Commit c6345fff authored by Matthijs Mekking's avatar Matthijs Mekking 🏡
Browse files

Add todo in dnssec system test for [GL #1689]

Add a note why we don't have a test case for the issue.

It is tricky to write a good test case for this if our tools are
not allowed to create signatures for unsupported algorithms.
parent e195d460
Pipeline #45231 failed with stages
in 24 minutes
......@@ -3562,6 +3562,13 @@ n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
# TODO: test case for GL #1689.
# If we allow the dnssec tools to use deprecated algorithms (such as RSAMD5)
# we could write a test that signs a zone with supported and unsupported
# algorithm, apply a fixed rrset order such that the unsupported algorithm
# precedes the supported one in the DNSKEY RRset, and verify the result still
# validates succesfully.
echo_i "check that a lone non matching CDNSKEY record is rejected ($n)"
ret=0
(
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment