diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-19 15:06:49 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2017-12-19 15:22:42 +0000 |
| commit | 899b8bbc6d360af6362c2a41d40b786279f41492 (patch) | |
| tree | 15a1f12f46b59c6c1d88e774a02ade152e842de0 /test/stdout/5840 | |
| parent | dc9c8f8b52cbf2e8424f5e98f63d29aa7fb81fe7 (diff) | |
DANE: support under GnuTLS. Bug 1523
GnuTLS version 3.0.0 onwards; still Experimental
Diffstat (limited to 'test/stdout/5840')
| -rw-r--r-- | test/stdout/5840 | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/test/stdout/5840 b/test/stdout/5840 index 7fb5dd959..36a3bd158 100644 --- a/test/stdout/5840 +++ b/test/stdout/5840 @@ -14,12 +14,17 @@ ### TLSA (2 1 1) ### A server with a nonverifying cert and no TLSA ### A server with a verifying cert and no TLSA -### A server with two MXs for which both TLSA lookups return defer +### A server with two MXs for which both TLSA lookups return defer (delivery should defer) ### A server lacking a TLSA, dane required (should fail) -### A server lacking a TLSA, dane requested only (should fail, as the NXDOMAIN is not DNSSEC) -### A server where the A is dnssec and the TLSA _fails_ -### A server securely saying "no TLSA records here", dane required (should fail) -### A server securely saying "no TLSA records here", dane requested only (should transmit) +### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC) +### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer) +### A server securely saying "no TLSA records here", dane required (delivery should fail) +### A server securely saying "no TLSA records here", dane requested only (should deliver) +### A server securely serving a wrong TLSA record, dane requested only (delivery should fail) +### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE) +### A server insecurely serving a good TLSA record, dane required (delivery should fail) +### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE) +### A server insecurely serving a good A record, dane required (delivery should fail) ******** SERVER ******** ### TLSA (3 1 1) @@ -29,9 +34,14 @@ ### TLSA (2 1 1) ### A server with a nonverifying cert and no TLSA ### A server with a verifying cert and no TLSA -### A server with two MXs for which both TLSA lookups return defer +### A server with two MXs for which both TLSA lookups return defer (delivery should defer) ### A server lacking a TLSA, dane required (should fail) -### A server lacking a TLSA, dane requested only (should fail, as the NXDOMAIN is not DNSSEC) -### A server where the A is dnssec and the TLSA _fails_ -### A server securely saying "no TLSA records here", dane required (should fail) -### A server securely saying "no TLSA records here", dane requested only (should transmit) +### A server lacking a TLSA, dane requested only (should deliver, non-DANE, as the NXDOMAIN is not DNSSEC) +### A server where the A is dnssec and the TLSA lookup _fails_ (delivery should defer) +### A server securely saying "no TLSA records here", dane required (delivery should fail) +### A server securely saying "no TLSA records here", dane requested only (should deliver) +### A server securely serving a wrong TLSA record, dane requested only (delivery should fail) +### A server insecurely serving a good TLSA record, dane requested only (should deliver, non-DANE) +### A server insecurely serving a good TLSA record, dane required (delivery should fail) +### A server insecurely serving a good A record, dane requested only (should deliver, non-DANE) +### A server insecurely serving a good A record, dane required (delivery should fail) |