upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-06 23:02:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[9.20] fix: usr: Use TLS for notifies if configured to do so

Browse source 
Notifies configured to use TLS will now be sent over TLS, instead of plaintext UDP or TCP.
Also, failing to load the TLS configuration for notify now also results in an error.

Closes #4821

Backport of MR !9407

Merge branch 'backport-4821-notify-over-tls-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9684
This commit is contained in:
Mark Andrews 2024-10-24 06:01:40 +00:00
commit c1b82c1fb8
29 changed files with 899 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.reuse/dep5
View file

@ -74,6 +74,11 @@ Files: **/*.after*
bin/tests/system/masterfile/knowngood.include
bin/tests/system/masterfile/knowngood.ttl1
bin/tests/system/masterfile/knowngood.ttl2
bin/tests/system/notify/CA/CA.cfg
bin/tests/system/notify/CA/README
bin/tests/system/notify/CA/index.txt
bin/tests/system/notify/CA/index.txt.attr
bin/tests/system/notify/CA/serial
bin/tests/system/notify/ns4/named.port.in
bin/tests/system/nsupdate/CA/CA.cfg
bin/tests/system/nsupdate/CA/README

5
bin/tests/system/notify/.gitignore vendored Normal file
View file

@ -0,0 +1,5 @@
# temporary files generated by "openssl ca"
/CA/*.old
# there is little point in keeping the certificate requests
# for the issued certificates
/CA/certs/*.csr

77
bin/tests/system/notify/CA/CA.cfg Normal file
View file

@ -0,0 +1,77 @@
# See ../../doth/CA/ca.cfg for more information
# certificate authority configuration
[ca]
default_ca = CA_default # The default ca section
[CA_default]
dir = .
new_certs_dir = $dir/newcerts # new certs dir (must be created)
certificate = $dir/CA.pem # The CA cert
private_key = $dir/private/CA.key # CA private key
serial = $dir/serial # serial number file for the next certificate
# Update before issuing it:
# xxd -l 8 -u -ps /dev/urandom > ./serial
database = $dir/index.txt # (must be created manually: touch ./index.txt)
default_days = 1 # how long to certify for
#default_crl_days = 30 # the number of days before the
default_crl_days = 10950 # next CRL is due. That is the
# days from now to place in the
# CRL nextUpdate field. If CRL
# is expired, certificate
# verifications will fail even
# for otherwise valid
# certificates. Clients might
# cache the CRL, so the expiry
# period should normally be
# relatively short (default:
# 30) for production CAs.
default_md = sha256 # digest to use
policy = policy_default # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
# We need the following in order to copy Subject Alt Name(s) from a
# request to the certificate.
copy_extensions = copy # copy extensions from request
[policy_default]
countryName = optional
stateOrProvinceName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# default certificate requests settings
[req]
# Options for the `req` tool (`man req`).
default_bits = 3072 # for RSA only
distinguished_name = req_default
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-256 instead.
default_md = sha256
# do not encrypt the private key file
encrypt_key = no
[req_default]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (e.g., city)
0.organizationName = Organization Name (e.g., company)
organizationalUnitName = Organizational Unit Name (e.g. department)
commonName = Common Name (e.g. server FQDN or YOUR name)
emailAddress = Email Address
# defaults
countryName_default = UA
stateOrProvinceName_default = Kharkiv Oblast
localityName_default = Kharkiv
0.organizationName_default = ISC
organizationalUnitName_default = Software Engeneering (BIND 9)

29
bin/tests/system/notify/CA/CA.pem Normal file
View file

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE3TCCA0WgAwIBAgIUeZPKrvbGEBZaRc2jNczlIsJXyPYwDQYJKoZIhvcNAQEL
BQAwfTELMAkGA1UEBhMCVUExGDAWBgNVBAgMD0toYXJraXYgT2JsYXN0JzEQMA4G
A1UEBwwHS2hhcmtpdjEkMCIGA1UECgwbSW50ZXJuZXQgU3lzdGVtcyBDb25zb3J0
aXVtMRwwGgYDVQQDDBNjYS50ZXN0LmV4YW1wbGUuY29tMCAXDTIyMDEyNDEyNDA1
NFoYDzIwNTIwMTE3MTI0MDU0WjB9MQswCQYDVQQGEwJVQTEYMBYGA1UECAwPS2hh
cmtpdiBPYmxhc3QnMRAwDgYDVQQHDAdLaGFya2l2MSQwIgYDVQQKDBtJbnRlcm5l
dCBTeXN0ZW1zIENvbnNvcnRpdW0xHDAaBgNVBAMME2NhLnRlc3QuZXhhbXBsZS5j
b20wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCi6hEegBzpUKbE1NTo
Z7uz7EMUY7TBckkiw/7ydTLKNa8YI4JpBguFvWQsDY0dGFJIoVwyHyNx3seW/LoI
B5zWPZ2xbOvLLceA+t2NZpbc98E7jUOVS123yED+nqlfZjCq9Zt0r/ezwnQtjnFF
ko1mcU4H9Jvg8aIgnU2AxE78zciU9CY8799pFFNThIjbooI8oVbfjbzbpmLzxjA5
3rDmZBTh+ySTlMa2U2oT4WPjRltZWnJVegRRLpG95GnTbQ1fkJAbj1Iu10XTkCee
wBOqaA1UJem0a6pby5odE414Y7c0ETKcmaJtYENQyO0IJwZWDKtVe5OTIAklakia
eyFTCAw1h5tHCYLaJW/Yu2wlLl5RNQcRZ9+cWXnldTY+TI1iBjfmADjLdKJYUlhX
z7kWJtTi63Sdv6WYcEXxaWpxT+R3e2kaR/R7GOo4gdkWpX1siGlRteHHH2/36CSQ
ZD2etcTUpGW+KDHFR4grnEfL1rt9UgvCjpa4KcssmZtWSSUCAwEAAaNTMFEwHQYD
VR0OBBYEFHyJ6Fzr5R9ySATFj/uSCJz1YCY5MB8GA1UdIwQYMBaAFHyJ6Fzr5R9y
SATFj/uSCJz1YCY5MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggGB
AF3y0hvzyZWtmuG1JwIcOcc1aPl1KdRy8bao/5iHYGYYrsdDgcO5/e+y9S/izalc
TdW7SKB5iBOCiE8fBNtToCvGP+fxNxHijpAmTr37G5sWuSo1T1VYFizHWL+df/Ig
TcSvDrEjSnAwaEdNJUWtjoIC4VzNKTLtZf16QIATTzTZa3bfgSetpWS7LhLQbHod
CSGI2QB1LRbqGC+a1Y85QxHv81jWzPWPzXYvnOLrDdQyBMOBcxDzrN4b6zg+5Itz
qGYt+IS71jAH0IhxAyD/U5n1jGJv02BnSq0ynLEOD6gsnZjqAwPbt/PM9pGbtbXO
70Q9rxr+vQc1IISKAEiH3txaEPi10wU98d6LbInJvQrmgHo/ntet8skWNYuxlEzS
wvynuE9KvvQtOTodWt5AePtKrhHdxu527a4CHVp59nYUjKSdMKjvmhMRXM1cNjFE
rA/pyyhozR47w3RzHMJVHw2GJ2B/HeqmxpXr1CmJjoRP38QCR7N+mqiZy85Fq2j2
8Q==
-----END CERTIFICATE-----

2
bin/tests/system/notify/CA/README Normal file
View file

@ -0,0 +1,2 @@
Please take a look at the contents of the CA.cfg file for further
instructions and configurations options.

