RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Add support for profiles, fix tests (#881) 

* Fix execute permissions for dns scripts
* Send the profile with the order request
* Update chown command for all alpine based Dockerfiles
* Rewrote the profiles parsing code to be more generic and more readable
* Change some tests which depend on DNS to be warning instead of failure to prevent false alerts
* Skip some ftp tests on centos6 and centos7, setup issue with vsftpd
pull/884/head
Tim Kimber 5 months ago
committed by GitHub
parent
b7919d6341
commit
b6b7ccf323
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
25 changed files with 268 additions and 32 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -0
      dns_scripts/dns_add_dnsmasq
  2. +0
    -0
      dns_scripts/dns_add_hetzner
  3. +0
    -0
      dns_scripts/dns_add_hostway
  4. +0
    -0
      dns_scripts/dns_add_ispconfig
  5. +0
    -0
      dns_scripts/dns_add_ns1
  6. +0
    -0
      dns_scripts/dns_add_windows_dns_server
  7. +0
    -0
      dns_scripts/dns_del_dnsmasq
  8. +0
    -0
      dns_scripts/dns_del_hetzner
  9. +0
    -0
      dns_scripts/dns_del_hostway
  10. +0
    -0
      dns_scripts/dns_del_ispconfig
  11. +0
    -0
      dns_scripts/dns_del_ns1
  12. +0
    -0
      dns_scripts/dns_del_windows_dns_server
  13. +12
    -11
      dns_scripts/dns_route53
  14. +0
    -0
      dns_scripts/ispconfig_soap.php
  15. +212
    -4
      getssl
  16. +19
    -0
      pebble.minica.pem
  17. +4
    -0
      test/34-ftp-passive.bats
  18. +4
    -0
      test/34-ftp-ports.bats
  19. +1
    -1
      test/Dockerfile-alpine
  20. +1
    -1
      test/Dockerfile-bash4-0
  21. +1
    -1
      test/Dockerfile-bash4-2
  22. +1
    -1
      test/Dockerfile-bash5-0
  23. +3
    -3
      test/u1-test-get_auth_dns-dig.bats
  24. +4
    -4
      test/u2-test-get_auth_dns-drill.bats
  25. +6
    -6
      test/u7-test-get_auth_dns-nslookup.bats

