e:a1:06:a2:60:b6:b0:e3:8f:f9:d8:8e:45:77:
7d:0e:7d:11:92:22:15:0f:a3:37:84:c4:25:dc:14:
b4:20:7a:b7:16:96:72:d4:bf:4d:5d:d2:ab:71:43:
44:be:87:44:d2:b8:74:f7:86:3f:d2:5d:dd:5e:e6:
74:ab:fb:cc:a3:5d:a6:84:80:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt01.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
94:15:c0:4a:f1:aa:15:30:f7:cb:fe:f9:fa:ba:5f:f0:18:1f:
7e:44:9a:b1:d4:9c:f9:78:d3:a7:c7:65:f2:d1:48:62:f4:cb:
2f:20:ea:7c:af:08:cf:db:e2:0f:ab:c0:22:38:16:c5:0c:e5:
c7:6e:34:b1:ed:f6:02:1a:69:c0:09:d1:43:b3:30:77:fc:00:
07:1b:da:88:97:5b:28:4e:e6:92:ca:00:cc:86:66:a9:a9:0a:
75:be:74:88:7d:09:52:e7:a9:82:8f:a9:62:5e:b3:19:64:14:
e5:54:9e:6d:9c:98:39:8b:1f:92:92:59:f9:a2:46:75:96:11:
71:8a:c8:71:05:10:2a:b8:f3:a4:19:db:eb:05:17:0a:dd:98:
2c:58:54:3a:7f:8c:c2:26:9e:62:ca:04:dd:3c:99:1f:a0:64:
69:fb:d6:04:c1:0b:8c:62:f6:2d:ea:bc:6c:a9:39:7b:f1:20:
b8:b7:04:3c:a7:65:fa:1f:db:22:e2:5b:8b:91:75:60:be:e1:
1e:50:13:23:d5:4b:93:87:20:ec:46:6f:5f:94:dc:b1:60:d1:
79:4b:5e:76:c9:6d:0d:be:a6:9a:6b:67:8b:a7:48:7e:51:b5:
9b:9d:ec:a6:0c:c1:b3:d9:0b:26:8b:f2:7c:cf:61:d0:a2:a0:
90:90:18:6b:b4:ca:56:b8:5e:5a:8b:78:71:c4:d1:fc:15:30:
0a:03:26:74:85:3d:6c:ed:d3:e1:c9:c1:b0:d4:0c:b9:f3:04:
93:0d:e3:a6:2c:a7:ee:e0:24:0d:dd:37:fc:6b:09:d5:b5:55:
33:12:82:cf:f2:ba:0f:b0:e2:ce:f7:c0:ac:2c:7f:ab:f9:dd:
87:b1:9b:95:f2:d7:32:98:dd:4c:b3:28:b7:0d:2b:2f:62:65:
ce:59:fb:95:d4:5f:9d:fd:83:5a:01:3b:5f:48:5f:3c:fa:4b:
52:91:66:e1:49:8e:cd:09:78:f5:ce:f8:cd:5c:85:3e:ad:bd:
1c:4e:e0:3f:0a:8b
-----BEGIN CERTIFICATE-----
MIIETzCCAregAwIBAgIIcLn06y+hlZgwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwNzIwMjgwM1oYDzIwNTIwODMw
MjAyODAzWjAiMSAwHgYDVQQDDBdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbDCCAaIw
DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBALSaY5gErb2rKb8icFQw38drd124
XgvNDqBsdDfnS3jRltrKmX2SseQaCh60HL7uzJWMUgOTheFAQ2iGhrxqYm3WCsru
T5Mt7mvfevbc+kSmOYAsOHyJzdmjmezoK0hthEE9DhofaF4XiI+l2k0cNiautH7S
/qJZ1Wc6VsIhZQ3dl2/w5bQeh66XNQ30m67cij4oqriiq+6dssWR9nGZpYbLMZwF
1puUE0apmsmlVV9szNCEJ+KxtXM5CH+ALwQmlgyNKZu+Xsw5r6LbgoJXB+ayStk9
yHluZ2HzSDeoT5+zz4S2UAg96YXpqXZQgOcsb2WVy+IjQVg5cOd4KT3C1iB8K4cw
vZiHY+1KrbnteksToT1iXrZ0ZO8lo92TR6rTJX4q1wkbXFlQ8dTGnPJkinzLzFI3
UIhLhDVAUQ6hBqJgtrDjj/nYjkV3fQ59EZIiFQ+jN4TEJdwUtCB6txaWctS/TV3S
q3FDRL6HRNK4dPeGP9Jd3V7mdKv7zKNdpoSACwIDAQABoywwKjAoBgNVHREEITAf
ghdzcnYwMS5jcnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0BAQsFAAOC
AYEAlBXASvGqFTD3y/75+rpf8BgffkSasdSc+XjTp8dl8tFIYvTLLyDqfK8Iz9vi
D6vAIjgWxQzlx240se32AhppwAnRQ7Mwd/wABxvaiJdbKE7mksoAzIZmqakKdb50
iH0JUuepgo+pYl6zGWQU5VSebZyYOYsfkpJZ+aJGdZYRcYrIcQUQKrjzpBnb6wUX
Ct2YLFhUOn+MwiaeYsoE3TyZH6BkafvWBMELjGL2Leq8bKk5e/EguLcEPKdl+h/b
IuJbi5F1YL7hHlATI9VLk4cg7EZvX5TcsWDReUtedsltDb6mmmtni6dIflG1m53s
pgzBs9kLJovyfM9h0KKgkJAYa7TKVrheWot4ccTR/BUwCgMmdIU9bO3T4cnBsNQM
ufMEkw3jpiyn7uAkDd03/GsJ1bVVMxKCz/K6D7DizvfArCx/q/ndh7GblfLXMpjd
TLMotw0rL2Jlzln7ldRfnf2DWgE7X0hfPPpLUpFm4UmOzQl49c74zVyFPq29HE7g
PwqL
-----END CERTIFICATE-----

