Weak verification for signed TKEY response

The introduced grep call checks whether there was a
response that has an answer and an additional record.
There should be only one in the nsupdate output that is
for the TKEY response.

diff --git a/bin/tests/system/tsiggss/tests.sh b/bin/tests/system/tsiggss/tests.sh
index 5131c18217a84e1bd7c69ca2d33766bc5f2e2301..bf9c5bd5517430868f3b4d7015d7376b5b5c893d 100644 (file)
--- a/bin/tests/system/tsiggss/tests.sh
+++ b/bin/tests/system/tsiggss/tests.sh
@@ -45,6 +45,12 @@ EOF
        return 1
     }
 
+    # Weak verification that TKEY response is signed.
+    grep -q "flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" nsupdate.out${num} || {
+       echo "I:bad tkey response (not tsig signed)"
+       return 1
+    }
+
     out=`$DIG $DIGOPTS -t $type -q $host | egrep "^${host}"`
     lines=`echo "$out" | grep "$digout" | wc -l`
     [ $lines -eq 1 ] || {