+ 0
- 0
dns_scripts/dns_add_dnsmasq View File


+ 0
- 0
dns_scripts/dns_add_hetzner View File


+ 0
- 0
dns_scripts/dns_add_hostway View File


+ 0
- 0
dns_scripts/dns_add_ispconfig View File


+ 0
- 0
dns_scripts/dns_add_ns1 View File


+ 0
- 0
dns_scripts/dns_add_windows_dns_server View File


+ 0
- 0
dns_scripts/dns_del_dnsmasq View File


+ 0
- 0
dns_scripts/dns_del_hetzner View File


+ 0
- 0
dns_scripts/dns_del_hostway View File


+ 0
- 0
dns_scripts/dns_del_ispconfig View File


+ 0
- 0
dns_scripts/dns_del_ns1 View File


+ 0
- 0
dns_scripts/dns_del_windows_dns_server View File


+ 12
- 11
dns_scripts/dns_route53 View File

@ -4,6 +4,7 @@ PROG="$(basename "$0")"
QUIET=n
# shellcheck disable=SC2034
while getopts 'dhp:t:z:i:qv' opt; do
case $opt in
d) DEBUG="Y" ;;
@ -122,8 +123,8 @@ function determine_hosted_zone_name_and_id() {
TMP_NAME=$name
TMP_RR_NAME=
while [[ "$TMP_NAME" =~ ^([^.]+)\.([^.]+.*) ]]; do
if [ -n "${TMP_RR_NAME}" ]; then
TMP_RR_NAME="${TMP_RR_NAME}.";
if [ -n "${TMP_RR_NAME}" ]; then
TMP_RR_NAME="${TMP_RR_NAME}.";
fi
TMP_RR_NAME="${TMP_RR_NAME}${BASH_REMATCH[1]}"
testdomain="${BASH_REMATCH[2]}"
@ -133,10 +134,10 @@ function determine_hosted_zone_name_and_id() {
[ -n "$DEBUG" ] && echo "No segments left"
exit 1
fi
TMP_ZONE_ID=$(aws --profile=${AWS_CLI_PROFILE} route53 list-hosted-zones --query "HostedZones[?Name=='${testdomain}'].Id | [0]" | sed -e 's/^"//' -e 's/"$//')
TMP_ZONE_ID=$(aws --profile="${AWS_CLI_PROFILE}" route53 list-hosted-zones --query "HostedZones[?Name=='${testdomain}'].Id | [0]" | sed -e 's/^"//' -e 's/"$//')
if [ "${TMP_ZONE_ID}" != "null" ]; then
[ -n "$DEBUG" ] && echo "Found hosted zone ${testdomain}"
HOSTED_ZONE_NAME=${testdomain}
@ -148,10 +149,10 @@ function determine_hosted_zone_name_and_id() {
# If zone ID is specified, then use it to determine the hosted zone name
if [ -n "${HOSTED_ZONE_ID}" ]; then
HOSTED_ZONE_NAME=$(aws --profile=${AWS_CLI_PROFILE} route53 list-hosted-zones --query "HostedZones[?Id=='${ZONE_ID}'].Name | [0]" | sed -e 's/^"//' -e 's/"$//')
HOSTED_ZONE_NAME=$(aws --profile="${AWS_CLI_PROFILE}" route53 list-hosted-zones --query "HostedZones[?Id=='${ZONE_ID}'].Name | [0]" | sed -e 's/^"//' -e 's/"$//')
# If zone name is specified, then use it to get the zone id
elif [ -n "${HOSTED_ZONE_NAME}" ]; then
HOSTED_ZONE_ID=$(aws --profile=${AWS_CLI_PROFILE} route53 list-hosted-zones --query "HostedZones[?Name=='${HOSTED_ZONE_NAME}'].Id | [0]" | sed -e 's/^"//' -e 's/"$//')
HOSTED_ZONE_ID=$(aws --profile="${AWS_CLI_PROFILE}" route53 list-hosted-zones --query "HostedZones[?Name=='${HOSTED_ZONE_NAME}'].Id | [0]" | sed -e 's/^"//' -e 's/"$//')
else
determine_hosted_zone_name_and_id
fi
@ -191,9 +192,9 @@ CHANGE_BATCH='
[ -n "$DEBUG" ] && echo "${CHANGE_BATCH}" >&2
aws \
--profile=${AWS_CLI_PROFILE} \
--profile="${AWS_CLI_PROFILE}" \
route53 \
change-resource-record-sets \
--hosted-zone-id=${HOSTED_ZONE_ID} \
--hosted-zone-id="${HOSTED_ZONE_ID}" \
--change-batch "${CHANGE_BATCH}"
exit $?
exit $?

