mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-26 19:41:04 -05:00
d4b2b7072d
The 'legacy-keys.kasp' test checks that a zone with key files but not yet state files is signed correctly. This test is expanded to cover the case where old key files still exist in the key directory. This covers bug #2406 where keys with the "Delete" timing metadata are picked up by the keymgr as active keys. Fix the 'legacy-keys.kasp' test, by creating the right key files (for zone 'legacy-keys.kasp', not 'legacy,kasp'). Use a unique policy for this zone, using shorter lifetimes. Create two more keys for the zone, and use 'dnssec-settime' to set the timing metadata in the past, long enough ago so that the keys should not be considered by the keymgr. Update the 'key_unused()' test function, and consider keys with their "Delete" timing metadata in the past as unused. Extend the test to ensure that the keys to be used are not the old predecessor keys (with their "Delete" timing metadata in the past). Update the test so that the checks performed are consistent with the newly configured policy. |
||
|---|---|---|
| .. | ||
| check | ||
| confgen | ||
| delv | ||
| dig | ||
| dnssec | ||
| named | ||
| nsupdate | ||
| pkcs11 | ||
| plugins | ||
| rndc | ||
| tests | ||
| tools | ||
| win32/BINDInstall | ||
| Makefile.am | ||