93
bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA19599.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010841 (0x70b9f4eb2fa19599)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 6 20:34:09 2022 GMT
Not After : Sep 7 20:34:09 2022 GMT
Subject: CN=srv01.crt02-expired.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:ec:2c:88:01:b5:8b:3a:74:56:0d:57:b3:75:fd:
05:58:05:ed:8a:ab:e8:29:0e:f1:52:34:2e:22:62:
6e:41:74:ff:78:33:b4:ff:15:73:fa:ce:90:10:a4:
fe:d2:66:14:7b:0b:79:7b:d6:20:88:f9:41:31:14:
9a:49:36:8c:38:74:4b:f3:e2:51:e7:e5:6f:bd:65:
38:e6:9c:30:80:3f:24:56:f6:68:9e:09:76:81:5b:
59:81:44:56:9f:1c:3f:48:f0:95:bf:60:40:29:df:
ac:42:3d:c3:6f:85:2d:c3:0e:08:b6:f7:12:2a:51:
00:bf:cf:fe:6c:ae:d7:7d:de:c1:72:f8:32:03:5f:
c9:3f:4a:de:e5:fa:24:90:46:f0:4a:5f:09:d8:93:
4c:bf:1c:61:4c:d2:dc:db:6c:f8:af:73:5b:b7:3b:
7a:e8:6d:1c:bb:26:23:47:87:fd:50:06:0f:f1:b5:
88:8a:a8:25:69:57:e3:46:3b:d2:6b:52:fb:5a:01:
f6:96:e9:2a:cf:13:e7:16:4c:fd:5a:f6:1f:0b:8d:
f7:25:a3:68:d7:15:fc:5c:48:49:05:e2:85:24:70:
57:b1:d8:05:24:ae:26:3a:00:9b:72:a8:47:05:c5:
f3:7c:2d:f2:58:72:37:fb:c1:8b:4f:42:8f:dd:9a:
ac:5b:ae:6f:21:62:ad:29:81:b9:8b:4b:6c:ff:61:
99:0f:7c:09:d3:6d:00:20:2d:b1:0c:00:6c:99:4c:
92:dc:0e:11:2d:e7:ba:7b:c7:c8:b1:a3:1a:61:f8:
cc:2c:af:17:b6:db:cc:36:02:fe:fb:66:15:77:84:
70:cd:42:25:b7:16:64:28:ae:9d:8c:81:85:a0:e0:
50:82:aa:e8:e9:ac:51:fc:2b:63:44:b1:08:b8:90:
d7:8c:1c:23:b2:1b:08:59:85:d5:dd:39:44:f7:47:
5e:48:08:34:eb:2c:df:75:47:08:b6:b6:e6:32:ed:
76:74:77:ce:3d:4d:fe:02:b1:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.crt02-expired.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
2a:52:c4:cb:a9:2f:f7:2b:ed:04:b5:03:d5:06:59:ed:5c:7c:
b7:00:9e:c4:33:90:fe:d0:b0:18:f3:f2:06:30:54:18:fe:34:
cb:ea:61:4f:9c:23:67:3c:ae:ed:20:df:82:52:ec:59:88:45:
ad:3c:6c:a7:34:24:1c:4d:66:ab:71:3d:59:8c:ef:cd:a0:e2:
7b:59:2d:43:94:cd:f5:0a:3c:4e:81:24:e8:fd:c6:d0:fd:ad:
6f:cc:29:5b:67:0b:b7:ee:43:38:a4:91:c2:d9:3b:f8:d6:97:
bc:92:dd:ec:a1:ab:85:35:44:f4:0a:df:ad:8d:8c:52:c3:49:
7e:39:10:a1:13:43:78:71:e2:92:aa:31:3d:d9:94:15:7f:86:
c8:aa:b4:a1:6d:bf:eb:55:b1:d7:41:6f:c3:7d:88:5e:9c:b7:
b1:4b:0d:a7:17:4f:3e:4a:46:3f:6f:48:27:8c:d0:e5:51:fc:
42:ba:c5:b9:4f:63:6f:2e:f2:fd:0c:c0:6e:23:b4:59:93:68:
a4:2d:16:ce:f4:7b:3a:45:1d:a0:6e:98:0b:f7:6a:e6:75:0c:
db:56:19:6b:88:f0:7f:6b:08:f8:fc:bb:d1:3f:25:25:1a:6c:
8e:34:cb:91:18:54:d5:2d:ce:9c:d0:b7:c3:bc:b5:0a:e0:b9:
73:6f:4d:ad:6b:3c:b6:49:ef:c0:10:13:c7:0a:78:4d:98:7d:
cb:84:a1:29:40:8c:dd:31:7d:ae:c4:f5:25:5d:b9:74:b2:f5:
e2:2b:e0:43:c8:50:61:a3:a8:26:1a:03:ab:1a:24:3b:13:56:
da:0d:ee:ff:2f:bd:d5:77:82:72:63:b8:aa:e1:18:f7:3b:c1:
a1:f8:51:b1:70:b9:25:39:df:a3:41:79:d7:2b:ec:32:f6:cb:
30:28:d2:1e:f1:b4:e1:80:03:9f:c2:0f:36:85:82:5e:39:ba:
9e:eb:67:76:42:93:bf:e0:df:64:b2:b5:5f:98:a1:45:3f:4a:
1f:5c:c5:04:10:f6
-----BEGIN CERTIFICATE-----
MIIEXTCCAsWgAwIBAgIIcLn06y+hlZkwDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNjIwMzQwOVoXDTIyMDkwNzIw
MzQwOVowKjEoMCYGA1UEAwwfc3J2MDEuY3J0MDItZXhwaXJlZC5leGFtcGxlLm5p
bDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOwsiAG1izp0Vg1Xs3X9
BVgF7Yqr6CkO8VI0LiJibkF0/3gztP8Vc/rOkBCk/tJmFHsLeXvWIIj5QTEUmkk2
jDh0S/PiUeflb71lOOacMIA/JFb2aJ4JdoFbWYFEVp8cP0jwlb9gQCnfrEI9w2+F
LcMOCLb3EipRAL/P/myu133ewXL4MgNfyT9K3uX6JJBG8EpfCdiTTL8cYUzS3Nts
+K9zW7c7euhtHLsmI0eH/VAGD/G1iIqoJWlX40Y70mtS+1oB9pbpKs8T5xZM/Vr2
HwuN9yWjaNcV/FxISQXihSRwV7HYBSSuJjoAm3KoRwXF83wt8lhyN/vBi09Cj92a
rFuubyFirSmBuYtLbP9hmQ98CdNtACAtsQwAbJlMktwOES3nunvHyLGjGmH4zCyv
F7bbzDYC/vtmFXeEcM1CJbcWZCiunYyBhaDgUIKq6OmsUfwrY0SxCLiQ14wcI7Ib
CFmF1d05RPdHXkgINOss33VHCLa25jLtdnR3zj1N/gKxMwIDAQABozQwMjAwBgNV
HREEKTAngh9zcnYwMS5jcnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQKNQABMA0G
CSqGSIb3DQEBCwUAA4IBgQAqUsTLqS/3K+0EtQPVBlntXHy3AJ7EM5D+0LAY8/IG
MFQY/jTL6mFPnCNnPK7tIN+CUuxZiEWtPGynNCQcTWarcT1ZjO/NoOJ7WS1DlM31
CjxOgSTo/cbQ/a1vzClbZwu37kM4pJHC2Tv41pe8kt3soauFNUT0Ct+tjYxSw0l+
ORChE0N4ceKSqjE92ZQVf4bIqrShbb/rVbHXQW/DfYhenLexSw2nF08+SkY/b0gn
jNDlUfxCusW5T2NvLvL9DMBuI7RZk2ikLRbO9Hs6RR2gbpgL92rmdQzbVhlriPB/
awj4/LvRPyUlGmyONMuRGFTVLc6c0LfDvLUK4Llzb02tazy2Se/AEBPHCnhNmH3L
hKEpQIzdMX2uxPUlXbl0svXiK+BDyFBho6gmGgOrGiQ7E1baDe7/L73Vd4JyY7iq
4Rj3O8Gh+FGxcLklOd+jQXnXK+wy9sswKNIe8bThgAOfwg82hYJeObqe62d2QpO/
4N9ksrVfmKFFP0ofXMUEEPY=
-----END CERTIFICATE-----