6
bin/tests/system/notify/CA/certs/srv02.crt01-expired.example.com.key Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBbu3hxycrhJ+msVeQ0
mNB/WkW7rxNr8Zi8iXLETgBJ40cJu0d/IA4jrJ4gvfwT82uhZANiAAT+AGZM20R/
AnlbmJOoZ4qHWgcPhEDIZ3+5rzIYpyL67adW2henRZ2s/ULMi/v/OpLYfuT8f1Ro
RHxhJUK0kpu1yx1R0mEI94kimw2Ocpnf2VHIksml+D8tEek0h0lczC0=
-----END PRIVATE KEY-----

76
bin/tests/system/notify/CA/certs/srv02.crt01-expired.example.com.pem Normal file
View file

@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 17 16:18:18 2024 GMT
Not After : Sep 18 16:18:18 2024 GMT
Subject: CN=srv02.crt01-expired.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:fe:00:66:4c:db:44:7f:02:79:5b:98:93:a8:67:
8a:87:5a:07:0f:84:40:c8:67:7f:b9:af:32:18:a7:
22:fa:ed:a7:56:da:17:a7:45:9d:ac:fd:42:cc:8b:
fb:ff:3a:92:d8:7e:e4:fc:7f:54:68:44:7c:61:25:
42:b4:92:9b:b5:cb:1d:51:d2:61:08:f7:89:22:9b:
0d:8e:72:99:df:d9:51:c8:92:c9:a5:f8:3f:2d:11:
e9:34:87:49:5c:cc:2d
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01-expired.example.com, IP Address:10.53.0.2
X509v3 Subject Key Identifier:
03:4C:AC:DE:C0:A3:EB:04:56:1C:10:47:EB:C9:4D:1A:5F:FD:8E:A1
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
25:33:d0:30:6e:60:5e:f3:29:e7:1d:36:83:4d:cd:06:d2:35:
df:80:76:25:e5:56:c6:e7:5f:cb:70:c8:30:da:a1:15:50:1b:
5d:e0:7b:01:60:47:32:ee:ea:98:cd:27:c2:2e:b8:d5:4a:2f:
76:7b:f1:0d:ff:c3:b3:74:f9:98:37:c1:07:85:04:55:8f:42:
25:b7:21:03:50:83:50:01:6a:88:84:bc:83:2c:48:3f:e5:96:
04:d7:b5:56:68:7c:fe:d9:06:e2:bc:f0:fd:47:fd:4b:4c:9b:
15:ca:ab:10:e4:8d:8f:b5:f7:dd:69:8c:9d:06:00:8f:80:5b:
30:a6:6c:31:d2:b8:4b:cf:10:2a:bf:64:fb:be:da:3f:e2:ee:
f1:6c:74:02:a7:c5:0c:e2:13:f1:54:63:a9:45:43:7b:b7:85:
a3:48:00:62:34:db:ac:a1:b6:b8:76:b9:d9:aa:17:a2:f9:0b:
96:87:ad:da:5e:95:50:2b:73:17:d7:2c:d0:43:40:e3:e9:80:
e2:87:be:1d:65:68:17:0d:90:98:0a:9b:6d:4f:2d:91:3e:f0:
16:4e:c0:c3:e7:a9:a6:e8:bf:8e:b6:d0:3b:72:e6:d9:9a:b3:
70:82:23:c1:02:c2:cc:91:d7:75:19:3c:79:33:ea:86:8d:80:
9a:6b:f2:93:b4:dc:22:19:11:82:3d:62:1d:e5:58:58:7f:50:
84:b0:d4:5a:67:be:d0:28:b0:be:a1:7f:9d:1b:a2:98:9b:70:
5a:c0:a8:c5:03:ec:de:8a:e2:ea:03:2d:4e:9f:6c:7d:d8:0e:
41:3c:58:df:3f:1e:4f:69:04:68:54:59:58:ef:dd:e3:32:b3:
2c:b4:cc:40:28:eb:3e:3b:37:fd:42:f7:d9:60:bf:fa:6d:87:
ca:ed:43:24:93:47:a8:bc:54:cc:c9:4d:ac:d0:b8:09:cb:85:
c3:02:55:73:bf:f0:ff:a3:fc:d2:d1:ae:ea:5a:96:6a:76:51:
fb:da:d9:ad:e4:cd
-----BEGIN CERTIFICATE-----
MIIDcDCCAdigAwIBAgIJAMWGaDl7HMSiMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAeFw0yNDA5MTcxNjE4MThaFw0yNDA5MTgx
NjE4MThaMCoxKDAmBgNVBAMMH3NydjAyLmNydDAxLWV4cGlyZWQuZXhhbXBsZS5j
b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT+AGZM20R/AnlbmJOoZ4qHWgcPhEDI
Z3+5rzIYpyL67adW2henRZ2s/ULMi/v/OpLYfuT8f1RoRHxhJUK0kpu1yx1R0mEI
94kimw2Ocpnf2VHIksml+D8tEek0h0lczC2jdDByMDAGA1UdEQQpMCeCH3NydjAy
LmNydDAxLWV4cGlyZWQuZXhhbXBsZS5jb22HBAo1AAIwHQYDVR0OBBYEFANMrN7A
o+sEVhwQR+vJTRpf/Y6hMB8GA1UdIwQYMBaAFHyJ6Fzr5R9ySATFj/uSCJz1YCY5
MA0GCSqGSIb3DQEBCwUAA4IBgQAlM9AwbmBe8ynnHTaDTc0G0jXfgHYl5VbG51/L
cMgw2qEVUBtd4HsBYEcy7uqYzSfCLrjVSi92e/EN/8OzdPmYN8EHhQRVj0IltyED
UINQAWqIhLyDLEg/5ZYE17VWaHz+2QbivPD9R/1LTJsVyqsQ5I2PtffdaYydBgCP
gFswpmwx0rhLzxAqv2T7vto/4u7xbHQCp8UM4hPxVGOpRUN7t4WjSABiNNusoba4
drnZqhei+QuWh63aXpVQK3MX1yzQQ0Dj6YDih74dZWgXDZCYCpttTy2RPvAWTsDD
56mm6L+OttA7cubZmrNwgiPBAsLMkdd1GTx5M+qGjYCaa/KTtNwiGRGCPWId5VhY
f1CEsNRaZ77QKLC+oX+dG6KYm3BawKjFA+zeiuLqAy1On2x92A5BPFjfPx5PaQRo
VFlY793jMrMstMxAKOs+Ozf9QvfZYL/6bYfK7UMkk0eovFTMyU2s0LgJy4XDAlVz
v/D/o/zS0a7qWpZqdlH72tmt5M0=
-----END CERTIFICATE-----

6
bin/tests/system/notify/CA/certs/srv02.crt01.example.com.key Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAxARyCz9Aq5XQpE4SV
IKYvvz2K9IjosWKkcbxjh0rW62RGyi4c3pSo6so8tpvHXzmhZANiAAQ2bCdh34Lt
hA8MzF7BeZhYfvUODFH3fSSAJuRDMSaO02f294+E2Icy91W9AhFetSceZa0Dhldc
aVVaPVm3bhhjvLUGFImFmccFtNtQj/llRCbY9VFtbfXaY/Vq5243EAg=
-----END PRIVATE KEY-----

76
bin/tests/system/notify/CA/certs/srv02.crt01.example.com.pem Normal file
View file

