dnssec: check that dnssec-signzone -F work with allowed algorithm

author Mark Andrews <marka@isc.org>

Fri, 26 Aug 2022 09:39:51 +0000 (19:39 +1000)

committer Mark Andrews <marka@isc.org>

Mon, 3 Apr 2023 02:44:27 +0000 (12:44 +1000)
author Mark Andrews <marka@isc.org>
Fri, 26 Aug 2022 09:39:51 +0000 (19:39 +1000)
committer Mark Andrews <marka@isc.org>
Mon, 3 Apr 2023 02:44:27 +0000 (12:44 +1000)
diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh

index 5107a6691528228e9f62795f2986c4c928cd0f43..b14fcc5331a80fa3dae3a767fb657b976b628453 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1426,6 +1426,24 @@ n=$((n+1))
  test "$ret" -eq 0 || echo_i "failed"
  status=$((status+ret))
  
+echo_ic "check that dnssec-signzone -F works with allowed algorithm ($n)"
+ret=0
+if $FEATURETEST --fips-provider
+then
+    (
+       cd signer/general || exit 1
+       rm -f signed.zone
+       $SIGNER -F -f signed.zone -o example.com. test1.zone > signer.out.$n
+       test -f signed.zone
+    ) || ret=1
+else
+    echo_i "skipped no FIPS provider available"
+fi
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
+
  echo_ic "check that dnssec-signzone rejects excessive NSEC3 iterations ($n)"
  ret=0
  (
author	Mark Andrews <marka@isc.org>
	Fri, 26 Aug 2022 09:39:51 +0000 (19:39 +1000)
committer	Mark Andrews <marka@isc.org>
	Mon, 3 Apr 2023 02:44:27 +0000 (12:44 +1000)