93
bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959A.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010842 (0x70b9f4eb2fa1959a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 8 08:20:17 2022 GMT
Not After : Aug 31 08:20:17 2052 GMT
Subject: CN=srv01.client01.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:ab:60:2e:9c:61:e3:89:c6:52:2b:bc:e9:e1:05:
fd:18:65:42:20:f6:56:16:40:33:d2:cb:9f:f7:ef:
22:54:a7:c9:55:70:ca:52:f0:e2:a2:58:38:7f:10:
ad:2b:05:e0:11:b6:69:21:7f:2d:38:56:dd:d5:e4:
f3:de:a7:32:35:f7:33:2a:52:80:ae:b7:d6:7c:35:
74:c3:0c:8a:c3:3a:18:61:68:73:62:58:56:ff:78:
25:57:1c:7b:be:98:88:21:dd:1c:8a:13:a5:9a:52:
48:98:d9:3d:c4:28:a6:7e:9b:11:56:7e:ce:09:bb:
51:89:8a:a8:1b:00:b5:73:2b:41:93:b1:62:40:30:
29:ea:f6:a3:e7:bc:f0:e9:9e:07:2b:ae:a9:a0:1d:
4d:d9:f8:18:4d:83:47:4e:68:ee:57:c8:55:15:86:
3c:6d:1e:f5:31:f1:de:cf:c2:7e:6b:8e:22:5a:c5:
76:af:d0:01:de:ab:7a:03:b2:96:33:cc:a0:26:ae:
de:c4:bd:76:85:96:c7:88:e4:46:bc:3f:c6:54:c9:
95:83:87:9c:49:0d:31:dd:c4:17:52:99:e4:65:49:
9b:9d:f3:ad:ce:66:08:57:f4:83:be:5e:87:da:42:
5a:01:2a:6d:68:d1:8d:38:d9:18:ae:5e:2e:54:72:
8b:01:45:96:af:f5:a3:d0:29:5d:22:8b:b4:d4:30:
af:02:36:c5:2d:e9:29:eb:2c:ea:6a:7e:27:b3:70:
fc:87:1f:2b:c4:b1:3a:a6:c2:e9:b7:c2:6f:46:63:
b7:96:2e:53:d8:b7:cd:c3:f4:b5:6d:b2:fc:57:49:
ac:9f:98:c9:fe:b4:f5:7c:93:48:2e:93:dc:e9:18:
54:63:5f:18:a3:e7:12:aa:fe:38:f0:73:e5:17:1e:
fe:40:65:81:a8:8f:60:46:c2:16:f2:a8:9d:b1:1b:
bc:ce:05:de:37:b2:a8:86:47:bd:8d:92:de:e0:e5:
42:89:b8:e3:f8:b1:24:08:7e:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client01.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
07:97:69:51:12:50:6a:e1:02:a0:b0:dc:93:75:16:c4:38:0f:
5c:b3:47:da:bf:fa:9c:b6:de:c0:ef:38:f7:cc:d9:8d:71:ba:
51:89:e5:48:36:dd:e1:f8:73:9d:92:80:1c:42:30:69:4f:8c:
19:5d:f7:1d:03:e4:f2:76:e0:58:7b:c2:76:c4:0a:7e:20:69:
26:6c:3e:cb:31:45:93:1d:07:5f:45:44:8e:5a:fb:87:17:7b:
4d:5c:bf:37:bd:5e:ba:5c:22:84:bf:26:21:4a:c4:e9:f9:cb:
73:de:fc:62:04:96:ad:aa:fd:89:09:5c:74:d6:bd:5f:07:17:
ef:9c:3d:ee:b7:dc:08:11:7f:12:66:ab:c4:ff:43:6d:7f:1e:
01:b6:d1:19:73:53:18:e4:02:b0:7c:9e:99:63:d8:57:dd:07:
79:fb:83:39:09:de:76:6e:68:b7:87:81:13:b8:26:e5:1c:c9:
a0:23:e5:97:39:ff:93:c7:8d:08:d8:ce:97:34:fc:ad:22:14:
89:c0:ae:83:7d:0a:3f:cf:a0:9b:b4:6a:5c:b3:6d:5d:3b:88:
ca:1e:9b:99:54:64:57:58:3c:4c:bd:26:ee:11:c3:13:0b:1d:
f5:fd:d9:37:b0:31:72:6f:1d:e8:ba:43:37:46:f7:71:fe:6d:
4a:30:33:29:c5:7b:37:8b:7e:06:22:89:a4:46:36:f0:fe:c6:
f5:f0:53:04:c0:35:52:78:6e:10:24:3a:d8:bf:7b:13:2f:98:
bc:69:31:41:68:02:5a:c4:f9:11:a2:6b:3f:c8:e0:d4:b3:80:
af:d2:be:fe:28:70:61:18:ed:8a:de:c4:cb:da:c9:60:94:91:
76:63:69:8c:6e:96:f5:ba:e7:be:1e:1c:c3:84:b1:8d:e8:31:
f7:66:8c:0d:da:a8:78:57:19:fd:a0:8d:fa:9a:7e:51:1c:d1:
d0:84:07:a2:45:40:2d:c4:6b:e9:9f:86:4a:08:20:8f:9c:79:
97:e3:7f:2a:14:73
-----BEGIN CERTIFICATE-----
MIIEVTCCAr2gAwIBAgIIcLn06y+hlZowDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDkwODA4MjAxN1oYDzIwNTIwODMx
MDgyMDE3WjAlMSMwIQYDVQQDDBpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbDCC
AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKtgLpxh44nGUiu86eEF/Rhl
QiD2VhZAM9LLn/fvIlSnyVVwylLw4qJYOH8QrSsF4BG2aSF/LThW3dXk896nMjX3
MypSgK631nw1dMMMisM6GGFoc2JYVv94JVcce76YiCHdHIoTpZpSSJjZPcQopn6b
EVZ+zgm7UYmKqBsAtXMrQZOxYkAwKer2o+e88OmeByuuqaAdTdn4GE2DR05o7lfI
VRWGPG0e9THx3s/CfmuOIlrFdq/QAd6regOyljPMoCau3sS9doWWx4jkRrw/xlTJ
lYOHnEkNMd3EF1KZ5GVJm53zrc5mCFf0g75eh9pCWgEqbWjRjTjZGK5eLlRyiwFF
lq/1o9ApXSKLtNQwrwI2xS3pKess6mp+J7Nw/IcfK8SxOqbC6bfCb0Zjt5YuU9i3
zcP0tW2y/FdJrJ+Yyf609XyTSC6T3OkYVGNfGKPnEqr+OPBz5Rce/kBlgaiPYEbC
FvKonbEbvM4F3jeyqIZHvY2S3uDlQom44/ixJAh+mQIDAQABoy8wLTArBgNVHREE
JDAighpzcnYwMS5jbGllbnQwMS5leGFtcGxlLm5pbIcECjUAATANBgkqhkiG9w0B
AQsFAAOCAYEAB5dpURJQauECoLDck3UWxDgPXLNH2r/6nLbewO8498zZjXG6UYnl
SDbd4fhznZKAHEIwaU+MGV33HQPk8nbgWHvCdsQKfiBpJmw+yzFFkx0HX0VEjlr7
hxd7TVy/N71eulwihL8mIUrE6fnLc978YgSWrar9iQlcdNa9XwcX75w97rfcCBF/
EmarxP9DbX8eAbbRGXNTGOQCsHyemWPYV90HefuDOQnedm5ot4eBE7gm5RzJoCPl
lzn/k8eNCNjOlzT8rSIUicCug30KP8+gm7RqXLNtXTuIyh6bmVRkV1g8TL0m7hHD
Ewsd9f3ZN7Axcm8d6LpDN0b3cf5tSjAzKcV7N4t+BiKJpEY28P7G9fBTBMA1Unhu
ECQ62L97Ey+YvGkxQWgCWsT5EaJrP8jg1LOAr9K+/ihwYRjtit7Ey9rJYJSRdmNp
jG6W9brnvh4cw4Sxjegx92aMDdqoeFcZ/aCN+pp+URzR0IQHokVALcRr6Z+GSggg
j5x5l+N/KhRz
-----END CERTIFICATE-----

93
bin/tests/system/nsupdate/CA/newcerts/70B9F4EB2FA1959B.pem Normal file
View File