@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 3 15:33:14 2024 GMT
Not After : Aug 27 15:33:14 2054 GMT
Subject: CN=srv02.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:36:6c:27:61:df:82:ed:84:0f:0c:cc:5e:c1:79:
98:58:7e:f5:0e:0c:51:f7:7d:24:80:26:e4:43:31:
26:8e:d3:67:f6:f7:8f:84:d8:87:32:f7:55:bd:02:
11:5e:b5:27:1e:65:ad:03:86:57:5c:69:55:5a:3d:
59:b7:6e:18:63:bc:b5:06:14:89:85:99:c7:05:b4:
db:50:8f:f9:65:44:26:d8:f5:51:6d:6d:f5:da:63:
f5:6a:e7:6e:37:10:08
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01.example.com, IP Address:10.53.0.2
X509v3 Subject Key Identifier:
4C:A6:2B:5F:55:DF:2E:1E:FA:E8:C6:3F:05:25:20:69:BA:60:3B:E2
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1d:22:c4:60:42:9a:d8:ac:54:cf:77:be:17:d0:eb:b4:7d:44:
b1:ad:bf:53:0e:be:61:37:bf:7b:a6:78:7e:a0:3f:aa:21:cd:
09:3a:d4:41:b5:9f:31:a2:c9:db:df:94:a4:05:02:dd:98:04:
38:55:af:20:3a:4d:82:cd:37:0f:a5:b8:9c:dc:0d:f8:07:c9:
9d:8e:0a:4f:df:f1:8d:0c:53:9b:56:a2:35:7e:0a:3d:47:89:
ad:76:8f:6c:f5:15:0e:3f:05:af:fb:f8:97:97:a3:91:a6:cf:
22:04:c0:35:24:84:b4:e5:4d:c0:bf:e0:8d:8b:59:bf:71:2e:
c3:d8:8e:c9:9d:ba:0a:32:cb:0f:b8:b8:e3:91:f9:77:78:55:
17:9f:6e:09:d6:29:86:25:b6:0d:9b:52:b7:0a:75:f7:cd:09:
5d:04:83:9f:08:8f:eb:8c:23:73:e0:14:2b:be:ba:22:96:8f:
68:f8:c7:39:a7:44:9b:1d:ce:cb:eb:04:33:c0:da:b8:03:c0:
5b:7a:3c:a1:f5:28:92:93:06:f2:32:c3:38:fe:68:5d:64:21:
6e:3f:8b:80:f8:01:8f:19:5c:fa:13:6c:5e:27:55:19:70:87:
70:02:80:79:d2:37:d3:d9:05:b1:8e:50:37:24:f0:32:33:bb:
e9:f2:26:f8:19:92:d5:ad:2a:09:c1:b0:48:52:f4:e3:62:cd:
e1:b4:51:d9:0a:88:e3:fb:1e:c9:5c:a5:83:fe:30:9d:cf:83:
22:ba:1a:cd:c9:a9:e0:3d:cc:8d:f7:68:9e:17:a2:36:78:ab:
6f:01:de:20:a1:0d:a2:30:12:ee:45:14:b6:f7:c4:e4:d3:4e:
c7:0b:d7:14:b2:49:5c:f8:3a:fc:29:43:fa:97:d1:70:46:54:
c0:a9:c6:eb:f0:91:59:0e:24:8f:e5:38:79:38:fb:86:ab:3c:
b1:ea:d2:a3:4c:2c:e4:29:1a:03:da:54:a0:a6:73:ac:b4:c8:
02:5a:4c:38:e0:23
-----BEGIN CERTIFICATE-----
MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSfMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMTRaGA8yMDU0MDgy
NzE1MzMxNFowIjEgMB4GA1UEAwwXc3J2MDIuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
BgcqhkjOPQIBBgUrgQQAIgNiAAQ2bCdh34LthA8MzF7BeZhYfvUODFH3fSSAJuRD
MSaO02f294+E2Icy91W9AhFetSceZa0DhldcaVVaPVm3bhhjvLUGFImFmccFtNtQ
j/llRCbY9VFtbfXaY/Vq5243EAijbDBqMCgGA1UdEQQhMB+CF3NydjAyLmNydDAx
LmV4YW1wbGUuY29thwQKNQACMB0GA1UdDgQWBBRMpitfVd8uHvroxj8FJSBpumA7
4jAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
AAOCAYEAHSLEYEKa2KxUz3e+F9DrtH1Esa2/Uw6+YTe/e6Z4fqA/qiHNCTrUQbWf
MaLJ29+UpAUC3ZgEOFWvIDpNgs03D6W4nNwN+AfJnY4KT9/xjQxTm1aiNX4KPUeJ
rXaPbPUVDj8Fr/v4l5ejkabPIgTANSSEtOVNwL/gjYtZv3Euw9iOyZ26CjLLD7i4
45H5d3hVF59uCdYphiW2DZtStwp1980JXQSDnwiP64wjc+AUK766IpaPaPjHOadE
mx3Oy+sEM8DauAPAW3o8ofUokpMG8jLDOP5oXWQhbj+LgPgBjxlc+hNsXidVGXCH
cAKAedI309kFsY5QNyTwMjO76fIm+BmS1a0qCcGwSFL042LN4bRR2QqI4/seyVyl
g/4wnc+DIroazcmp4D3MjfdonheiNnirbwHeIKENojAS7kUUtvfE5NNOxwvXFLJJ
XPg6/ClD+pfRcEZUwKnG6/CRWQ4kj+U4eTj7hqs8serSo0ws5CkaA9pUoKZzrLTI
AlpMOOAj
-----END CERTIFICATE-----

6
bin/tests/system/notify/CA/certs/srv03.crt01.example.com.key Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN PRIVATE KEY-----
MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAEmVA9V00diOvZfEJV
N7piEbfN7fULRHWg2k4g7V2Ivpn9LfBsaYh5+Acf271G0mKhZANiAAQSbFty27Ro
RO7BPZFI9yM5V64xIUGMe4o4LYBA6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X
/x36gVJCzgXSBXPNktdMIxki9cttREvXo1cmELKl/n+PXDgxcbg/RbM=
-----END PRIVATE KEY-----

76
bin/tests/system/notify/CA/certs/srv03.crt01.example.com.pem Normal file
View file

