upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 12:13:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Disable post zone verification for manykeys

Browse source 
As the expiration time is now+1 the RRSIG records may expire before
the verification step happens.

(cherry picked from commit 0d69afd764)
This commit is contained in:
Mark Andrews 2024-06-19 12:45:09 +10:00
parent 2107a64ee6
commit 3af3ef53a0
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
bin/tests/system/statschannel/ns2/sign.sh
View file

@ -36,7 +36,8 @@ zsk13=$("$KEYGEN" -q -a ECDSAP256SHA256 -L 3600 -b 256 "$zone")
ksk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -L 3600 -b 384 -f KSK "$zone")
zsk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -L 3600 -b 384 "$zone")
# Sign deliberately with a very short expiration date.
"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" >"signzone.out.$zone" 2>&1
# Disable zone verification (-P) as records may expire before signing is complete
"$SIGNER" -P -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" >"signzone.out.$zone" 2>&1
keyfile_to_key_id "$ksk8" >manykeys.ksk8.id
keyfile_to_key_id "$zsk8" >manykeys.zsk8.id
keyfile_to_key_id "$ksk13" >manykeys.ksk13.id