From: W.C.A. Wijngaards Date: Wed, 4 Aug 2021 12:04:31 +0000 (+0200) Subject: - Fix libnettle zonemd unit test. X-Git-Tag: release-1.13.2rc1~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=822a96b29a0fc7ee8b8813459b5014871e99bd53;p=thirdparty%2Funbound.git - Fix libnettle zonemd unit test. --- diff --git a/doc/Changelog b/doc/Changelog index 66683a3d2..5fa857ef7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -11,6 +11,7 @@ - Fix missing locks in zonemd unit test. - Fix readzone compile under debug config. - Fix out of sourcedir run of zonemd unit tests. + - Fix libnettle zonemd unit test. 3 August 2021: George - Listen to read or write events after the SSL handshake. diff --git a/testcode/unitzonemd.c b/testcode/unitzonemd.c index 2ba7749aa..5caa68a10 100644 --- a/testcode/unitzonemd.c +++ b/testcode/unitzonemd.c @@ -430,13 +430,23 @@ static void zonemd_verify_tests(void) SRCDIRSTR "/testdata/zonemd.example9.zone", "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", "20201020135527", - "DNSSEC verify failed for ZONEMD RRset: signature crypto failed"); +#ifdef HAVE_SSL + "DNSSEC verify failed for ZONEMD RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for ZONEMD RRset: RSA signature verification failed" +#endif + ); /* load DNSSEC zone but RRSIG on SOA is wrong */ zonemd_verify_test("example.com", SRCDIRSTR "/testdata/zonemd.example10.zone", "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", "20201020135527", - "DNSSEC verify failed for SOA RRset: signature crypto failed"); +#ifdef HAVE_SSL + "DNSSEC verify failed for SOA RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for SOA RRset: RSA signature verification failed" +#endif + ); /* load DNSSEC zone without ZONEMD, but NSEC bitmap says it exists */ zonemd_verify_test("example.com", @@ -456,20 +466,35 @@ static void zonemd_verify_tests(void) SRCDIRSTR "/testdata/zonemd.example13.zone", "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", "20201020135527", - "DNSSEC verify failed for NSEC RRset: signature crypto failed"); +#ifdef HAVE_SSL + "DNSSEC verify failed for NSEC RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for NSEC RRset: RSA signature verification failed" +#endif + ); /* load DNSSEC zone without ZONEMD, but RRSIG on NSEC3 not okay */ zonemd_verify_test("example.com", SRCDIRSTR "/testdata/zonemd.example14.zone", "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", "20201020135527", - "DNSSEC verify failed for NSEC3 RRset: signature crypto failed"); +#ifdef HAVE_SSL + "DNSSEC verify failed for NSEC3 RRset: signature crypto failed" +#else /* HAVE_NETTLE */ + "DNSSEC verify failed for NSEC3 RRset: RSA signature verification failed" +#endif + ); /* load DNSSEC zone, with ZONEMD, but DNSKEY RRSIG is not okay. */ zonemd_verify_test("example.com", SRCDIRSTR "/testdata/zonemd.example15.zone", "example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", "20201020135527", - "verify DNSKEY RRset with trust anchor failed: signature crypto failed"); +#ifdef HAVE_SSL + "verify DNSKEY RRset with trust anchor failed: signature crypto failed" +#else /* HAVE_NETTLE */ + "verify DNSKEY RRset with trust anchor failed: RSA signature verification failed" +#endif + ); /* load DNSSEC zone, but trust anchor mismatches DNSKEY */ zonemd_verify_test("example.com", SRCDIRSTR "/testdata/zonemd.example5.zone",