@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 3 15:33:18 2024 GMT
Not After : Aug 27 15:33:18 2054 GMT
Subject: CN=srv03.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:12:6c:5b:72:db:b4:68:44:ee:c1:3d:91:48:f7:
23:39:57:ae:31:21:41:8c:7b:8a:38:2d:80:40:e9:
c2:a1:14:50:95:3b:47:d7:ea:1e:9b:3b:4c:20:87:
67:c2:81:86:d6:3a:ad:97:e9:0d:57:ff:1d:fa:81:
52:42:ce:05:d2:05:73:cd:92:d7:4c:23:19:22:f5:
cb:6d:44:4b:d7:a3:57:26:10:b2:a5:fe:7f:8f:5c:
38:31:71:b8:3f:45:b3
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv03.crt01.example.com, IP Address:10.53.0.3
X509v3 Subject Key Identifier:
6A:4F:85:19:52:0E:08:29:28:1B:96:53:84:97:0E:AA:35:C3:96:27
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
62:05:bb:62:4e:2a:6a:46:00:49:3e:83:b3:a7:ff:40:68:02:
36:06:1f:e7:c9:47:db:72:09:be:78:bc:e6:c5:b4:8c:51:7c:
d5:93:06:ec:24:ad:11:a7:32:16:3a:55:79:a3:ab:4c:68:10:
78:f2:e8:24:b3:c0:9c:3a:cd:11:45:7a:22:37:3e:a3:9d:5d:
3e:ed:91:bd:58:04:2d:f6:6d:2e:0f:61:1d:4f:ab:d7:47:11:
1b:c7:06:9d:1d:2d:df:85:93:fa:08:dc:27:32:3a:70:37:61:
7a:58:95:0a:ca:62:ea:28:64:a1:2d:37:0e:7d:f9:0a:6c:71:
23:20:6a:5d:2d:6b:f2:fe:23:f8:7b:89:51:21:e3:dd:2d:52:
e7:a3:bc:b9:62:86:65:21:de:90:6a:66:f8:ef:25:aa:da:e5:
b7:5f:f1:8e:ab:2d:5a:50:5f:b8:98:8a:00:d0:7b:e3:51:ec:
d8:a5:67:ee:2a:93:b5:62:84:9b:f5:c7:cd:72:de:53:99:a8:
45:b3:f6:4c:31:58:f2:5c:cd:a3:ec:f1:1c:3a:29:cf:8e:b8:
60:ba:c3:cd:d9:7d:bd:9a:b0:41:b3:dd:fb:37:0f:56:54:5b:
5e:99:d1:a7:58:57:ac:9e:52:c5:74:3e:c2:df:72:82:07:bf:
b2:48:87:9e:16:d8:03:3b:3b:a2:0a:03:55:83:69:44:f2:14:
c8:6b:50:20:89:85:16:b4:be:c6:6c:42:91:00:09:d7:55:9f:
c3:0c:9b:5f:58:bf:43:9d:42:ca:f3:25:1f:d8:f4:b2:87:86:
a8:59:60:e9:53:23:2e:27:e8:97:02:d6:a6:91:9a:81:fb:28:
e4:47:86:c3:3a:55:ca:f0:24:1f:be:dd:00:d3:db:6a:20:5c:
a3:b0:7a:5f:d9:a7:9b:35:f7:23:c7:2b:9d:98:f9:5c:89:5a:
6d:d4:ed:1c:d7:ec:40:0c:b0:c2:92:24:4b:78:a1:ab:7e:27:
cf:19:2c:ec:3a:77
-----BEGIN CERTIFICATE-----
MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSgMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMThaGA8yMDU0MDgy
NzE1MzMxOFowIjEgMB4GA1UEAwwXc3J2MDMuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
BgcqhkjOPQIBBgUrgQQAIgNiAAQSbFty27RoRO7BPZFI9yM5V64xIUGMe4o4LYBA
6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X/x36gVJCzgXSBXPNktdMIxki9ctt
REvXo1cmELKl/n+PXDgxcbg/RbOjbDBqMCgGA1UdEQQhMB+CF3NydjAzLmNydDAx
LmV4YW1wbGUuY29thwQKNQADMB0GA1UdDgQWBBRqT4UZUg4IKSgbllOElw6qNcOW
JzAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
AAOCAYEAYgW7Yk4qakYAST6Ds6f/QGgCNgYf58lH23IJvni85sW0jFF81ZMG7CSt
EacyFjpVeaOrTGgQePLoJLPAnDrNEUV6Ijc+o51dPu2RvVgELfZtLg9hHU+r10cR
G8cGnR0t34WT+gjcJzI6cDdheliVCspi6ihkoS03Dn35CmxxIyBqXS1r8v4j+HuJ
USHj3S1S56O8uWKGZSHekGpm+O8lqtrlt1/xjqstWlBfuJiKANB741Hs2KVn7iqT
tWKEm/XHzXLeU5moRbP2TDFY8lzNo+zxHDopz464YLrDzdl9vZqwQbPd+zcPVlRb
XpnRp1hXrJ5SxXQ+wt9ygge/skiHnhbYAzs7ogoDVYNpRPIUyGtQIImFFrS+xmxC
kQAJ11WfwwybX1i/Q51CyvMlH9j0soeGqFlg6VMjLifolwLWppGagfso5EeGwzpV
yvAkH77dANPbaiBco7B6X9mnmzX3I8crnZj5XIlabdTtHNfsQAywwpIkS3ihq34n
zxks7Dp3
-----END CERTIFICATE-----

3
bin/tests/system/notify/CA/index.txt Normal file
View file

@ -0,0 +1,3 @@
V 20540827153314Z C58668397B1CC49F unknown /CN=srv02.crt01.example.com
V 20540827153318Z C58668397B1CC4A0 unknown /CN=srv03.crt01.example.com
V 240918161818Z C58668397B1CC4A2 unknown /CN=srv02.crt01-expired.example.com

1
bin/tests/system/notify/CA/index.txt.attr Normal file
View file

@ -0,0 +1 @@
unique_subject = yes

76
bin/tests/system/notify/CA/newcerts/C58668397B1CC49F.pem Normal file
View file

@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 3 15:33:14 2024 GMT
Not After : Aug 27 15:33:14 2054 GMT
Subject: CN=srv02.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:36:6c:27:61:df:82:ed:84:0f:0c:cc:5e:c1:79:
98:58:7e:f5:0e:0c:51:f7:7d:24:80:26:e4:43:31:
26:8e:d3:67:f6:f7:8f:84:d8:87:32:f7:55:bd:02:
11:5e:b5:27:1e:65:ad:03:86:57:5c:69:55:5a:3d:
59:b7:6e:18:63:bc:b5:06:14:89:85:99:c7:05:b4:
db:50:8f:f9:65:44:26:d8:f5:51:6d:6d:f5:da:63:
f5:6a:e7:6e:37:10:08
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01.example.com, IP Address:10.53.0.2
X509v3 Subject Key Identifier:
4C:A6:2B:5F:55:DF:2E:1E:FA:E8:C6:3F:05:25:20:69:BA:60:3B:E2
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
1d:22:c4:60:42:9a:d8:ac:54:cf:77:be:17:d0:eb:b4:7d:44:
b1:ad:bf:53:0e:be:61:37:bf:7b:a6:78:7e:a0:3f:aa:21:cd:
09:3a:d4:41:b5:9f:31:a2:c9:db:df:94:a4:05:02:dd:98:04:
38:55:af:20:3a:4d:82:cd:37:0f:a5:b8:9c:dc:0d:f8:07:c9:
9d:8e:0a:4f:df:f1:8d:0c:53:9b:56:a2:35:7e:0a:3d:47:89:
ad:76:8f:6c:f5:15:0e:3f:05:af:fb:f8:97:97:a3:91:a6:cf:
22:04:c0:35:24:84:b4:e5:4d:c0:bf:e0:8d:8b:59:bf:71:2e:
c3:d8:8e:c9:9d:ba:0a:32:cb:0f:b8:b8:e3:91:f9:77:78:55:
17:9f:6e:09:d6:29:86:25:b6:0d:9b:52:b7:0a:75:f7:cd:09:
5d:04:83:9f:08:8f:eb:8c:23:73:e0:14:2b:be:ba:22:96:8f:
68:f8:c7:39:a7:44:9b:1d:ce:cb:eb:04:33:c0:da:b8:03:c0:
5b:7a:3c:a1:f5:28:92:93:06:f2:32:c3:38:fe:68:5d:64:21:
6e:3f:8b:80:f8:01:8f:19:5c:fa:13:6c:5e:27:55:19:70:87:
70:02:80:79:d2:37:d3:d9:05:b1:8e:50:37:24:f0:32:33:bb:
e9:f2:26:f8:19:92:d5:ad:2a:09:c1:b0:48:52:f4:e3:62:cd:
e1:b4:51:d9:0a:88:e3:fb:1e:c9:5c:a5:83:fe:30:9d:cf:83:
22:ba:1a:cd:c9:a9:e0:3d:cc:8d:f7:68:9e:17:a2:36:78:ab:
6f:01:de:20:a1:0d:a2:30:12:ee:45:14:b6:f7:c4:e4:d3:4e:
c7:0b:d7:14:b2:49:5c:f8:3a:fc:29:43:fa:97:d1:70:46:54:
c0:a9:c6:eb:f0:91:59:0e:24:8f:e5:38:79:38:fb:86:ab:3c:
b1:ea:d2:a3:4c:2c:e4:29:1a:03:da:54:a0:a6:73:ac:b4:c8:
02:5a:4c:38:e0:23
-----BEGIN CERTIFICATE-----
MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSfMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMTRaGA8yMDU0MDgy
NzE1MzMxNFowIjEgMB4GA1UEAwwXc3J2MDIuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
BgcqhkjOPQIBBgUrgQQAIgNiAAQ2bCdh34LthA8MzF7BeZhYfvUODFH3fSSAJuRD
MSaO02f294+E2Icy91W9AhFetSceZa0DhldcaVVaPVm3bhhjvLUGFImFmccFtNtQ
j/llRCbY9VFtbfXaY/Vq5243EAijbDBqMCgGA1UdEQQhMB+CF3NydjAyLmNydDAx
LmV4YW1wbGUuY29thwQKNQACMB0GA1UdDgQWBBRMpitfVd8uHvroxj8FJSBpumA7
4jAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
AAOCAYEAHSLEYEKa2KxUz3e+F9DrtH1Esa2/Uw6+YTe/e6Z4fqA/qiHNCTrUQbWf
MaLJ29+UpAUC3ZgEOFWvIDpNgs03D6W4nNwN+AfJnY4KT9/xjQxTm1aiNX4KPUeJ
rXaPbPUVDj8Fr/v4l5ejkabPIgTANSSEtOVNwL/gjYtZv3Euw9iOyZ26CjLLD7i4
45H5d3hVF59uCdYphiW2DZtStwp1980JXQSDnwiP64wjc+AUK766IpaPaPjHOadE
mx3Oy+sEM8DauAPAW3o8ofUokpMG8jLDOP5oXWQhbj+LgPgBjxlc+hNsXidVGXCH
cAKAedI309kFsY5QNyTwMjO76fIm+BmS1a0qCcGwSFL042LN4bRR2QqI4/seyVyl
g/4wnc+DIroazcmp4D3MjfdonheiNnirbwHeIKENojAS7kUUtvfE5NNOxwvXFLJJ
XPg6/ClD+pfRcEZUwKnG6/CRWQ4kj+U4eTj7hqs8serSo0ws5CkaA9pUoKZzrLTI
AlpMOOAj
-----END CERTIFICATE-----