@@ -0,0 +1,93 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8122792693893010843 (0x70b9f4eb2fa1959b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 7 08:14:18 2022 GMT
Not After : Sep 8 08:14:18 2022 GMT
Subject: CN=srv01.client02-expired.example.nil
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (3072 bit)
Modulus:
00:c0:11:27:17:25:3a:ad:85:a0:3b:59:0b:22:64:
63:7d:bb:05:32:35:4f:68:d5:19:2b:cd:46:bd:e2:
b6:42:8c:08:cf:09:0d:a8:cd:58:d9:1b:77:db:17:
8a:fc:f0:55:f2:e1:50:f4:fd:90:aa:49:15:5d:ea:
9b:5a:47:c4:2f:82:07:46:87:f6:05:ef:15:02:a4:
3c:a1:da:fc:5b:75:36:12:f7:12:50:55:f8:be:0c:
7d:21:91:e2:92:d8:41:3f:71:fe:b2:17:c0:68:1d:
09:be:fc:c4:24:ec:ef:d2:5c:52:a9:4f:d6:5d:30:
b8:ab:68:2e:39:e9:8b:5b:c6:f0:64:42:f7:b8:bd:
b2:90:32:22:68:bc:38:70:2f:14:ae:c8:7c:63:04:
d5:11:b2:0a:f1:8e:13:10:b2:3b:69:f4:fe:3a:e2:
f1:58:56:28:93:c1:28:aa:a7:19:c9:91:12:43:f8:
f5:1d:34:58:3d:32:9f:11:67:d1:1f:53:d4:e0:d5:
0c:78:2c:6f:38:3f:e1:89:69:b5:09:3c:12:f4:a9:
ee:e5:2f:c5:47:65:a6:82:fa:ea:78:48:31:89:11:
b6:23:8a:27:ed:7c:1d:6d:e8:ab:a0:29:de:40:f4:
f2:9b:61:22:da:9c:22:32:f7:3d:f8:4c:e1:38:a7:
e2:c3:af:a4:67:7f:94:a4:fd:52:25:89:4d:f4:9a:
d6:35:ba:98:20:f1:4b:c9:a5:cf:ac:72:58:2a:cd:
3b:4a:3e:e9:04:31:e2:9a:74:32:d5:52:60:34:ad:
0c:85:02:65:58:41:74:2a:57:91:34:55:36:a9:14:
5b:45:cc:28:27:d7:6d:ba:55:a3:dd:9f:00:04:a4:
43:c2:af:5c:af:86:53:a6:d5:a7:49:aa:31:d6:5e:
92:7d:26:dd:8d:f4:87:8a:9b:48:e8:25:f4:c7:34:
ca:cf:e3:f7:84:19:3b:43:c7:6a:b8:da:6e:6f:85:
af:8d:0c:fb:7c:ea:c7:73:9c:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv01.client02-expired.example.nil, IP Address:10.53.0.1
Signature Algorithm: sha256WithRSAEncryption
18:f1:7c:24:5b:d2:03:b0:60:0e:60:e6:32:f9:a7:47:d1:e4:
bd:3f:a3:21:53:90:84:9a:c6:2c:87:b2:16:28:95:07:a3:2a:
c3:33:8f:60:70:3f:26:58:be:ec:a2:6c:44:89:d3:4e:ef:bb:
ce:af:9b:5f:15:06:03:21:74:e3:6f:2a:dc:5c:19:4e:d3:cb:
ba:c3:5f:d8:76:89:59:50:82:69:5f:a1:ac:9f:be:79:e1:22:
12:37:f9:d3:2e:00:35:03:03:9d:08:24:45:65:7a:e9:72:31:
e1:67:44:32:17:25:dd:b9:72:eb:c6:40:d7:5d:8d:5f:00:48:
07:09:0d:3c:4c:a1:f1:05:4b:05:9b:2b:5a:21:09:46:f4:17:
7a:cf:34:87:ad:bf:ef:bd:56:74:d7:1a:8f:07:ce:70:b1:aa:
4d:82:4f:08:dc:56:27:f9:21:20:b8:06:c7:29:b4:8e:36:82:
b8:43:85:1c:2d:9f:be:2d:b9:9d:40:de:52:55:6a:2e:0b:28:
33:fc:f8:1b:70:e9:c5:46:50:f3:05:be:8d:ed:99:ec:f1:8c:
51:8a:1c:4b:95:f4:c4:dd:cd:42:74:bc:6f:66:64:54:b8:c1:
6e:c8:3d:e9:fe:10:02:61:50:77:38:b9:b0:b8:13:37:8f:0e:
5b:49:92:3a:9d:9a:60:51:68:99:8a:d5:7e:92:71:7e:fa:db:
52:37:4d:f9:0d:6c:3b:79:a3:b9:16:b7:95:00:ea:eb:17:54:
e2:50:d7:a5:08:54:58:2c:79:66:01:4b:95:65:ed:b8:81:f7:
4c:fa:f8:89:37:ad:d9:dc:c9:75:9d:02:3e:e5:92:b3:03:ab:
70:69:83:f5:6c:a6:27:7e:2e:fc:9d:b2:59:0a:43:ad:3f:55:
2f:5d:ec:ef:52:f0:3e:be:b5:d6:e2:c3:91:9d:dd:5d:e1:9e:
e6:18:90:0b:6a:85:f8:e3:83:2a:7c:91:c3:52:1c:6d:aa:2b:
44:b8:6f:2b:af:6e
-----BEGIN CERTIFICATE-----
MIIEYzCCAsugAwIBAgIIcLn06y+hlZswDQYJKoZIhvcNAQELBQAwfTELMAkGA1UE
BhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4GA1UEBwwHS2hhcmtp
djEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0aXVtMRwwGgYDVQQD
DBNjYS50ZXN0LmV4YW1wbGUuY29tMB4XDTIyMDkwNzA4MTQxOFoXDTIyMDkwODA4
MTQxOFowLTErMCkGA1UEAwwic3J2MDEuY2xpZW50MDItZXhwaXJlZC5leGFtcGxl
Lm5pbDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAMARJxclOq2FoDtZ
CyJkY327BTI1T2jVGSvNRr3itkKMCM8JDajNWNkbd9sXivzwVfLhUPT9kKpJFV3q
m1pHxC+CB0aH9gXvFQKkPKHa/Ft1NhL3ElBV+L4MfSGR4pLYQT9x/rIXwGgdCb78
xCTs79JcUqlP1l0wuKtoLjnpi1vG8GRC97i9spAyImi8OHAvFK7IfGME1RGyCvGO
ExCyO2n0/jri8VhWKJPBKKqnGcmREkP49R00WD0ynxFn0R9T1ODVDHgsbzg/4Ylp
tQk8EvSp7uUvxUdlpoL66nhIMYkRtiOKJ+18HW3oq6Ap3kD08pthItqcIjL3PfhM
4Tin4sOvpGd/lKT9UiWJTfSa1jW6mCDxS8mlz6xyWCrNO0o+6QQx4pp0MtVSYDSt
DIUCZVhBdCpXkTRVNqkUW0XMKCfXbbpVo92fAASkQ8KvXK+GU6bVp0mqMdZekn0m
3Y30h4qbSOgl9Mc0ys/j94QZO0PHarjabm+Fr40M+3zqx3OcmwIDAQABozcwNTAz
BgNVHREELDAqgiJzcnYwMS5jbGllbnQwMi1leHBpcmVkLmV4YW1wbGUubmlshwQK
NQABMA0GCSqGSIb3DQEBCwUAA4IBgQAY8XwkW9IDsGAOYOYy+adH0eS9P6MhU5CE
msYsh7IWKJUHoyrDM49gcD8mWL7somxEidNO77vOr5tfFQYDIXTjbyrcXBlO08u6
w1/YdolZUIJpX6Gsn7554SISN/nTLgA1AwOdCCRFZXrpcjHhZ0QyFyXduXLrxkDX
XY1fAEgHCQ08TKHxBUsFmytaIQlG9Bd6zzSHrb/vvVZ01xqPB85wsapNgk8I3FYn
+SEguAbHKbSONoK4Q4UcLZ++LbmdQN5SVWouCygz/PgbcOnFRlDzBb6N7Zns8YxR
ihxLlfTE3c1CdLxvZmRUuMFuyD3p/hACYVB3OLmwuBM3jw5bSZI6nZpgUWiZitV+
knF++ttSN035DWw7eaO5FreVAOrrF1TiUNelCFRYLHlmAUuVZe24gfdM+viJN63Z
3Ml1nQI+5ZKzA6twaYP1bKYnfi78nbJZCkOtP1UvXezvUvA+vrXW4sORnd1d4Z7m
GJALaoX444MqfJHDUhxtqitEuG8rr24=
-----END CERTIFICATE-----