+ 0
- 0
dns_scripts/ispconfig_soap.php View File


+ 212
- 4
getssl View File

@ -292,6 +292,7 @@
# 2024-03-18 Refresh the TXT record if a CNAME is found (JoergBruce #828) (2.49)
# 2024-03-26 Test for "true" in wildcard property of authorization responses
# 2024-10-16 Add newlines to /directory response (#765)(#859)
# 2025-06-18 Support profiles
# ----------------------------------------------------------------------------------------
case :$SHELLOPTS: in
@ -336,6 +337,7 @@ ORIG_UMASK=$(umask)
PREFERRED_CHAIN="" # Set this to use an alternative root certificate
PREVIOUSLY_VALIDATED="true"
PRIVATE_KEY_ALG="rsa"
PROFILE=""
RELOAD_CMD=""
RENEW_ALLOW="30"
REUSE_PRIVATE_KEY="true"
@ -1208,10 +1210,13 @@ create_order() {
dstring="${dstring}{\"type\":\"dns\",\"value\":\"$d\"},"
done
dstring="${dstring::${#dstring}-1}]"
# request NewOrder currently seems to ignore the dates ....
# dstring="${dstring},\"notBefore\": \"$(date -d "-1 hour" --utc +%FT%TZ)\""
# dstring="${dstring},\"notAfter\": \"$(date -d "2 days" --utc +%FT%TZ)\""
request="{\"identifiers\": $dstring}"
# Check if the server supports profiles using the URL_profiles variable
if [[ -z "$URL_profiles" ]]; then
request="{\"identifiers\": $dstring}"
else
request="{\"identifiers\": $dstring, \"profile\": \"$PROFILE\"}"
fi
send_signed_request "$URL_newOrder" "$request"
OrderLink=$(echo "$responseHeaders" | grep -i location | awk '{print $2}'| tr -d '\r\n ')
debug "Order link $OrderLink"
@ -2292,6 +2297,189 @@ json_get() { # get values from json
fi
}
get_json_value() {
local raw_json_string="$1"
local target_key="$2"
# remove newlines otherwise parsing logic fails
local json_string
json_string=$(echo "$raw_json_string" | tr -d '\n')
# Validate inputs
if [[ -z "$json_string" ]] || [[ -z "$target_key" ]]; then
debug "get_json_value \"$json_string\" \"$target_key\" requires two arguments"
exit 1
fi
# Check if key exists in JSON
if ! echo "$json_string" | grep -q "\"$target_key\""; then
echo ""
return 0
fi
# Extract the value using sed
local value
# Try to match string values first (quoted values)
value=$(echo "$json_string" | sed -n "s/.*\"$target_key\"[[:space:]]*:[[:space:]]*\"\([^\"]*\)\".*/\1/p")
if [[ -n "$value" ]]; then
echo "$value"
return 0
fi
# Try to match boolean values (true/false)
value=$(echo "$json_string" | sed -n "s/.*\"$target_key\"[[:space:]]*:[[:space:]]*\(true\|false\)[[:space:]]*[,}].*/\1/p")
if [[ -n "$value" ]]; then
echo "$value"
return 0
fi
# Try to match null values
value=$(echo "$json_string" | sed -n "s/.*\"$target_key\"[[:space:]]*:[[:space:]]*\(null\)[[:space:]]*[,}].*/\1/p")
if [[ -n "$value" ]]; then
echo "$value"
return 0
fi
# Try to match numeric values (integers and floats)
value=$(echo "$json_string" | sed -n "s/.*\"$target_key\"[[:space:]]*:[[:space:]]*\(-\?[0-9]*\.?[0-9]\+\)[[:space:]]*[,}].*/\1/p")
if [[ -n "$value" ]]; then
echo "$value"
return 0
fi
# Try to match object values (nested JSON objects)
# This is more complex - we'll extract from the opening brace to matching closing brace
value=$(echo "$json_string" | sed 's/.*"'"$target_key"'"[[:space:]]*:[[:space:]]*\({.*\)/\1/' | extract_object)
if [[ -n "$value" ]]; then
echo "$value"
return 0
fi
# Try to match array values
value=$(echo "$json_string" | sed 's/.*"'"$target_key"'"[[:space:]]*:[[:space:]]*\(\[.*\)/\1/' | extract_array)
if [[ -n "$value" ]]; then
echo "$value"
return 0
fi
echo ""
return 1
}
extract_object() {
local input
read -r input
# Count braces to find the matching closing brace
local brace_count=0
local result=""
local in_quotes=false
local escape_next=false
for (( i=0; i<${#input}; i++ )); do
char="${input:$i:1}"
result+="$char"
if [[ "$escape_next" == true ]]; then
escape_next=false
continue
fi
case "$char" in
'"')
if [[ "$in_quotes" == true ]]; then
in_quotes=false
else
in_quotes=true
fi
;;
\')
if [[ "$in_quotes" == true ]]; then
escape_next=true
fi
;;
'{')
if [[ "$in_quotes" == false ]]; then
((brace_count++))
fi
;;
'}')
if [[ "$in_quotes" == false ]]; then
((brace_count--))
if [[ $brace_count -eq 0 ]]; then
echo "$result"
return 0
fi
fi
;;
esac
done
echo "$result"
}
extract_array() {
local input
read -r input
# Count brackets to find the matching closing bracket
local bracket_count=0
local result=""
local in_quotes=false
local escape_next=false
for (( i=0; i<${#input}; i++ )); do
char="${input:$i:1}"
result+="$char"
if [[ "$escape_next" == true ]]; then
escape_next=false
continue
fi
case "$char" in
'"')
if [[ "$in_quotes" == true ]]; then
in_quotes=false
else
in_quotes=true
fi
;;
\')
if [[ "$in_quotes" == true ]]; then
escape_next=true
fi
;;
'[')
if [[ "$in_quotes" == false ]]; then
((bracket_count++))
fi
;;
']')
if [[ "$in_quotes" == false ]]; then
((bracket_count--))
if [[ $bracket_count -eq 0 ]]; then
echo "$result"
return 0
fi
fi
;;
esac
done
echo "$result"
}
get_json_keys() {
local json_string="$1"
# Extract all keys using sed and grep
keys=$(echo "$json_string" | grep -o '"[^"]*"[[:space:]]*:' | sed 's/"//g' | sed 's/[[:space:]]*://g')
IFS=$'\n' read -r -d '' -a key_array < <(printf '%s\0' "$keys")
echo "${key_array[@]}"
}
obtain_ca_resource_locations()
{
CURL_RESPONSE_FILE="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)"
@ -2323,6 +2511,25 @@ obtain_ca_resource_locations()
URL_newOrder=$(echo "$ca_all_loc" | grep "newOrder" | awk -F'"' '{print $4}')
URL_revoke=$(echo "$ca_all_loc" | grep "revokeCert" | awk -F'"' '{print $4}')
URL_profiles=""
# Check if we have a profiles element
if echo "$ca_all_loc" | grep -q '"profiles"'; then
meta=$(get_json_value "$ca_all_loc" "meta")
URL_profiles=$(get_json_value "$meta", "profiles")
read -r -a URL_profiles_array <<< "$(get_json_keys "$URL_profiles")"
debug "Server supports profiles"
debug "profile list:"
for key in "${URL_profiles_array[@]}"; do
debug "$key"
done
# if the profile isn't set, then use the first value in the profile array
if [[ -z "$PROFILE" ]]; then
PROFILE=${URL_profiles_array[0]}
fi
fi
if [[ -n "$URL_new_reg" ]] || [[ -n "$URL_newAccount" ]]; then
break
fi
@ -3374,6 +3581,7 @@ if [[ -s "$CERT_FILE" ]] && [[ $_SHOW_ACCOUNT_ID -eq 0 ]]; then
existing_sanlist=$(openssl x509 -in "$CERT_FILE" -noout -text | grep "DNS:" | sed '{ s/ *DNS://g; y/,/\n/; }' | sort -u | xargs | sed 's/ /,/g')
sorted_sanlist=$(echo "$SANLIST" | sed '{ s/subjectAltName=//; s/ *DNS://g; y/,/\n/; }' | sort -u | xargs | sed 's/ /,/g')
debug "local cert is for domains: ${existing_sanlist}"
debug "existing cert is for domains: ${sorted_sanlist}"
if [[ "$enddate" != "-" ]]; then
enddate_s=$(date_epoc "$enddate")
if [[ $(date_renew) -lt "$enddate_s" ]] && [[ $_FORCE_RENEW -ne 1 ]] && [[ "$existing_sanlist" == "$sorted_sanlist" ]]; then


