--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy deprecated {
+ cds-digest-types { sha1; };
+ keys {
+ csk lifetime unlimited algorithm ecdsa256;
+ };
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy deprecated {
+ cds-digest-types { sha1; };
+ keys {
+ csk lifetime unlimited algorithm rsasha1;
+ csk lifetime unlimited algorithm nsec3rsasha1;
+ };
+};
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
+n=$((n + 1))
+echo_i "checking named-checkconf kasp deprecated algorithms and digests ($n)"
+ret=0
+if [ $RSASHA1_SUPPORTED = 0 ]; then
+ $CHECKCONF kasp-deprecated-fips.conf >checkconf.out$n 2>&1 || ret=1
+else
+ $CHECKCONF kasp-deprecated.conf >checkconf.out$n 2>&1 || ret=1
+ grep "dnssec-policy: DNSSEC algorithm rsasha1 is deprecated" checkconf.out$n >/dev/null || ret=1
+ grep "dnssec-policy: DNSSEC algorithm nsec3rsasha1 is deprecated" checkconf.out$n >/dev/null || ret=1
+fi
+grep "dnssec-policy: deprecated CDS digest-type sha1" checkconf.out$n >/dev/null || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
n=$((n + 1))
echo_i "check that a good 'kasp' configuration is accepted ($n)"
ret=0
projects / thirdparty / bind9.git / commitdiff
