From 69d5e22e58bcbcedd33732d103f9f01cfa99f6c3 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 11 May 2022 14:32:11 +1000 Subject: [PATCH] Make modifications to keyless.example deterministic The perl modifation code for keyless.example was not deterministic (/NXT/ matched part of signature) resulting in different error strings being returned. Replaced /NXT/ with /A RRSIG NSEC/ and updated expected error string, --- bin/tests/system/dnssec/ns3/sign.sh | 6 +++--- bin/tests/system/dnssec/tests.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index abe548eefa..f56edb240c 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -121,12 +121,12 @@ cat "$infile" "$keyname.key" > "$zonefile" "$SIGNER" -z -o "$zone" "$zonefile" > /dev/null -# Change the signer field of the a.b.keyless.example SIG A -# to point to a provably nonexistent KEY record. +# Change the signer field of the a.b.keyless.example RRSIG A +# to point to a provably nonexistent DNSKEY record. zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1 mv "$zonefile.signed" "$zonefiletmp" <"$zonefiletmp" "$PERL" -p -e 's/ keyless.example/ b.keyless.example/ - if /^a.b.keyless.example/../NXT/;' > "$zonefile.signed" + if /^a.b.keyless.example/../A RRSIG NSEC/;' > "$zonefile.signed" rm -f "$zonefiletmp" # diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index dbb8c28015..d3691f1764 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -938,7 +938,7 @@ if [ -x ${DELV} ] ; then ret=0 echo_i "checking that validation fails when key record is missing using dns_client ($n)" delv_with_opts +cd @10.53.0.4 a a.b.keyless.example > delv.out$n 2>&1 || ret=1 - grep "resolution failed: broken trust chain" delv.out$n > /dev/null || ret=1 + grep "resolution failed: insecurity proof failed" delv.out$n > /dev/null || ret=1 n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret))