bind9/bin/tests
Ondřej Surý 2327277f90 Fail the fetch when a response fails the TSIG signature check
A response that failed the signature check with a missing or unexpected
TSIG used to set nextitem, so the resolver kept reading the dispatch for
another response.  When the response was truncated with the TSIG cut off
the end of the wire, no further response ever arrived and the fetch
stalled until resolver-query-timeout.

Treat an unauthenticated response like every other signature-check
failure and finish the fetch immediately.  A response carrying a missing
or bogus TSIG now yields SERVFAIL instead of being skipped in favour of
a later one; the cookie system test that fed a spoofed TSIG response is
updated to expect that.  The unauthenticated data is still never
returned.
2026-06-24 12:18:19 +02:00
..
startperf Reformat shell scripts with shfmt 2023-10-26 10:23:50 +02:00
system Fail the fetch when a response fails the TSIG signature check 2026-06-24 12:18:19 +02:00
testdata/wire move all optional tests from bin/tests to bin/tests/optional 2018-03-09 14:12:47 -08:00
.gitignore Move environment variables from conf.sh to pytest 2024-05-09 17:08:08 +02:00
meson.build replace the build system with meson 2025-06-11 10:30:12 +03:00
test_client.c Add and use global memory context called isc_g_mctx 2025-08-04 11:29:26 +02:00
test_server.c Add and use global memory context called isc_g_mctx 2025-08-04 11:29:26 +02:00