39
bin/tests/system/nsupdate/CA/private/CA-other.key Normal file
View File

@@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEA10Xj8dH8/XCfUvhdL/S3E10TnrYY8IIDBmU0lkUR5IHwgP9I
YVyR/0Mibg79FAs+rvuEDifUK+6wvkpj+BXNVZCspo9/u3cl7dqrLH+1SeUs50Oe
QnbbTrBl0PuNwvzEkbk7xwLlVDOyRmmvY/EEu7WkitQZgXSAYgttrk62CuJUQUmw
UTX5Jxndsjydk/zW/DiulTsX+zv8kG5NiwpXCfL6QxBoMZNI4fUmDL3bX1XfHaFA
+45GT2lHu07xc+cVeZIRCo0Nk+fIO53lDol8mmR8/5vna27gRnqEUSU7MZAMG6QB
Xkotnq3rHnrI/ku6dCJW4tbWV/ANQ+TG17g2tygzC/smqTuLqavyP9V5cRrdU9aw
Eqwvy8uVbGkTmUZdtjkGWCcmBSWJvkH3MRJmijS7rDcb8m/g9+xKe79V1c8durGW
vcfMRZZhWaoHyhnHg9+JLUCC3EUCp/1206w5vTXEQNpqi9Z3AZfgboPzJyji4OeY
fcQ5eaIZ3OuIpyQzAgMBAAECggGAD+vUWvsr2datgeZqhfR0YdM9czyGhasn7B4q
EH8VPrA5iGDZCpJdHeLqNfeX0hau0SQ69Q0PDRy/J6O61wtNv2lOy5bLXKMIRBor
FMRxNQDlHEmM999wgtZbAWTJbEVjiF+Jw0M8kMiuA7UnSp31uqhJfhcHt+JU6Gtt
9jlOD2oDzzxS9P6n6bNpCRigkuRdRhQvHUxcjrE2EbyGsaTXIR4+Uh1xh1EcT9Hg
uYqFIfzo3nkhpDk2jAL+UiUZiHfrpO6OfqpNQj27jju/35DT+2hgGuS2JApzpi91
gJSDXwsDQYdP2a2B0y3K0+HwC7/YovAzlXkfes06ebtsiG4Nzl15vnKaTbON0vZO
7jMkedmstKaLGM5PlLW0afls5ahr0dtrhWFs+1QKcv1JahcfeEvggeH9/gtjpunM
MT31VuYbwleWAsRxjGG3OWKLgst4cJXqGTdM21JzBDOP43/ZIaaedl43jJzIgIM5
b4ae9DrhsTNIboYO20XYdwtn9Q2pAoHBAPLO1xTWfqpCwZU6udtX73jMfpwhGlWW
0jqg9gvxs9Neg4nfYMtiliBS5VT+6oID8YSKOSWXHWFGFkBN5hqfGbu5Nd94rY0J
g6UYgGOAcNfoGOTpI2xljpEWJJfquTFgbajwFg+q3p6mL1zShkzvf6hzqENxbLxy
OvEPkszN6cy16jgEUv5qK9qNf7ISB8Ki3yFSKAfuRlapny3TcRTYkJNZ0y398/sG
E5vqrrYyjUWv5Uwz0mHmZpmZuZuaUJxtlwKBwQDi+BKnIiYYwdJPmCNCykRJB02Z
QZlxtnrrajxZsXHysTopX5HkOQH80VSbH6fj287qX7vV0ux2maFLoszjM0wtfQhE
8fsuKRPfzxR0cFtPFtncCHI5FVT2MOsdz5dZ8BsinCgsVlZ3SrUC9gxPKpVdRd21
OUC3r+tOPvM0gdfyT560GDLhaH12iOA5KtWnE3FIEpk6y95D1a4E7zu4ZaoI98UU
F8ezSREzF9UzAcdVn8MA3v82nlGQS8iFI9mHicUCgcACWkS1O/rQNYNgqcgBOxHj
7r9PTfbOW36/+K1JolbmtmS54kMy1Uq1F3iHYUzuY5Fkgl5ZYeRz+9TdXKPdICuE
qR+/gZDU7AGtiNY9oJH3VZVgKm4gb7944mkKW8jdlJybZXAhSLuNd/i/gn6woiVv
gWdg9+lgzg6KJWd7uocIZ77UOh5/vpGcNYDGPex7U06sKPqgUQu3bT9Ql1riI9MK
ynUEXhCOHxnzicuVklnSEgk7usjQEAZweI/W1SDw0xMCgcEAm9BQBdsEqlRNDAVW
l6CB9lyEIiUNsSnkAr9AxRZzMngGhKauYi3ctnICkifOOzgIOZAVRDpzyQu41lLi
M0thDY1bYvF4TX03vprL4Q/NL2NxloNZ3uRNGmIE1sdPkRermTv4vE9dNrHbyDef
xa1nMswm4yV1z2R+to2yqqZE2H1eZyaBr4rrLrfSroxAdl17lE3oUZvpb0o/F/Yg
Wnu4mkV2T0/v8Z3Ep/3BiC29aYOu/Gcab6WKOvQ7qWMuD8U9AoHBAJslXJMsMZVc
UIaxRbknRMEBRBJW6X6EPbV3zGa+R9e9XRSG7jYSOWB9Yb2AbwjsvF4Qq+8VQq+V
Ksxs7XOuwR202oZFzQDMoVj1LL4Cn60rRWlI+p6Q5SB2DQVo2kulTv1NtvdVR+U0
ABa0xp5TKi7+jTY/e3CJGiT69sZc7v2VXptoiGytlUl9GVr0SImD1ZJdaJSJCPZX
S+cEzfF6LVnnhlaq4puuv/vKjumNWDymv3zwZOy9D8nn/tMHqLKWSg==
-----END RSA PRIVATE KEY-----

