From: Mark Andrews Date: Fri, 26 Aug 2022 09:39:51 +0000 (+1000) Subject: dnssec: check that dnssec-signzone -F work with allowed algorithm X-Git-Tag: v9.19.12~38^2~22 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=530142b2a1b969df0a21701713fb9c203aa85206;p=thirdparty%2Fbind9.git dnssec: check that dnssec-signzone -F work with allowed algorithm --- diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 5107a669152..b14fcc5331a 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -1426,6 +1426,24 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) +echo_ic "check that dnssec-signzone -F works with allowed algorithm ($n)" +ret=0 +if $FEATURETEST --fips-provider +then + ( + cd signer/general || exit 1 + rm -f signed.zone + $SIGNER -F -f signed.zone -o example.com. test1.zone > signer.out.$n + test -f signed.zone + ) || ret=1 +else + echo_i "skipped no FIPS provider available" +fi +n=$((n+1)) +test "$ret" -eq 0 || echo_i "failed" +status=$((status+ret)) + + echo_ic "check that dnssec-signzone rejects excessive NSEC3 iterations ($n)" ret=0 (