Make modifications to keyless.example deterministic

The perl modifation code for keyless.example was not deterministic
(/NXT/ matched part of signature) resulting in different error
strings being returned.  Replaced /NXT/ with /A RRSIG NSEC/ and
updated expected error string,

(cherry picked from commit 69d5e22e58bcbcedd33732d103f9f01cfa99f6c3)

diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index abe548eefaa9d5afe69d6d25afc82861ffc69475..f56edb240c94c9b10aa05a89bbe69b37d415cacb 100644 (file)
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -121,12 +121,12 @@ cat "$infile" "$keyname.key" > "$zonefile"
 
 "$SIGNER" -z -o "$zone" "$zonefile" > /dev/null
 
-# Change the signer field of the a.b.keyless.example SIG A
-# to point to a provably nonexistent KEY record.
+# Change the signer field of the a.b.keyless.example RRSIG A
+# to point to a provably nonexistent DNSKEY record.
 zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1
 mv "$zonefile.signed" "$zonefiletmp"
 <"$zonefiletmp" "$PERL" -p -e 's/ keyless.example/ b.keyless.example/
-    if /^a.b.keyless.example/../NXT/;' > "$zonefile.signed"
+    if /^a.b.keyless.example/../A RRSIG NSEC/;' > "$zonefile.signed"
 rm -f "$zonefiletmp"
 
 #

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index cf9ea6b544bf9fb2bdbad2ad3ef4a9122d05c865..5e995b8430a2caffd442fdb3e1e7987d276f0241 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -938,7 +938,7 @@ if [ -x ${DELV} ] ; then
    ret=0
    echo_i "checking that validation fails when key record is missing using dns_client ($n)"
    delv_with_opts +cd @10.53.0.4 a a.b.keyless.example > delv.out$n 2>&1 || ret=1
-   grep "resolution failed: broken trust chain" delv.out$n > /dev/null || ret=1
+   grep "resolution failed: insecurity proof failed" delv.out$n > /dev/null || ret=1
    n=$((n+1))
    test "$ret" -eq 0 || echo_i "failed"
    status=$((status+ret))