From: Otto <otto.moerbeek@open-xchange.com>
Date: Mon, 15 Nov 2021 12:08:32 +0000 (+0100)
Subject: Add a test for ede sig expired that does not rely on external servers
X-Git-Tag: dnsdist-1.7.0-beta1~3^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=faf36a9b64bf5c1809cb16c1b699a993075cee55;p=thirdparty%2Fpdns.git

Add a test for ede sig expired that does not rely on external servers
---

diff --git a/regression-tests.recursor-dnssec/test_Expired.py b/regression-tests.recursor-dnssec/test_Expired.py
index 7ef785d1d5..14c4948ecd 100644
--- a/regression-tests.recursor-dnssec/test_Expired.py
+++ b/regression-tests.recursor-dnssec/test_Expired.py
@@ -4,6 +4,7 @@ import subprocess
 import time
 
 import dns
+import extendederrors
 from recursortests import RecursorTest
 
 
@@ -24,3 +25,31 @@ class testExpired(RecursorTest):
         res = self.sendUDPQuery(query)
 
         self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
+
+class testExpiredWithEDE(RecursorTest):
+    """This regression test starts the authoritative servers with a clock that is
+    set 15 days into the past. Hence, the recursor must reject the signatures
+    because they are expired.
+    """
+    _confdir = 'ExpiredWithEDE'
+
+    _config_template = """
+    dnssec=validate
+    extended-resolution-errors=yes
+    """
+
+    _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
+                 'FAKETIME':'-15d'}
+
+    def testA(self):
+        qname = 'host1.secure.example'
+        query = dns.message.make_query(qname, 'A', want_dnssec=True)
+
+        for method in ("sendUDPQuery", "sendTCPQuery"):
+            sender = getattr(self, method)
+            res = sender(query, timeout=5.0)
+            self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
+            self.assertEqual(res.edns, 0)
+            self.assertEqual(len(res.options), 1)
+            self.assertEqual(res.options[0].otype, 15)
+            self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(7, b''))