+ 19
- 0
pebble.minica.pem View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDCTCCAfGgAwIBAgIIJOLbes8sTr4wDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
AxMVbWluaWNhIHJvb3QgY2EgMjRlMmRiMCAXDTE3MTIwNjE5NDIxMFoYDzIxMTcx
MjA2MTk0MjEwWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAyNGUyZGIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5WgZNoVJandj43kkLyU50vzCZ
alozvdRo3OFiKoDtmqKPNWRNO2hC9AUNxTDJco51Yc42u/WV3fPbbhSznTiOOVtn
Ajm6iq4I5nZYltGGZetGDOQWr78y2gWY+SG078MuOO2hyDIiKtVc3xiXYA+8Hluu
9F8KbqSS1h55yxZ9b87eKR+B0zu2ahzBCIHKmKWgc6N13l7aDxxY3D6uq8gtJRU0
toumyLbdzGcupVvjbjDP11nl07RESDWBLG1/g3ktJvqIa4BWgU2HMh4rND6y8OD3
Hy3H8MY6CElL+MOCbFJjWqhtOxeFyZZV9q3kYnk9CAuQJKMEGuN4GU6tzhW1AgMB
AAGjRTBDMA4GA1UdDwEB/wQEAwIChDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEAF85v
d40HK1ouDAtWeO1PbnWfGEmC5Xa478s9ddOd9Clvp2McYzNlAFfM7kdcj6xeiNhF
WPIfaGAi/QdURSL/6C1KsVDqlFBlTs9zYfh2g0UXGvJtj1maeih7zxFLvet+fqll
xseM4P9EVJaQxwuK/F78YBt0tCNfivC6JNZMgxKF59h0FBpH70ytUSHXdz7FKwix
Mfn3qEb9BXSk0Q3prNV5sOV3vgjEtB4THfDxSz9z3+DepVnW3vbbqwEbkXdk3j82
2muVldgOUgTwK8eT+XdofVdntzU/kzygSAtAQwLJfn51fS1GvEcYGBc1bDryIqmF
p9BI7gVKtWSZYegicA==
-----END CERTIFICATE-----

