upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-09 22:03:15 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

- Fix libnettle zonemd unit test.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2021-08-04 14:04:31 +02:00
parent 067954fe8d
commit 822a96b29a
2 changed files with 31 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/Changelog
View file

@ -11,6 +11,7 @@
- Fix missing locks in zonemd unit test.
- Fix readzone compile under debug config.
- Fix out of sourcedir run of zonemd unit tests.
- Fix libnettle zonemd unit test.
3 August 2021: George
- Listen to read or write events after the SSL handshake.

35
testcode/unitzonemd.c
View file

@ -430,13 +430,23 @@ static void zonemd_verify_tests(void)
SRCDIRSTR "/testdata/zonemd.example9.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for ZONEMD RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for ZONEMD RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for ZONEMD RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone but RRSIG on SOA is wrong */
zonemd_verify_test("example.com",
SRCDIRSTR "/testdata/zonemd.example10.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for SOA RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for SOA RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for SOA RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone without ZONEMD, but NSEC bitmap says it exists */
zonemd_verify_test("example.com",
@ -456,20 +466,35 @@ static void zonemd_verify_tests(void)
SRCDIRSTR "/testdata/zonemd.example13.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for NSEC RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for NSEC RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for NSEC RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone without ZONEMD, but RRSIG on NSEC3 not okay */
zonemd_verify_test("example.com",
SRCDIRSTR "/testdata/zonemd.example14.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"DNSSEC verify failed for NSEC3 RRset: signature crypto failed");
#ifdef HAVE_SSL
"DNSSEC verify failed for NSEC3 RRset: signature crypto failed"
#else /* HAVE_NETTLE */
"DNSSEC verify failed for NSEC3 RRset: RSA signature verification failed"
#endif
);
/* load DNSSEC zone, with ZONEMD, but DNSKEY RRSIG is not okay. */
zonemd_verify_test("example.com",
SRCDIRSTR "/testdata/zonemd.example15.zone",
"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",
"20201020135527",
"verify DNSKEY RRset with trust anchor failed: signature crypto failed");
#ifdef HAVE_SSL
"verify DNSKEY RRset with trust anchor failed: signature crypto failed"
#else /* HAVE_NETTLE */
"verify DNSKEY RRset with trust anchor failed: RSA signature verification failed"
#endif
);
/* load DNSSEC zone, but trust anchor mismatches DNSKEY */
zonemd_verify_test("example.com",
SRCDIRSTR "/testdata/zonemd.example5.zone",