ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

[master] unify internal and export libraries

Browse Source 
3550.	[func]		Unified the internal and export versions of the
			BIND libraries, allowing external clients to use
			the same libraries as BIND. [RT #33131]
This commit is contained in:
Evan Hunt
2013-04-10 13:49:57 -07:00
parent cc444c73d5
commit b99bfa184b
89 changed files with 2023 additions and 3503 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/tests/system/dnssec/clean.sh
View File

@@ -31,7 +31,7 @@ rm -f ns2/single-nsec3.db
rm -f ns2/nsec3chain-test.db
rm -f */example.bk
rm -f dig.out.*
rm -f sample.out*
rm -f resolve.out*
rm -f random.data
rm -f ns2/dlv.db
rm -f ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db
@@ -68,3 +68,4 @@ rm -f ns6/optout-tld.db
rm -f nosign.before
rm -f signing.out*
rm -f canonical?.*
rm -f ns1/resolve.key

2
bin/tests/system/dnssec/ns1/sign.sh
View File

@@ -77,4 +77,4 @@ cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print "-a $alg -e -k $dn -K $key\n"
' > sample.key
' > resolve.key

152
bin/tests/system/dnssec/tests.sh
View File

@@ -28,7 +28,7 @@ n=1
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
SAMPLEKEY=`cat ns1/sample.key`
RESKEY=`cat ns1/resolve.key`
# convert private-type records to readable form
showprivate () {
@@ -134,12 +134,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking postive validation NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.example > sample.out$n || ret=1
grep "a.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
grep "a.example..*.RRSIG.A 3 2 300 .*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.example > resolve.out$n || ret=1
grep "a.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.example..*.RRSIG.A 3 2 300 .*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -157,12 +157,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive validation NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.nsec3.example > sample.out$n || ret=1
grep "a.nsec3.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
grep "a.nsec3.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.nsec3.example > resolve.out$n || ret=1
grep "a.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -180,12 +180,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive validation OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.optout.example > sample.out$n || ret=1
grep "a.optout.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
grep "a.optout.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.optout.example > resolve.out$n || ret=1
grep "a.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
grep "a.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -202,12 +202,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive wildcard validation NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.wild.example > sample.out$n || ret=1
grep "a.wild.example..*10.0.0.27" sample.out$n > /dev/null || ret=1
grep "a.wild.example..*RRSIG.A 3 2 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.example > resolve.out$n || ret=1
grep "a.wild.example..*10.0.0.27" resolve.out$n > /dev/null || ret=1
grep "a.wild.example..*RRSIG.A 3 2 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -242,12 +242,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive wildcard validation NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.wild.nsec3.example > sample.out$n || ret=1
grep "a.wild.nsec3.example..*10.0.0.6" sample.out$n > /dev/null || ret=1
grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.nsec3.example > resolve.out$n || ret=1
grep "a.wild.nsec3.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -266,12 +266,12 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking positive wildcard validation OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.wild.optout.example > sample.out$n || ret=1
grep "a.wild.optout.example..*10.0.0.6" sample.out$n > /dev/null || ret=1
grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.optout.example > resolve.out$n || ret=1
grep "a.wild.optout.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -288,11 +288,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -311,11 +311,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -335,11 +335,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NXDOMAIN OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.optout.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -357,11 +357,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 a.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -381,11 +381,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NODATA NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 a.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -405,11 +405,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 a.optout.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -426,11 +426,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative wildcard validation NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 b.wild.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -446,11 +446,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative wildcard validation NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 b.wild.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -470,11 +470,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking negative wildcard validation OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t txt 10.53.0.4 b.optout.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxrrset" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.optout.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -494,11 +494,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.insecure.example > sample.out$n || ret=1
grep "a.insecure.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.example > resolve.out$n || ret=1
grep "a.insecure.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -516,11 +516,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.insecure.nsec3.example > sample.out$n || ret=1
grep "a.insecure.nsec3.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.nsec3.example > resolve.out$n || ret=1
grep "a.insecure.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -538,11 +538,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server insecurity proof OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.insecure.optout.example > sample.out$n || ret=1
grep "a.insecure.optout.example..*10.0.0.1" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.optout.example > resolve.out$n || ret=1
grep "a.insecure.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -562,11 +562,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof NSEC using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.insecure.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -586,11 +586,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof NSEC3 using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -610,11 +610,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking 1-server negative insecurity proof OPTOUT using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 q.insecure.optout.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: ncache nxdomain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.optout.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -807,11 +807,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking failed validation using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.bogus.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: no valid RRSIG" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.bogus.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: no valid RRSIG" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
@@ -852,11 +852,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
if [ -x ${SAMPLE} ] ; then
if [ -x ${RESOLVE} ] ; then
ret=0
echo "I:checking that validation fails when key record is missing using dns_client ($n)"
$SAMPLE $SAMPLEKEY -p 5300 -t a 10.53.0.4 a.b.keyless.example > /dev/null 2> sample.out$n || ret=1
grep "resolution failed: broken trust chain" sample.out$n > /dev/null || ret=1
$RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.b.keyless.example > /dev/null 2> resolve.out$n || ret=1
grep "resolution failed: broken trust chain" resolve.out$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`