From: Mark Andrews Date: Thu, 14 Jan 2021 06:52:58 +0000 (+1100) Subject: Check that 'nsupdate -y' works for all HMAC algorithms X-Git-Tag: v9.17.10~18^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b01ba44ead4333fbdd28468ae2a6734681b93c7;p=thirdparty%2Fbind9.git Check that 'nsupdate -y' works for all HMAC algorithms --- diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index b0bd12754ee..5d7399e328d 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -795,7 +795,7 @@ fi n=`expr $n + 1` ret=0 -echo_i "check TSIG key algorithms ($n)" +echo_i "check TSIG key algorithms (nsupdate -k) ($n)" for alg in md5 sha1 sha224 sha256 sha384 sha512; do $NSUPDATE -k ns1/${alg}.key < /dev/null || ret=1 server 10.53.0.1 ${PORT} @@ -812,6 +812,26 @@ if [ $ret -ne 0 ]; then status=1 fi +n=`expr $n + 1` +ret=0 +echo_i "check TSIG key algorithms (nsupdate -y) ($n)" +for alg in md5 sha1 sha224 sha256 sha384 sha512; do + secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key) + $NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" < /dev/null || ret=1 +server 10.53.0.1 ${PORT} +update add ${alg}.keytests.nil. 600 A 10.10.10.50 +send +END +done +sleep 2 +for alg in md5 sha1 sha224 sha256 sha384 sha512; do + $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1 +done +if [ $ret -ne 0 ]; then + echo_i "failed" + status=1 +fi + n=`expr $n + 1` ret=0 echo_i "check that ttl is capped by max-ttl ($n)"