You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
76 lines
3.0 KiB
76 lines
3.0 KiB
4 weeks ago
|
From aa1b0fc4b24d26233db30c85ae3609e54e9fa6d2 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= <ondrej@isc.org>
|
||
|
Date: Sun, 11 Feb 2024 09:13:43 +0100
|
||
|
Subject: [PATCH] Add a system test for mixed-case data for the same owner
|
||
|
|
||
|
We were missing a test where a single owner name would have multiple
|
||
|
types with a different case. The generated RRSIGs and NSEC records will
|
||
|
then have different case than the signed records and message parser have
|
||
|
to cope with that and treat everything as the same owner.
|
||
|
|
||
|
(cherry picked from commit a114042059ecbbc94ae0f604ca681323a75af480)
|
||
|
(cherry picked from upstream commit b9c10a194da3358204f5ba7d91e55332db435614)
|
||
|
---
|
||
|
bin/tests/system/dnssec/ns3/secure.example.db.in | 5 +++++
|
||
|
bin/tests/system/dnssec/ns3/sign.sh | 4 +++-
|
||
|
bin/tests/system/dnssec/tests.sh | 15 +++++++++++++++
|
||
|
3 files changed, 23 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/bin/tests/system/dnssec/ns3/secure.example.db.in b/bin/tests/system/dnssec/ns3/secure.example.db.in
|
||
|
index 27f2b24..599566e 100644
|
||
|
--- a/bin/tests/system/dnssec/ns3/secure.example.db.in
|
||
|
+++ b/bin/tests/system/dnssec/ns3/secure.example.db.in
|
||
|
@@ -45,3 +45,8 @@ rrsigonly A 10.0.0.29
|
||
|
cnameandkey CNAME @
|
||
|
cnamenokey CNAME @
|
||
|
dnameandkey DNAME @
|
||
|
+
|
||
|
+mixedcase A 10.0.0.30
|
||
|
+mixedCASE TXT "mixed case"
|
||
|
+MIXEDcase AAAA 2002::
|
||
|
+mIxEdCaSe LOC 37 52 56.788 N 121 54 55.02 W 1120m 10m 100m 10m
|
||
|
diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
|
||
|
index 80d412e..d94f382 100644
|
||
|
--- a/bin/tests/system/dnssec/ns3/sign.sh
|
||
|
+++ b/bin/tests/system/dnssec/ns3/sign.sh
|
||
|
@@ -86,7 +86,9 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
|
||
|
|
||
|
cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" > "$zonefile"
|
||
|
|
||
|
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
|
||
|
+"$SIGNER" -P -D -o "$zone" "$zonefile" >/dev/null
|
||
|
+cat "$zonefile" "$zonefile".signed >"$zonefile".tmp
|
||
|
+mv "$zonefile".tmp "$zonefile".signed
|
||
|
|
||
|
zone=bogus.example.
|
||
|
infile=bogus.example.db.in
|
||
|
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
|
||
|
index fe95c8d..0c03970 100644
|
||
|
--- a/bin/tests/system/dnssec/tests.sh
|
||
|
+++ b/bin/tests/system/dnssec/tests.sh
|
||
|
@@ -762,6 +762,21 @@ n=$((n+1))
|
||
|
test "$ret" -eq 0 || echo_i "failed"
|
||
|
status=$((status+ret))
|
||
|
|
||
|
+echo_i "checking mixed-case positive validation ($n)"
|
||
|
+ret=0
|
||
|
+for type in a txt aaaa loc; do
|
||
|
+ dig_with_opts +noauth mixedcase.secure.example. \
|
||
|
+ @10.53.0.3 $type >dig.out.$type.ns3.test$n || ret=1
|
||
|
+ dig_with_opts +noauth mixedcase.secure.example. \
|
||
|
+ @10.53.0.4 $type >dig.out.$type.ns4.test$n || ret=1
|
||
|
+ digcomp --lc dig.out.$type.ns3.test$n dig.out.$type.ns4.test$n || ret=1
|
||
|
+ grep "status: NOERROR" dig.out.$type.ns4.test$n >/dev/null || ret=1
|
||
|
+ grep "flags:.*ad.*QUERY" dig.out.$type.ns4.test$n >/dev/null || ret=1
|
||
|
+done
|
||
|
+n=$((n + 1))
|
||
|
+test "$ret" -eq 0 || echo_i "failed"
|
||
|
+status=$((status + ret))
|
||
|
+
|
||
|
echo_i "checking multi-stage positive validation NSEC/NSEC3 ($n)"
|
||
|
ret=0
|
||
|
dig_with_opts +noauth a.nsec3.example. \
|
||
|
--
|
||
|
2.43.0
|
||
|
|