ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Warn if key lengths are out of range/predefined

Browse Source
This commit is contained in:
Matthijs Mekking
2020-02-06 17:43:54 +01:00
committed by Evan Hunt
parent ae6bf1979d
commit 8c0db909ee
8 changed files with 120 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bin/tests/system/checkconf/tests.sh
View File

@@ -489,6 +489,15 @@ grep "update-check-ksk: cannot be configured if dnssec-policy is also set" < che
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "checking named-checkconf kasp key warnings ($n)"
ret=0
$CHECKCONF kasp-ignore-keylen.conf > checkconf.out$n 2>&1
grep "dnssec-policy: key algorithm 13 has predefined length, ignoring length value 2048" < checkconf.out$n > /dev/null || ret=1
grep "dnssec-policy: key with algorithm 5 has invalid key length, ignoring length value 4097" < checkconf.out$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that a good 'kasp' configuration is accepted ($n)"
ret=0