76
bin/tests/system/notify/CA/newcerts/C58668397B1CC4A0.pem Normal file
View file

@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 3 15:33:18 2024 GMT
Not After : Aug 27 15:33:18 2054 GMT
Subject: CN=srv03.crt01.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:12:6c:5b:72:db:b4:68:44:ee:c1:3d:91:48:f7:
23:39:57:ae:31:21:41:8c:7b:8a:38:2d:80:40:e9:
c2:a1:14:50:95:3b:47:d7:ea:1e:9b:3b:4c:20:87:
67:c2:81:86:d6:3a:ad:97:e9:0d:57:ff:1d:fa:81:
52:42:ce:05:d2:05:73:cd:92:d7:4c:23:19:22:f5:
cb:6d:44:4b:d7:a3:57:26:10:b2:a5:fe:7f:8f:5c:
38:31:71:b8:3f:45:b3
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv03.crt01.example.com, IP Address:10.53.0.3
X509v3 Subject Key Identifier:
6A:4F:85:19:52:0E:08:29:28:1B:96:53:84:97:0E:AA:35:C3:96:27
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
62:05:bb:62:4e:2a:6a:46:00:49:3e:83:b3:a7:ff:40:68:02:
36:06:1f:e7:c9:47:db:72:09:be:78:bc:e6:c5:b4:8c:51:7c:
d5:93:06:ec:24:ad:11:a7:32:16:3a:55:79:a3:ab:4c:68:10:
78:f2:e8:24:b3:c0:9c:3a:cd:11:45:7a:22:37:3e:a3:9d:5d:
3e:ed:91:bd:58:04:2d:f6:6d:2e:0f:61:1d:4f:ab:d7:47:11:
1b:c7:06:9d:1d:2d:df:85:93:fa:08:dc:27:32:3a:70:37:61:
7a:58:95:0a:ca:62:ea:28:64:a1:2d:37:0e:7d:f9:0a:6c:71:
23:20:6a:5d:2d:6b:f2:fe:23:f8:7b:89:51:21:e3:dd:2d:52:
e7:a3:bc:b9:62:86:65:21:de:90:6a:66:f8:ef:25:aa:da:e5:
b7:5f:f1:8e:ab:2d:5a:50:5f:b8:98:8a:00:d0:7b:e3:51:ec:
d8:a5:67:ee:2a:93:b5:62:84:9b:f5:c7:cd:72:de:53:99:a8:
45:b3:f6:4c:31:58:f2:5c:cd:a3:ec:f1:1c:3a:29:cf:8e:b8:
60:ba:c3:cd:d9:7d:bd:9a:b0:41:b3:dd:fb:37:0f:56:54:5b:
5e:99:d1:a7:58:57:ac:9e:52:c5:74:3e:c2:df:72:82:07:bf:
b2:48:87:9e:16:d8:03:3b:3b:a2:0a:03:55:83:69:44:f2:14:
c8:6b:50:20:89:85:16:b4:be:c6:6c:42:91:00:09:d7:55:9f:
c3:0c:9b:5f:58:bf:43:9d:42:ca:f3:25:1f:d8:f4:b2:87:86:
a8:59:60:e9:53:23:2e:27:e8:97:02:d6:a6:91:9a:81:fb:28:
e4:47:86:c3:3a:55:ca:f0:24:1f:be:dd:00:d3:db:6a:20:5c:
a3:b0:7a:5f:d9:a7:9b:35:f7:23:c7:2b:9d:98:f9:5c:89:5a:
6d:d4:ed:1c:d7:ec:40:0c:b0:c2:92:24:4b:78:a1:ab:7e:27:
cf:19:2c:ec:3a:77
-----BEGIN CERTIFICATE-----
MIIDYjCCAcqgAwIBAgIJAMWGaDl7HMSgMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAgFw0yNDA5MDMxNTMzMThaGA8yMDU0MDgy
NzE1MzMxOFowIjEgMB4GA1UEAwwXc3J2MDMuY3J0MDEuZXhhbXBsZS5jb20wdjAQ
BgcqhkjOPQIBBgUrgQQAIgNiAAQSbFty27RoRO7BPZFI9yM5V64xIUGMe4o4LYBA
6cKhFFCVO0fX6h6bO0wgh2fCgYbWOq2X6Q1X/x36gVJCzgXSBXPNktdMIxki9ctt
REvXo1cmELKl/n+PXDgxcbg/RbOjbDBqMCgGA1UdEQQhMB+CF3NydjAzLmNydDAx
LmV4YW1wbGUuY29thwQKNQADMB0GA1UdDgQWBBRqT4UZUg4IKSgbllOElw6qNcOW
JzAfBgNVHSMEGDAWgBR8iehc6+UfckgExY/7kgic9WAmOTANBgkqhkiG9w0BAQsF
AAOCAYEAYgW7Yk4qakYAST6Ds6f/QGgCNgYf58lH23IJvni85sW0jFF81ZMG7CSt
EacyFjpVeaOrTGgQePLoJLPAnDrNEUV6Ijc+o51dPu2RvVgELfZtLg9hHU+r10cR
G8cGnR0t34WT+gjcJzI6cDdheliVCspi6ihkoS03Dn35CmxxIyBqXS1r8v4j+HuJ
USHj3S1S56O8uWKGZSHekGpm+O8lqtrlt1/xjqstWlBfuJiKANB741Hs2KVn7iqT
tWKEm/XHzXLeU5moRbP2TDFY8lzNo+zxHDopz464YLrDzdl9vZqwQbPd+zcPVlRb
XpnRp1hXrJ5SxXQ+wt9ygge/skiHnhbYAzs7ogoDVYNpRPIUyGtQIImFFrS+xmxC
kQAJ11WfwwybX1i/Q51CyvMlH9j0soeGqFlg6VMjLifolwLWppGagfso5EeGwzpV
yvAkH77dANPbaiBco7B6X9mnmzX3I8crnZj5XIlabdTtHNfsQAywwpIkS3ihq34n
zxks7Dp3
-----END CERTIFICATE-----

76
bin/tests/system/notify/CA/newcerts/C58668397B1CC4A2.pem Normal file
View file

