From faf36a9b64bf5c1809cb16c1b699a993075cee55 Mon Sep 17 00:00:00 2001 From: Otto Date: Mon, 15 Nov 2021 13:08:32 +0100 Subject: [PATCH] Add a test for ede sig expired that does not rely on external servers --- .../test_Expired.py | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/regression-tests.recursor-dnssec/test_Expired.py b/regression-tests.recursor-dnssec/test_Expired.py index 7ef785d1d5..14c4948ecd 100644 --- a/regression-tests.recursor-dnssec/test_Expired.py +++ b/regression-tests.recursor-dnssec/test_Expired.py @@ -4,6 +4,7 @@ import subprocess import time import dns +import extendederrors from recursortests import RecursorTest @@ -24,3 +25,31 @@ class testExpired(RecursorTest): res = self.sendUDPQuery(query) self.assertRcodeEqual(res, dns.rcode.SERVFAIL) + +class testExpiredWithEDE(RecursorTest): + """This regression test starts the authoritative servers with a clock that is + set 15 days into the past. Hence, the recursor must reject the signatures + because they are expired. + """ + _confdir = 'ExpiredWithEDE' + + _config_template = """ + dnssec=validate + extended-resolution-errors=yes + """ + + _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'), + 'FAKETIME':'-15d'} + + def testA(self): + qname = 'host1.secure.example' + query = dns.message.make_query(qname, 'A', want_dnssec=True) + + for method in ("sendUDPQuery", "sendTCPQuery"): + sender = getattr(self, method) + res = sender(query, timeout=5.0) + self.assertRcodeEqual(res, dns.rcode.SERVFAIL) + self.assertEqual(res.edns, 0) + self.assertEqual(len(res.options), 1) + self.assertEqual(res.options[0].otype, 15) + self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(7, b'')) -- 2.47.2