git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Tue, 26 Jan 2021 10:24:40 +0000 (11:24 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Wed, 3 Feb 2021 07:41:00 +0000 (08:41 +0100)
commit	314accf7ef4a7d5fa051f0a50082e693a0bfe34c
tree	1c92f32d86b15b19fcdf992806fc575a00c216b8	tree \| snapshot
parent	9448cb15c9f34e91af10d314fc09bbb1e0860574	commit \| diff

Update legacy-keys kasp test

The 'legacy-keys.kasp' test checks that a zone with key files but not
yet state files is signed correctly. This test is expanded to cover
the case where old key files still exist in the key directory. This
covers bug #2406 where keys with the "Delete" timing metadata are
picked up by the keymgr as active keys.

Fix the 'legacy-keys.kasp' test, by creating the right key files
(for zone 'legacy-keys.kasp', not 'legacy,kasp').

Use a unique policy for this zone, using shorter lifetimes.

Create two more keys for the zone, and use 'dnssec-settime' to set
the timing metadata in the past, long enough ago so that the keys
should not be considered by the keymgr.

Update the 'key_unused()' test function, and consider keys with
their "Delete" timing metadata in the past as unused.

Extend the test to ensure that the keys to be used are not the old
predecessor keys (with their "Delete" timing metadata in the past).

Update the test so that the checks performed are consistent with the
newly configured policy.

(cherry picked from commit d4b2b7072d3b858a53f47ad5de7c50663d543ad5)

bin/tests/system/kasp/clean.sh		diff \| blob \| blame \| history
bin/tests/system/kasp/ns3/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/kasp/ns3/policies/kasp.conf.in		diff \| blob \| blame \| history
bin/tests/system/kasp/ns3/setup.sh		diff \| blob \| blame \| history
bin/tests/system/kasp/tests.sh		diff \| blob \| blame \| history