@ -0,0 +1,76 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c5:86:68:39:7b:1c:c4:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=UA, ST=Kharkiv Oblast', L=Kharkiv, O=Internet Systems Consortium, CN=ca.test.example.com
Validity
Not Before: Sep 17 16:18:18 2024 GMT
Not After : Sep 18 16:18:18 2024 GMT
Subject: CN=srv02.crt01-expired.example.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:fe:00:66:4c:db:44:7f:02:79:5b:98:93:a8:67:
8a:87:5a:07:0f:84:40:c8:67:7f:b9:af:32:18:a7:
22:fa:ed:a7:56:da:17:a7:45:9d:ac:fd:42:cc:8b:
fb:ff:3a:92:d8:7e:e4:fc:7f:54:68:44:7c:61:25:
42:b4:92:9b:b5:cb:1d:51:d2:61:08:f7:89:22:9b:
0d:8e:72:99:df:d9:51:c8:92:c9:a5:f8:3f:2d:11:
e9:34:87:49:5c:cc:2d
ASN1 OID: secp384r1
NIST CURVE: P-384
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:srv02.crt01-expired.example.com, IP Address:10.53.0.2
X509v3 Subject Key Identifier:
03:4C:AC:DE:C0:A3:EB:04:56:1C:10:47:EB:C9:4D:1A:5F:FD:8E:A1
X509v3 Authority Key Identifier:
7C:89:E8:5C:EB:E5:1F:72:48:04:C5:8F:FB:92:08:9C:F5:60:26:39
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
25:33:d0:30:6e:60:5e:f3:29:e7:1d:36:83:4d:cd:06:d2:35:
df:80:76:25:e5:56:c6:e7:5f:cb:70:c8:30:da:a1:15:50:1b:
5d:e0:7b:01:60:47:32:ee:ea:98:cd:27:c2:2e:b8:d5:4a:2f:
76:7b:f1:0d:ff:c3:b3:74:f9:98:37:c1:07:85:04:55:8f:42:
25:b7:21:03:50:83:50:01:6a:88:84:bc:83:2c:48:3f:e5:96:
04:d7:b5:56:68:7c:fe:d9:06:e2:bc:f0:fd:47:fd:4b:4c:9b:
15:ca:ab:10:e4:8d:8f:b5:f7:dd:69:8c:9d:06:00:8f:80:5b:
30:a6:6c:31:d2:b8:4b:cf:10:2a:bf:64:fb:be:da:3f:e2:ee:
f1:6c:74:02:a7:c5:0c:e2:13:f1:54:63:a9:45:43:7b:b7:85:
a3:48:00:62:34:db:ac:a1:b6:b8:76:b9:d9:aa:17:a2:f9:0b:
96:87:ad:da:5e:95:50:2b:73:17:d7:2c:d0:43:40:e3:e9:80:
e2:87:be:1d:65:68:17:0d:90:98:0a:9b:6d:4f:2d:91:3e:f0:
16:4e:c0:c3:e7:a9:a6:e8:bf:8e:b6:d0:3b:72:e6:d9:9a:b3:
70:82:23:c1:02:c2:cc:91:d7:75:19:3c:79:33:ea:86:8d:80:
9a:6b:f2:93:b4:dc:22:19:11:82:3d:62:1d:e5:58:58:7f:50:
84:b0:d4:5a:67:be:d0:28:b0:be:a1:7f:9d:1b:a2:98:9b:70:
5a:c0:a8:c5:03:ec:de:8a:e2:ea:03:2d:4e:9f:6c:7d:d8:0e:
41:3c:58:df:3f:1e:4f:69:04:68:54:59:58:ef:dd:e3:32:b3:
2c:b4:cc:40:28:eb:3e:3b:37:fd:42:f7:d9:60:bf:fa:6d:87:
ca:ed:43:24:93:47:a8:bc:54:cc:c9:4d:ac:d0:b8:09:cb:85:
c3:02:55:73:bf:f0:ff:a3:fc:d2:d1:ae:ea:5a:96:6a:76:51:
fb:da:d9:ad:e4:cd
-----BEGIN CERTIFICATE-----
MIIDcDCCAdigAwIBAgIJAMWGaDl7HMSiMA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNV
BAYTAlVBMRgwFgYDVQQIDA9LaGFya2l2IE9ibGFzdCcxEDAOBgNVBAcMB0toYXJr
aXYxJDAiBgNVBAoMG0ludGVybmV0IFN5c3RlbXMgQ29uc29ydGl1bTEcMBoGA1UE
AwwTY2EudGVzdC5leGFtcGxlLmNvbTAeFw0yNDA5MTcxNjE4MThaFw0yNDA5MTgx
NjE4MThaMCoxKDAmBgNVBAMMH3NydjAyLmNydDAxLWV4cGlyZWQuZXhhbXBsZS5j
b20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT+AGZM20R/AnlbmJOoZ4qHWgcPhEDI
Z3+5rzIYpyL67adW2henRZ2s/ULMi/v/OpLYfuT8f1RoRHxhJUK0kpu1yx1R0mEI
94kimw2Ocpnf2VHIksml+D8tEek0h0lczC2jdDByMDAGA1UdEQQpMCeCH3NydjAy
LmNydDAxLWV4cGlyZWQuZXhhbXBsZS5jb22HBAo1AAIwHQYDVR0OBBYEFANMrN7A
o+sEVhwQR+vJTRpf/Y6hMB8GA1UdIwQYMBaAFHyJ6Fzr5R9ySATFj/uSCJz1YCY5
MA0GCSqGSIb3DQEBCwUAA4IBgQAlM9AwbmBe8ynnHTaDTc0G0jXfgHYl5VbG51/L
cMgw2qEVUBtd4HsBYEcy7uqYzSfCLrjVSi92e/EN/8OzdPmYN8EHhQRVj0IltyED
UINQAWqIhLyDLEg/5ZYE17VWaHz+2QbivPD9R/1LTJsVyqsQ5I2PtffdaYydBgCP
gFswpmwx0rhLzxAqv2T7vto/4u7xbHQCp8UM4hPxVGOpRUN7t4WjSABiNNusoba4
drnZqhei+QuWh63aXpVQK3MX1yzQQ0Dj6YDih74dZWgXDZCYCpttTy2RPvAWTsDD
56mm6L+OttA7cubZmrNwgiPBAsLMkdd1GTx5M+qGjYCaa/KTtNwiGRGCPWId5VhY
f1CEsNRaZ77QKLC+oX+dG6KYm3BawKjFA+zeiuLqAy1On2x92A5BPFjfPx5PaQRo
VFlY793jMrMstMxAKOs+Ozf9QvfZYL/6bYfK7UMkk0eovFTMyU2s0LgJy4XDAlVz
v/D/o/zS0a7qWpZqdlH72tmt5M0=
-----END CERTIFICATE-----

