X-Git-Url: https://git.exim.org/users/heiko/exim.git/blobdiff_plain/a163908a12546834f355c40c87b6cb859302b1c6..1922a912d23fc06ee7fb0d22d9cf3e633a4713dc:/test/dnszones-src/db.example.com?ds=sidebyside diff --git a/test/dnszones-src/db.example.com b/test/dnszones-src/db.example.com index bc209ce5a..b00c87d13 100644 --- a/test/dnszones-src/db.example.com +++ b/test/dnszones-src/db.example.com @@ -22,4 +22,24 @@ example.com. NS exim.example.com. server1 A HOSTIPV4 +; DANE testing + +; a broken dane config where the name does not match in the cert, TA-mode, dane-requested +; NOTE: the server uses the example.net cert hence the mismatch +; +; openssl x509 -in aux-fixed/exim-ca/example.net/CA/CA.pem -fingerprint -sha256 -noout \ +; | awk -F= '{print $2}' | tr -d : | tr '[A-F]' '[a-f]' +; +; +DNSSEC danebroken7 A 127.0.0.1 +DNSSEC _1225._tcp.danebroken7 TLSA 2 0 1 13646cc92c038932f57f752559271b893045eda39f765fc8369b05b2b9c3ac88 + +; the same, EE-mode +; +; openssl x509 -in aux-fixed/exim-ca/example.net/server1.example.net/server1.example.net.pem -noout -pubkey \ +; | openssl pkey -pubin -outform DER | openssl dgst -sha256 | awk '{print $2}' +; +DNSSEC danebroken8 A 127.0.0.1 +DNSSEC _1225._tcp.danebroken8 TLSA 3 1 1 3cc2a6efabd847663b92f827681fd8612fd4d001ea85057d79ea541fb2de02ac + ; End