if a control channel listener was configured with more than one
key algorithm, message verification would be attempted with each
algorithm in turn. if the first key failed due to the wrong
signature length, the entire verification process was aborted,
rather than continuing on to try with another key.
(cherry picked from commit
841b557df8482c180b4ecbcf8115406100396bcc)
break;
}
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
- if (result != ISCCC_R_BADAUTH) {
- log_invalid(&conn->ccmsg, result);
- goto cleanup;
- }
}
if (key == NULL) {
make_key 4 ${EXTRAPORT4} hmac-sha256
make_key 5 ${EXTRAPORT5} hmac-sha384
make_key 6 ${EXTRAPORT6} hmac-sha512
+
+cat >> ns4/named.conf <<- EOF
+
+controls {
+ inet 10.53.0.4 port ${EXTRAPORT7}
+ allow { any; } keys { "key1"; "key2"; "key3";
+ "key4"; "key5"; "key6"; };
+};
+EOF
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+n=`expr $n + 1`
+echo_i "testing single control channel with multiple algorithms ($n)"
+ret=0
+for i in 1 2 3 4 5 6
+do
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status > /dev/null 2>&1 || ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
n=`expr $n + 1`
echo_i "testing automatic zones are reported ($n)"
ret=0
projects / thirdparty / bind9.git / commitdiff