39
bin/tests/system/notify/CA/private/CA.key Normal file
View file

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEAouoRHoAc6VCmxNTU6Ge7s+xDFGO0wXJJIsP+8nUyyjWvGCOC
aQYLhb1kLA2NHRhSSKFcMh8jcd7Hlvy6CAec1j2dsWzryy3HgPrdjWaW3PfBO41D
lUtdt8hA/p6pX2YwqvWbdK/3s8J0LY5xRZKNZnFOB/Sb4PGiIJ1NgMRO/M3IlPQm
PO/faRRTU4SI26KCPKFW342826Zi88YwOd6w5mQU4fskk5TGtlNqE+Fj40ZbWVpy
VXoEUS6RveRp020NX5CQG49SLtdF05AnnsATqmgNVCXptGuqW8uaHRONeGO3NBEy
nJmibWBDUMjtCCcGVgyrVXuTkyAJJWpImnshUwgMNYebRwmC2iVv2LtsJS5eUTUH
EWffnFl55XU2PkyNYgY35gA4y3SiWFJYV8+5FibU4ut0nb+lmHBF8WlqcU/kd3tp
Gkf0exjqOIHZFqV9bIhpUbXhxx9v9+gkkGQ9nrXE1KRlvigxxUeIK5xHy9a7fVIL
wo6WuCnLLJmbVkklAgMBAAECggGBAI5ZV3v/FUQIZK+4CBDKEwizeClotZgR9DWc
bDgOj8KABe5hmKGL1qWVRuH3NUYm6j7sP1LMQnxM3LjhOuupOzE3xYIyWhW+eoQI
r23OJiQNl5ohZNweblUXdTMGD5h8AipfUOY0m4tGbZ0gyXixBTxt5HCvG0UB3VgC
GqZY4Wujo5ADhSXZsqxuRiDDvZGr/YBcuTu87Tg/ulam5ZyrKIcnC9gpSVxqsva9
DAMy/cSoxUjd7ukhJISK3G3AF3fV4GSslQcJTlyJ2D3+LnqPuHJKYTI4hc46lN3x
E2g24GdSCPYf6SoEPwACXtbavV8TXwQPJrHN+f+0/ePCI4jkYe5NoA3gwVgMb/WB
wFchxzVh3V4e8tPGiG+ofKl81DSAW8VZCJLUIbTEce9oxafPT78WJxdC0wWbh5S8
V/qN6sW/yWnK3oY9SilWhJGRwKOZ+8xtStaDeCzyCaOqEcWi8ZR0QfC33UozlhdC
SrMKnOXmn/rUuXGrVR56IzIl0M7YAQKBwQDM3GJDdlFuHn6L0syKYdHDS8gXD9ke
s+ochIP6jvkEPcayaEoZGl8s7RT3iztqXod7wLaZdotktxfDAZnJfeuOcVrCu+Bx
HLytnBvV6czMfp3REGgQAJQeusSgtlBCTHHVOsDzIjdnkY3WBa7IiFYWO5wnYrGx
r3ucnwnHaUVDMj1r4YI7mYIpCuYQl6eGyW7mhWewyhVwoQXKbifdrXxjvOigL0Cp
tgsoU9pql3hpphOaYMX6hLOincTfaMxfnCECgcEAy5UXp3dA0OwK+4iDGKr+cUpk
AtGTheiE+8zEVh2KYFLt921mW/QZiB1+xtnkknp3c7u07Ugk8jAEXzCkwMnN5ZCx
LrJ72fC+cLIAbRm6/vMMP8iz83wyttao4qNMeoOBBfE9rEiP+lrugpv282V3ZHYa
IUZWTeugJbckUHTbD3RZQExmQcRVG3m/TzonBfoZ8HoRj/n3d7V2T911cHUhi8Xn
RQIi2m63VofOIep86LgartlKneMWnL0oOPq4RKyFAoHAZUzpDkD4nUJZAx025Yrf
ZfoYNEcy7vq6XmWsuX5vZoiBs4DcezNOMvH9NzdTJxMdXbV61cIHxcK/7j7hZABv
NZ2Z6sdqgaRbLGIQZaPaEJjfwxygyKDwnY1vY6UjZNVWSMFn3hJiYUVZZKakuiao
ow/Q9KzZ/2ot7tG5zTCh/ktekfUOKBiNg2wPPc8wGPeMblMzZflXxrzpFyOHdRev
dcZZJbSX/hO1yrhEPgculNd5xBHsdCegiF4JlwvEW9bhAoHAZQQiy5bx03j8bhkr
q6bVQFPAUmG5iL16lxLg7TYVPnyH1bk0DDaQIKk6CeN+dmxML2IZgY/FvWK0GKOj
bIH2J43nTRuFNvwtEvBQI9KbpfvlvRSSriOXaoATJvoObdAoylEM4BrVTk2mgapw
HA/h8Thk+NPU6S8ctPouC7ogJIf/7Va7erC35j0//0kEqgOSsW9wnXdUItMo1LI3
nsiQD7Hwcp5/utErKcWTM+MNfdA0dUQesT9ILhfyCGvn2TOdAoHBAKldZkDyRcu9
r9uDF1bhUEnpV2k4hgvTuCvQ3rzyx3WrVT8ChEmePC8Ke5A54ffu/YdbpDLbdf2c
j4n5CQhHbMIZs3P2hB3WqDCImApCfMbXaltfBbaT0j7uLJPMp+2+f/wWYpc3R+bn
HVnaRI2PoXXmG9OjQSQdVZ5gNpkEuemAo3dJOSS6BMqQaSxUynGy7o/a/d4izBjd
B58Fwq3sZI/Xv90Se9+b6ICST3YJ3p0vn8RKzmlCQjLg/xynpCByiw==
-----END RSA PRIVATE KEY-----

1
bin/tests/system/notify/CA/serial Normal file
View file

@ -0,0 +1 @@
C58668397B1CC4A3

11
bin/tests/system/notify/dhparam3072.pem Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN DH PARAMETERS-----
MIIBiAKCAYEA5D/Oioe+G+EMf/9RVxmcV4rZAtqZpVTFHcX0ZulvdiQGCQmopm6K
3+0uoU2J6WVMjhna5nHD2NO9miRDI/jIxX9g9k6PedSB4o3fSTtkAnGtUbB8S+Ab
EHtWfd7FTES8P1n16HN7BfPXVbP8zTcK+jO63KdQoxueYoETcrw0Myi9Lm8ri8os
O4oQ+XAH7GzZ60bcYV9jge0XIRUGVnYZDjWMlnwMvZyjLivxKXTC9HPNA6FF1/0H
0LPhsfjdoLNsVHFzfQz7QELMfHbTd0C8y0UMDQw9FqUp0esHZ5gsTlqnDHp2ZHoR
JDfNl4yVO5Gv4HiFJ0NSdggefhESU3FRAOhMmUkctOCxk5hyPqGMsvofOajY2MBp
eCffrKuAU6/dGUeq8inwrZlAMIZ20WyskHmbHnc4DXo2Uo6xSZo3xyEq1ofXXwTZ
vPw4e12so3RJAT2a8UsHf7DG1tH+9ke7HCAJQWxUizRFRsMi1Nl/7ikS4f3zgIbX
GKz9+uk5eS6jAgEC
-----END DH PARAMETERS-----

40
bin/tests/system/notify/ns2/named-tls.conf.in Normal file
View file

@ -0,0 +1,40 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
tls tls-forward-secrecy {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv02.crt01.example.com.key";
cert-file "../CA/certs/srv02.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
};
tls tls-forward-secrecy-mutual-tls {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv02.crt01.example.com.key";
cert-file "../CA/certs/srv02.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
ca-file "../CA/CA.pem";
};
tls tls-expired {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
key-file "../CA/certs/srv02.crt01-expired.example.com.key";
cert-file "../CA/certs/srv02.crt01-expired.example.com.pem";
dhparam-file "../dhparam3072.pem";
};

3
bin/tests/system/notify/ns2/named.conf.in
View file

@ -11,12 +11,15 @@
* information regarding copyright ownership.
*/
include "named-tls.conf";
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
notify-source-v6 fd92:7065:b8e:ffff::2;
transfer-source 10.53.0.2;
port @PORT@;
include "options-tls.conf";
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };

18
bin/tests/system/notify/ns2/options-tls.conf.in Normal file
View file

@ -0,0 +1,18 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
tls-port @TLSPORT@;
listen-on tls ephemeral { 10.53.0.2; };
listen-on port @EXTRAPORT1@ tls tls-forward-secrecy { 10.53.0.2; };
listen-on port @EXTRAPORT3@ tls tls-forward-secrecy-mutual-tls { 10.53.0.2; };
listen-on port @EXTRAPORT4@ tls tls-expired { 10.53.0.2; };

25
bin/tests/system/notify/ns3/generic.db Normal file
View file

@ -0,0 +1,25 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
1 ; serial
300 ; refresh (300 seconds)
300 ; retry (300 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns2
NS ns3
ns2 A 10.53.0.2
ns3 A 10.53.0.3
a A 10.0.0.1