39
bin/tests/system/nsupdate/CA/private/CA.key Normal file
View File

@@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAouoRHoAc6VCmxNTU6Ge7s+xDFGO0wXJJIsP+8nUyyjWvGCOC
aQYLhb1kLA2NHRhSSKFcMh8jcd7Hlvy6CAec1j2dsWzryy3HgPrdjWaW3PfBO41D
lUtdt8hA/p6pX2YwqvWbdK/3s8J0LY5xRZKNZnFOB/Sb4PGiIJ1NgMRO/M3IlPQm
PO/faRRTU4SI26KCPKFW342826Zi88YwOd6w5mQU4fskk5TGtlNqE+Fj40ZbWVpy
VXoEUS6RveRp020NX5CQG49SLtdF05AnnsATqmgNVCXptGuqW8uaHRONeGO3NBEy
nJmibWBDUMjtCCcGVgyrVXuTkyAJJWpImnshUwgMNYebRwmC2iVv2LtsJS5eUTUH
EWffnFl55XU2PkyNYgY35gA4y3SiWFJYV8+5FibU4ut0nb+lmHBF8WlqcU/kd3tp
Gkf0exjqOIHZFqV9bIhpUbXhxx9v9+gkkGQ9nrXE1KRlvigxxUeIK5xHy9a7fVIL
wo6WuCnLLJmbVkklAgMBAAECggGBAI5ZV3v/FUQIZK+4CBDKEwizeClotZgR9DWc
bDgOj8KABe5hmKGL1qWVRuH3NUYm6j7sP1LMQnxM3LjhOuupOzE3xYIyWhW+eoQI
r23OJiQNl5ohZNweblUXdTMGD5h8AipfUOY0m4tGbZ0gyXixBTxt5HCvG0UB3VgC
GqZY4Wujo5ADhSXZsqxuRiDDvZGr/YBcuTu87Tg/ulam5ZyrKIcnC9gpSVxqsva9
DAMy/cSoxUjd7ukhJISK3G3AF3fV4GSslQcJTlyJ2D3+LnqPuHJKYTI4hc46lN3x
E2g24GdSCPYf6SoEPwACXtbavV8TXwQPJrHN+f+0/ePCI4jkYe5NoA3gwVgMb/WB
wFchxzVh3V4e8tPGiG+ofKl81DSAW8VZCJLUIbTEce9oxafPT78WJxdC0wWbh5S8
V/qN6sW/yWnK3oY9SilWhJGRwKOZ+8xtStaDeCzyCaOqEcWi8ZR0QfC33UozlhdC
SrMKnOXmn/rUuXGrVR56IzIl0M7YAQKBwQDM3GJDdlFuHn6L0syKYdHDS8gXD9ke
s+ochIP6jvkEPcayaEoZGl8s7RT3iztqXod7wLaZdotktxfDAZnJfeuOcVrCu+Bx
HLytnBvV6czMfp3REGgQAJQeusSgtlBCTHHVOsDzIjdnkY3WBa7IiFYWO5wnYrGx
r3ucnwnHaUVDMj1r4YI7mYIpCuYQl6eGyW7mhWewyhVwoQXKbifdrXxjvOigL0Cp
tgsoU9pql3hpphOaYMX6hLOincTfaMxfnCECgcEAy5UXp3dA0OwK+4iDGKr+cUpk
AtGTheiE+8zEVh2KYFLt921mW/QZiB1+xtnkknp3c7u07Ugk8jAEXzCkwMnN5ZCx
LrJ72fC+cLIAbRm6/vMMP8iz83wyttao4qNMeoOBBfE9rEiP+lrugpv282V3ZHYa
IUZWTeugJbckUHTbD3RZQExmQcRVG3m/TzonBfoZ8HoRj/n3d7V2T911cHUhi8Xn
RQIi2m63VofOIep86LgartlKneMWnL0oOPq4RKyFAoHAZUzpDkD4nUJZAx025Yrf
ZfoYNEcy7vq6XmWsuX5vZoiBs4DcezNOMvH9NzdTJxMdXbV61cIHxcK/7j7hZABv
NZ2Z6sdqgaRbLGIQZaPaEJjfwxygyKDwnY1vY6UjZNVWSMFn3hJiYUVZZKakuiao
ow/Q9KzZ/2ot7tG5zTCh/ktekfUOKBiNg2wPPc8wGPeMblMzZflXxrzpFyOHdRev
dcZZJbSX/hO1yrhEPgculNd5xBHsdCegiF4JlwvEW9bhAoHAZQQiy5bx03j8bhkr
q6bVQFPAUmG5iL16lxLg7TYVPnyH1bk0DDaQIKk6CeN+dmxML2IZgY/FvWK0GKOj
bIH2J43nTRuFNvwtEvBQI9KbpfvlvRSSriOXaoATJvoObdAoylEM4BrVTk2mgapw
HA/h8Thk+NPU6S8ctPouC7ogJIf/7Va7erC35j0//0kEqgOSsW9wnXdUItMo1LI3
nsiQD7Hwcp5/utErKcWTM+MNfdA0dUQesT9ILhfyCGvn2TOdAoHBAKldZkDyRcu9
r9uDF1bhUEnpV2k4hgvTuCvQ3rzyx3WrVT8ChEmePC8Ke5A54ffu/YdbpDLbdf2c
j4n5CQhHbMIZs3P2hB3WqDCImApCfMbXaltfBbaT0j7uLJPMp+2+f/wWYpc3R+bn
HVnaRI2PoXXmG9OjQSQdVZ5gNpkEuemAo3dJOSS6BMqQaSxUynGy7o/a/d4izBjd
B58Fwq3sZI/Xv90Se9+b6ICST3YJ3p0vn8RKzmlCQjLg/xynpCByiw==
-----END RSA PRIVATE KEY-----

1
bin/tests/system/nsupdate/CA/serial Normal file
View File

@@ -0,0 +1 @@
70B9F4EB2FA1959C

11
bin/tests/system/nsupdate/dhparam3072.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN DH PARAMETERS-----
MIIBiAKCAYEA5D/Oioe+G+EMf/9RVxmcV4rZAtqZpVTFHcX0ZulvdiQGCQmopm6K
3+0uoU2J6WVMjhna5nHD2NO9miRDI/jIxX9g9k6PedSB4o3fSTtkAnGtUbB8S+Ab
EHtWfd7FTES8P1n16HN7BfPXVbP8zTcK+jO63KdQoxueYoETcrw0Myi9Lm8ri8os
O4oQ+XAH7GzZ60bcYV9jge0XIRUGVnYZDjWMlnwMvZyjLivxKXTC9HPNA6FF1/0H
0LPhsfjdoLNsVHFzfQz7QELMfHbTd0C8y0UMDQw9FqUp0esHZ5gsTlqnDHp2ZHoR
JDfNl4yVO5Gv4HiFJ0NSdggefhESU3FRAOhMmUkctOCxk5hyPqGMsvofOajY2MBp
eCffrKuAU6/dGUeq8inwrZlAMIZ20WyskHmbHnc4DXo2Uo6xSZo3xyEq1ofXXwTZ
vPw4e12so3RJAT2a8UsHf7DG1tH+9ke7HCAJQWxUizRFRsMi1Nl/7ikS4f3zgIbX
GKz9+uk5eS6jAgEC
-----END DH PARAMETERS-----

34
bin/tests/system/nsupdate/ns1/named.conf.in
View File

@@ -11,14 +11,48 @@
* information regarding copyright ownership.
*/
tls tls-forward-secrecy {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv01.crt01.example.nil.key";
cert-file "../CA/certs/srv01.crt01.example.nil.pem";
dhparam-file "../dhparam3072.pem";
};
tls tls-forward-secrecy-mutual-tls {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv01.crt01.example.nil.key";
cert-file "../CA/certs/srv01.crt01.example.nil.pem";
dhparam-file "../dhparam3072.pem";
ca-file "../CA/CA.pem";
};
tls tls-expired {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv01.crt02-expired.example.nil.key";
cert-file "../CA/certs/srv01.crt02-expired.example.nil.pem";
dhparam-file "../dhparam3072.pem";
};
options {
query-source address 10.53.0.1 dscp 1;
notify-source 10.53.0.1 dscp 22;
transfer-source 10.53.0.1 dscp 3;
port @PORT@;
tls-port @TLSPORT@;
pid-file "named.pid";
session-keyfile "session.key";
listen-on { 10.53.0.1; 127.0.0.1; };
listen-on tls ephemeral { 10.53.0.1; };
listen-on port @EXTRAPORT1@ tls tls-forward-secrecy { 10.53.0.1; };
listen-on port @EXTRAPORT2@ tls tls-forward-secrecy-mutual-tls { 10.53.0.1; };
listen-on port @EXTRAPORT3@ tls tls-expired { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;

2
bin/tests/system/nsupdate/ns10/named.conf.in
View File

@@ -16,9 +16,11 @@ options {
notify-source 10.53.0.10;
transfer-source 10.53.0.10;
port @PORT@;
tls-port @TLSPORT@;
pid-file "named.pid";
session-keyfile "session.key";
listen-on { 10.53.0.10; };
listen-on tls ephemeral { 10.53.0.10; };
recursion no;
notify yes;
minimal-responses no;

