Also ignore configured revoked trusted anchors

2019-01-15 12:02:36 +01:00
parent 1d45ad8f39
commit 4d1ed1283a
4 changed files with 30 additions and 26 deletions
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -3703,8 +3703,10 @@ echo_i "checking that keys with unsupported algorithms and disabled algorithms a
 ret=0
 grep -q "ignoring trusted key for 'disabled\.trusted\.': algorithm is disabled" ns8/named.run || ret=1
 grep -q "ignoring trusted key for 'unsupported\.trusted\.': algorithm is unsupported" ns8/named.run || ret=1
+grep -q "ignoring trusted key for 'revoked\.trusted\.': bad key type" ns8/named.run || ret=1
 grep -q "ignoring managed key for 'disabled\.managed\.': algorithm is disabled" ns8/named.run || ret=1
 grep -q "ignoring managed key for 'unsupported\.managed\.': algorithm is unsupported" ns8/named.run || ret=1
+grep -q "ignoring trusted key for 'revoked\.trusted\.': bad key type" ns8/named.run || ret=1
 n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
@@ -3841,20 +3843,5 @@ n=$((n+1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))

-# Note: after this check, ns4 will not be validating any more; do not add any
-# further validation tests employing ns4 below this check.
-echo_i "check that validation defaults to off when dnssec-enable is off ($n)"
-ret=0
-# Sanity check - validation should be enabled.
-rndccmd 10.53.0.4 validation status | grep "enabled" > /dev/null || ret=1
-# Set "dnssec-enable" to "no" and reconfigure.
-copy_setports ns4/named5.conf.in ns4/named.conf
-rndccmd 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i
-# Check validation status again.
-rndccmd 10.53.0.4 validation status | grep "disabled" > /dev/null || ret=1
-n=$((n+1))
-test "$ret" -eq 0 || echo_i "failed"
-status=$((status+ret))
-
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1