90
bin/tests/system/notify/ns3/named-tls.conf.in Normal file
View file

@ -0,0 +1,90 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
tls tls-forward-secrecy {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
dhparam-file "../dhparam3072.pem";
ca-file "../CA/CA.pem";
};
tls tls-forward-secrecy-remote-hostname {
protocols { TLSv1.2; };
ca-file "../CA/CA.pem";
remote-hostname "srv02.crt01.example.com";
};
tls tls-forward-secrecy-bad-remote-hostname {
protocols { TLSv1.2; };
ca-file "../CA/CA.pem";
remote-hostname "srv02-bad.crt01.example.com";
};
tls tls-forward-secrecy-mutual-tls {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
key-file "../CA/certs/srv03.crt01.example.com.key";
cert-file "../CA/certs/srv03.crt01.example.com.pem";
dhparam-file "../dhparam3072.pem";
ca-file "../CA/CA.pem";
};
tls tls-expired {
protocols { TLSv1.2; };
ciphers "HIGH:!kRSA:!aNULL:!eNULL:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384";
prefer-server-ciphers yes;
dhparam-file "../dhparam3072.pem";
ca-file "../CA/CA.pem";
};
zone tls-x1 {
type primary;
file "generic.db";
notify explicit;
also-notify { 10.53.0.2 tls ephemeral; };
};
zone tls-x2 {
type primary;
file "generic.db";
notify explicit;
also-notify { 10.53.0.2 port @EXTRAPORT1@ tls tls-forward-secrecy; };
};
zone tls-x3 {
type primary;
file "generic.db";
notify explicit;
also-notify { 10.53.0.2 port @EXTRAPORT1@ tls tls-forward-secrecy-remote-hostname; };
};
zone tls-x4 {
type primary;
file "generic.db";
notify explicit;
also-notify { 10.53.0.2 port @EXTRAPORT1@ tls tls-forward-secrecy-bad-remote-hostname; };
};
zone tls-x5 {
type primary;
file "generic.db";
notify explicit;
also-notify { 10.53.0.2 port @EXTRAPORT3@ tls tls-forward-secrecy-mutual-tls; };
};
zone tls-x6 {
type primary;
file "generic.db";
notify explicit;
also-notify { 10.53.0.2 port @EXTRAPORT4@ tls tls-expired; };
};

3
bin/tests/system/notify/ns3/named.conf.in
View file

@ -11,11 +11,14 @@
* information regarding copyright ownership.
*/
include "named-tls.conf";
options {
query-source address 10.53.0.3;
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port @PORT@;
include "options-tls.conf";
pid-file "named.pid";
listen-on { 10.53.0.3; };
listen-on-v6 { fd92:7065:b8e:ffff::3; };

14
bin/tests/system/notify/ns3/options-tls.conf.in Normal file
View file

@ -0,0 +1,14 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
tls-port @TLSPORT@;

20
bin/tests/system/notify/setup.sh
View file

@ -14,8 +14,24 @@
. ../conf.sh
copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
if $FEATURETEST --have-fips-dh; then
copy_setports ns2/named-tls.conf.in ns2/named-tls.conf
copy_setports ns2/options-tls.conf.in ns2/options-tls.conf
copy_setports ns2/named.conf.in ns2/named.conf
else
cp /dev/null ns2/named-tls.conf
cp /dev/null ns2/options-tls.conf
copy_setports ns2/named.conf.in ns2/named.conf
fi
if $FEATURETEST --have-fips-dh; then
copy_setports ns3/named-tls.conf.in ns3/named-tls.conf
copy_setports ns3/options-tls.conf.in ns3/options-tls.conf
copy_setports ns3/named.conf.in ns3/named.conf
else
cp /dev/null ns3/named-tls.conf
cp /dev/null ns3/options-tls.conf
copy_setports ns3/named.conf.in ns3/named.conf
fi
copy_setports ns4/named.conf.in ns4/named.conf
copy_setports ns5/named.conf.in ns5/named.conf

12
bin/tests/system/notify/tests.sh
View file

@ -118,6 +118,18 @@ grep 'notify from 10.53.0.2#[0-9][0-9]*: serial 2$' ns3/named.run >/dev/null ||
grep 'refused notify from non-primary: fd92:7065:b8e:ffff::2#[0-9][0-9]*$' ns3/named.run >/dev/null || ret=1
test_end
test_start "checking notify over TLS successful"
grep "zone tls-x1/IN: notify to 10.53.0.2#${TLSPORT} successful" ns3/named.run >/dev/null || ret=1
grep "zone tls-x2/IN: notify to 10.53.0.2#${EXTRAPORT1} successful" ns3/named.run >/dev/null || ret=1
grep "zone tls-x3/IN: notify to 10.53.0.2#${EXTRAPORT1} successful" ns3/named.run >/dev/null || ret=1
grep "zone tls-x5/IN: notify to 10.53.0.2#${EXTRAPORT3} successful" ns3/named.run >/dev/null || ret=1
test_end
test_start "checking notify over TLS failed"
grep "zone tls-x4/IN: notify to 10.53.0.2#${EXTRAPORT1} failed: TLS peer certificate verification failed" ns3/named.run >/dev/null || ret=1
grep "zone tls-x6/IN: notify to 10.53.0.2#${EXTRAPORT4} failed: TLS peer certificate verification failed" ns3/named.run >/dev/null || ret=1
test_end
test_start "checking example2 loaded"
dig_plus_opts a.example. @10.53.0.2 a >dig.out.ns2.test$n || ret=1
grep "10.0.0.2" dig.out.ns2.test$n >/dev/null || ret=1

37
lib/dns/zone.c
View file

@ -12443,6 +12443,7 @@ notify_send_toaddr(void *arg) {
isc_sockaddr_t src;
unsigned int options, timeout, udptimeout;
bool have_notifysource = false;
isc_tlsctx_cache_t *zmgr_tlsctx_cache = NULL;
REQUIRE(DNS_NOTIFY_VALID(notify));
@ -12560,10 +12561,17 @@ again:
udptimeout = 0;
timeout = 15;
}
result = dns_request_create(
notify->zone->view->requestmgr, message, &src, &notify->dst,
NULL, NULL, options, key, timeout, udptimeout, 2,
notify->zone->loop, notify_done, notify, &notify->request);
zmgr_tlsctx_attach(notify->zone->zmgr, &zmgr_tlsctx_cache);
result = dns_request_create(notify->zone->view->requestmgr, message,
&src, &notify->dst, notify->transport,
zmgr_tlsctx_cache, options, key, timeout,
udptimeout, 2, notify->zone->loop,
notify_done, notify, &notify->request);
isc_tlsctx_cache_detach(&zmgr_tlsctx_cache);
if (result == ISC_R_SUCCESS) {
if (isc_sockaddr_pf(&notify->dst) == AF_INET) {
inc_stats(notify->zone,
@ -12798,11 +12806,23 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
if (dns_remote_tlsname(&zone->notify) != NULL) {
dns_name_t *tlsname = dns_remote_tlsname(&zone->notify);
(void)dns_view_gettransport(view, DNS_TRANSPORT_TLS,
tlsname, &transport);
result = dns_view_gettransport(view, DNS_TRANSPORT_TLS,
tlsname, &transport);
notify_log(zone, ISC_LOG_INFO,
"got TLS configuration for a notify");
if (result == ISC_R_SUCCESS) {
notify_log(
zone, ISC_LOG_INFO,
"got TLS configuration for a notify");
} else {
dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN,
ISC_LOG_ERROR,
"could not get TLS configuration "
"for zone transfer: %s",
isc_result_totext(result));
goto next;
}
flags |= DNS_NOTIFY_TCP;
}
/* TODO: glue the transport to the notify */
@ -12864,6 +12884,7 @@ zone_notify(dns_zone_t *zone, isc_time_t *now) {
loggednotify = true;
}
next:
flags &= ~DNS_NOTIFY_TCP;
dns_remote_next(&zone->notify, false);
}
UNLOCK_ZONE(zone);