359
bin/tests/system/nsupdate/tests.sh
View File

@@ -738,7 +738,7 @@ grep "TXT.*everywhere" dig.out.2.test$n > /dev/null || ret=1
n=$((n + 1))
ret=0
echo_i "check 'grant' in deny name + grant subdomain ($n)"
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
key $DEFAULT_HMAC:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
@@ -752,7 +752,7 @@ grep "added" dig.out.ns9.test$n > /dev/null || ret=1
n=$((n + 1))
ret=0
echo_i "check 'deny' in deny name + grant subdomain ($n)"
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
key $DEFAULT_HMAC:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
@@ -838,6 +838,182 @@ if [ $ret -ne 0 ]; then
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (opportunistic-tls) ($n)"
$NSUPDATE -D -S -O -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${TLSPORT}
update add dot-non-auth-client-o.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-non-auth-client-o.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (strict-tls) with an implicit hostname (by IP address) ($n)"
$NSUPDATE -D -S -A CA/CA.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${EXTRAPORT1}
update add dot-non-auth-client.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-non-auth-client.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (strict-tls) with an implicit hostname (by IP address) ($n)"
$NSUPDATE -D -S -A CA/CA.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${EXTRAPORT1}
update add dot-fs.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fs.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (strict-tls) with a correct hostname ($n)"
$NSUPDATE -D -S -A CA/CA.pem -H srv01.crt01.example.nil -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${EXTRAPORT1}
update add dot-fs-h.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fs-h.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (strict-tls) with an incorrect hostname (failure expected) ($n)"
$NSUPDATE -D -S -A CA/CA.pem -H srv01.crt01.example.bad -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.1 ${EXTRAPORT1}
update add dot-fs-h-bad.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fs-h-bad.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (strict-tls) with a wrong authority (failure expected) ($n)"
$NSUPDATE -D -S -A CA/CA-other.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.1 ${EXTRAPORT1}
update add dot-fs-auth-bad.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fs-auth-bad.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (mutual-tls) with a valid client certificate ($n)"
$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/srv01.client01.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${EXTRAPORT2}
update add dot-fsmt.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (mutual-tls) with a valid client certificate but with an incorrect hostname (failure expected) ($n)"
$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/srv01.client01.example.nil.pem -H srv01.crt01.example.bad -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.1 ${EXTRAPORT2}
update add dot-fsmt-h-bad.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-h-bad.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (mutual-tls) with a valid client certificate but with a wrong authority (failure expected) ($n)"
$NSUPDATE -D -S -A CA/CA-other.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/client01.crt01.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.1 ${EXTRAPORT2}
update add dot-fsmt-auth-bad.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-auth-bad.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (mutual-tls) with an expired client certificate (failure expected) ($n)"
$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client02-expired.example.nil.key -E CA/certs/srv01.client02-expired.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.1 ${EXTRAPORT2}
update add dot-fsmt-exp-bad.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-exp-bad.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check DoT (mutual-tls) with a valid client certificate and an expired server certificate (failure expected) ($n)"
$NSUPDATE -D -S -A CA/CA.pem -K CA/certs/srv01.client01.example.nil.key -E CA/certs/srv01.client01.example.nil.pem -k ns1/ddns.key <<END >nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.1 ${EXTRAPORT3}
update add dot-fsmt-exp-bad.example.nil. 600 A 10.10.10.3
send
END
sleep 2
$DIG $DIGOPTS +short @10.53.0.1 dot-fsmt-exp-bad.example.nil >dig.out.test$n 2>&1 || ret=1
grep -F "10.10.10.3" dig.out.test$n >/dev/null 2>&1 && ret=1
if [ $ret -ne 0 ]; then
echo_i "failed"
status=1
fi
n=$((n + 1))
ret=0
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
@@ -1026,7 +1202,7 @@ grep "bad name" nsupdate.out4-$n > /dev/null && ret=1
n=$((n + 1))
echo_i "check adding of delegating NS records processing ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update add child.delegation.test. 3600 NS foo.example.net.
@@ -1041,7 +1217,7 @@ grep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
n=$((n + 1))
echo_i "check deleting of delegating NS records processing ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
@@ -1055,13 +1231,13 @@ grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
n=$((n + 1))
echo_i "check that adding too many records is blocked ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -v << EOF > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone too-big.test.
update add r1.too-big.test 3600 IN TXT r1.too-big.test
send
EOF
grep "update failed: SERVFAIL" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: SERVFAIL" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.3 r1.too-big.test TXT > dig.out.ns3.test$n
grep "status: NXDOMAIN" dig.out.ns3.test$n > /dev/null || ret=1
grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null || ret=1
@@ -1070,14 +1246,14 @@ grep "records in zone (4) exceeds max-records (3)" ns3/named.run > /dev/null ||
n=$((n + 1))
ret=0
echo_i "check whether valid addresses are used for primary failover ($n)"
$NSUPDATE -t 1 <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -t 1 <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.4 ${PORT}
zone unreachable.
update add unreachable. 600 A 192.0.2.1
send
END
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out-$n > /dev/null 2>&1 && ret=1
grep "; Communication with 10.53.0.4#${PORT} failed: timed out" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "not implemented" nsupdate.out.test$n > /dev/null 2>&1 && ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
@@ -1141,39 +1317,39 @@ grep "syntax error" nsupdate.out > /dev/null && ret=1
n=$((n + 1))
ret=0
echo_i "check nsupdate -4 -6 ($n)"
$NSUPDATE -4 -6 <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -4 -6 <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
update del child.delegation.test. 3600 NS bar.example.net.
send
END
grep "only one of -4 and -6 allowed" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "only one of -4 and -6 allowed" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check nsupdate -4 with an IPv6 server address ($n)"
$NSUPDATE -4 <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -4 <<END > nsupdate.out.test$n 2>&1 && ret=1
server fd92:7065:b8e:ffff::2 ${PORT}
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
update del child.delegation.test. 3600 NS bar.example.net.
send
END
grep "address family not supported" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "address family not supported" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check that TKEY in a update is rejected ($n)"
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
update add tkey.example 0 in tkey invalid.algorithm. 1516055980 1516140801 1 0 16 gRof8D2BFKvl/vrr9Lmnjw== 16 gRof8D2BFKvl/vrr9Lmnjw==
send
END
grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: NOERROR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: FORMERR" nsupdate.out.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
@@ -1243,7 +1419,7 @@ grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
nextpart ns3/named.run > /dev/null
# specify zone to override the default of adding to parent zone
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in DS 14364 10 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
@@ -1262,7 +1438,7 @@ echo_i "check that CDS with mismatched algorithm to DNSSEC multisigner zone is n
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDS 14364 14 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
@@ -1282,7 +1458,7 @@ $DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
nextpart ns3/named.run > /dev/null
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDNSKEY 257 3 14 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
@@ -1301,7 +1477,7 @@ echo_i "check that CDS to DNSSEC multisigner zone is allowed ($n)"
$DIG $DIGOPTS +tcp +norec multisigner.test CDS @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDS 14364 13 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
@@ -1316,7 +1492,7 @@ echo_i "check that CDNSKEY to DNSSEC multisigner zone is allowed ($n)"
$DIG $DIGOPTS +tcp +norec multisigner.test CDNSKEY @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone multisigner.test
update add multisigner.test 3600 IN CDNSKEY 257 3 13 d0NQ5PKmDz6P0B1WPMH9/UKRux/toSFwV2nTJYPA1Cx8pB0sJGTXbVhG U+6gye7VCHDhGIn9CjVfb2RJPW7GnQ==
@@ -1328,12 +1504,12 @@ retry_quiet 5 has_positive_response multisigner.test CDNSKEY 10.53.0.3 || ret=1
n=$((n + 1))
ret=0
echo_i "check that excessive NSEC3PARAM iterations are rejected by nsupdate ($n)"
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 && ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in NSEC3PARAM 1 0 151 -
END
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out-$n >/dev/null || ret=1
grep "NSEC3PARAM has excessive iterations (> 150)" nsupdate.out.test$n >/dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
@@ -1344,13 +1520,13 @@ echo_i "check nsupdate retries with another server on REFUSED response ($n)"
# that's what we're testing for. (failure is still expected, however,
# because the address lookup for the primary doesn't use the overridden
# resolv.conf file).
$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE -D -C resolv.conf -p ${PORT} << EOF > nsupdate.out.test$n 2>&1 && ret=1
zone example
update add a 3600 IN A 1.2.3.4
send
EOF
grep '10.53.0.1.*REFUSED' nsupdate.out-$n > /dev/null || ret=1
grep 'Reply from SOA query' nsupdate.out-$n > /dev/null || ret=1
grep '10.53.0.1.*REFUSED' nsupdate.out.test$n > /dev/null || ret=1
grep 'Reply from SOA query' nsupdate.out.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
if ! $FEATURETEST --gssapi ; then
@@ -1361,7 +1537,7 @@ else
echo_i "check krb5-self match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1379,7 +1555,7 @@ EOF
echo_i "check krb5-self no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1387,7 +1563,7 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.7
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 foo.example.com A > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1397,7 +1573,7 @@ EOF
echo_i "check krb5-subdomain match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1415,7 +1591,7 @@ EOF
echo_i "check krb5-subdomain no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1423,7 +1599,7 @@ EOF
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _xxx._udp.example.com SRV > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1433,7 +1609,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs match PTR ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1451,7 +1627,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no-match PTR ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1459,7 +1635,7 @@ EOF
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 5.3.2.1.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1469,7 +1645,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs match SRV ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1487,7 +1663,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no listed types match (SRV & TXT) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1507,7 +1683,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no-match RDATA (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1515,7 +1691,7 @@ EOF
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1525,7 +1701,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs no-match TYPE (TXT) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1533,7 +1709,7 @@ EOF
update add _yyy.self-srv.example.com 3600 IN TXT a-txt-record
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 _yyy.self-srv.example.com TXT > dig.out.ns7.test$n
grep "status: NXDOMAIN" dig.out.ns7.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1546,7 +1722,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1563,7 +1739,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1571,7 +1747,7 @@ EOF
update delete many.ptr.self-ptr.in-addr.arpa PTR
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@@ -1585,7 +1761,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1602,7 +1778,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1610,7 +1786,7 @@ EOF
update delete many.any.self-ptr.in-addr.arpa
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@@ -1624,7 +1800,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1641,7 +1817,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1649,7 +1825,7 @@ EOF
update delete many.srv.self-srv.example.com SRV
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.srv.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@@ -1663,7 +1839,7 @@ EOF
grep "ANSWER: 1," dig.out.ns7.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1680,7 +1856,7 @@ EOF
echo_i "check krb5-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns7/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.7 ${PORT}
@@ -1688,7 +1864,7 @@ EOF
update delete many.any.self-srv.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.7 many.any.self-srv.example.com SRV > dig.out.ns7.test$n
grep "status: NOERROR" dig.out.ns7.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns7.test$n > /dev/null || ret=1
@@ -1699,7 +1875,7 @@ EOF
echo_i "check krb5-selfsub match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.8 ${PORT}
@@ -1717,7 +1893,7 @@ EOF
echo_i "check krb5-selfsub no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns8/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.8 ${PORT}
@@ -1725,7 +1901,7 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.8
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.8 foo.example.com A > dig.out.ns8.test$n
grep "status: NXDOMAIN" dig.out.ns8.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1735,7 +1911,7 @@ EOF
echo_i "check ms-self match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@@ -1753,7 +1929,7 @@ EOF
echo_i "check ms-self no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@@ -1761,7 +1937,7 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.9
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.9 foo.example.com A > dig.out.ns9.test$n
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1771,7 +1947,7 @@ EOF
echo_i "check ms-subdomain match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@@ -1789,7 +1965,7 @@ EOF
echo_i "check ms-subdomain no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns9/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.9 ${PORT}
@@ -1797,7 +1973,7 @@ EOF
update add _xxx._udp.example.com 3600 IN SRV 0 0 0 machine.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.9 _xxx._udp.example.com SRV > dig.out.ns9.test$n
grep "status: NXDOMAIN" dig.out.ns9.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1807,7 +1983,7 @@ EOF
echo_i "check ms-subdomain-self-rhs match (PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1825,7 +2001,7 @@ EOF
echo_i "check ms-subdomain-self-rhs no-match (PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1833,7 +2009,7 @@ EOF
update add 5.3.2.1.in-addr.arpa 3600 IN PTR notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 5.3.2.1.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1843,7 +2019,7 @@ EOF
echo_i "check ms-subdomain-self-rhs match (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1861,7 +2037,7 @@ EOF
echo_i "check ms-subdomain-self-rhs no-match (SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1869,7 +2045,7 @@ EOF
update add _yyy.self-srv.example.com 3600 IN SRV 0 0 0 notme.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 _yyy.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
@@ -1882,7 +2058,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1899,7 +2075,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete SRV (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1907,7 +2083,7 @@ EOF
update delete many.srv.self-srv.example.com SRV
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.srv.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@@ -1921,7 +2097,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1938,7 +2114,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete PTR (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1946,7 +2122,7 @@ EOF
update delete many.ptr.self-ptr.in-addr.arpa PTR
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.ptr.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@@ -1960,7 +2136,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1977,7 +2153,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete ANY (matching PTR with non-matching PTR) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -1985,7 +2161,7 @@ EOF
update delete many.any.self-ptr.in-addr.arpa
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-ptr.in-addr.arpa PTR > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@@ -1999,7 +2175,7 @@ EOF
grep "ANSWER: 1," dig.out.ns10.pre.test$n > /dev/null || ret=1
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -2016,7 +2192,7 @@ EOF
echo_i "check ms-subdomain-self-rhs delete ANY (matching SRV with non-matching SRV) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -2024,7 +2200,7 @@ EOF
update delete many.any.self-srv.example.com
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 many.any.self-srv.example.com SRV > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "ANSWER: 2," dig.out.ns10.test$n > /dev/null || ret=1
@@ -2035,7 +2211,7 @@ EOF
echo_i "check ms-selfsub match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d << EOF > nsupdate.out-$n 2>&1 || ret=1
$NSUPDATE -d << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -2053,7 +2229,7 @@ EOF
echo_i "check ms-selfsub no-match ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
$NSUPDATE << EOF > nsupdate.out.test$n 2>&1 && ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${PORT}
@@ -2061,11 +2237,28 @@ EOF
update add foo.example.com 3600 IN A 10.53.0.10
send
EOF
grep "update failed: REFUSED" nsupdate.out-$n > /dev/null || ret=1
grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1
$DIG $DIGOPTS +tcp @10.53.0.10 foo.example.com A > dig.out.ns10.test$n
grep "status: NXDOMAIN" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=$((n + 1))
ret=0
echo_i "check ms-selfsub match using DoT (opportunistic-tls) ($n)"
KRB5CCNAME="FILE:$(pwd)/ns10/machine.ccache"
export KRB5CCNAME
$NSUPDATE -d -S -O << EOF > nsupdate.out.test$n 2>&1 || ret=1
gsstsig
realm EXAMPLE.COM
server 10.53.0.10 ${TLSPORT}
zone example.com
update add dot.machine.example.com 3600 IN A 10.53.0.10
send
EOF
$DIG $DIGOPTS +tcp @10.53.0.10 dot.machine.example.com A > dig.out.ns10.test$n
grep "status: NOERROR" dig.out.ns10.test$n > /dev/null || ret=1
grep "dot.machine.example.com..*A.*10.53.0.10" dig.out.ns10.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
fi
echo_i "exit status: $status"