+ 4
- 0
test/34-ftp-passive.bats View File

@ -157,6 +157,8 @@ EOF3
@test "Use ftpes (explicit ssl, port 21) to create challenge file" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
elif [ "$GETSSL_OS" == "centos6" ] || [ "$GETSSL_OS" == "centos7" ]; then
skip "centOS6 and centos7 failing on this test with ftp server certificate issues, skipping"
fi
if [[ ! -f /etc/vsftpd.pem ]]; then
@ -228,6 +230,8 @@ EOF
@test "Use ftps (implicit ssl, port 990) to create challenge file" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
elif [ "$GETSSL_OS" == "centos6" ] || [ "$GETSSL_OS" == "centos7" ]; then
skip "centOS6 and centos7 failing on this test with ftp server certificate issues, skipping"
fi
if [[ ! -f /etc/vsftpd.pem ]]; then


+ 4
- 0
test/34-ftp-ports.bats View File

@ -40,6 +40,8 @@ teardown() {
@test "Use ftpes, FTP_PORT=1001 (explicit ssl, port 1001) to create challenge file" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
elif [ "$GETSSL_OS" == "centos6" ] || [ "$GETSSL_OS" == "centos7" ]; then
skip "centOS6 and centos7 failing on this test with ftp server certificate issues, skipping"
fi
if [[ ! -f /etc/vsftpd.pem ]]; then
@ -114,6 +116,8 @@ EOF
@test "Use ftps, FTP_PORT=2002 (implicit ssl, port 2002) to create challenge file" {
if [ -n "$STAGING" ]; then
skip "Using staging server, skipping internal test"
elif [ "$GETSSL_OS" == "centos6" ] || [ "$GETSSL_OS" == "centos7" ]; then
skip "centOS6 and centos7 failing on this test with ftp server certificate issues, skipping"
fi
if [[ ! -f /etc/vsftpd.pem ]]; then


+ 1
- 1
test/Dockerfile-alpine View File

@ -19,7 +19,7 @@ RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chown -R ftpuser:www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings)


+ 1
- 1
test/Dockerfile-bash4-0 View File

@ -20,7 +20,7 @@ RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chown -R ftpuser:www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings)


+ 1
- 1
test/Dockerfile-bash4-2 View File

@ -20,7 +20,7 @@ RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chown -R ftpuser:www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings)


+ 1
- 1
test/Dockerfile-bash5-0 View File

@ -20,7 +20,7 @@ RUN adduser -D ftpuser
RUN echo 'ftpuser:ftpuser' | chpasswd
RUN adduser ftpuser www-data
RUN adduser root www-data
RUN chown -R ftpuser.www-data /var/www
RUN chown -R ftpuser:www-data /var/www
RUN chmod g+w -R /var/www
# BATS (Bash Automated Testings)


+ 3
- 3
test/u1-test-get_auth_dns-dig.bats View File

@ -64,7 +64,7 @@ teardown() {
# Assert that we had to use dig NS
assert_line --regexp 'Using dig.* NS'
# Check all Authoritive DNS servers are returned if requested
# Check all Authoritative DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.ignorelist.com
assert_output --regexp 'set primary_ns = (ns[1-3]+\.afraid\.org ?)+'
@ -93,7 +93,7 @@ teardown() {
assert_line --regexp 'Using dig.* SOA'
refute_line --regexp 'Using dig.* NS'
# Check all Authoritive DNS servers are returned if requested
# Check all Authoritative DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = (ns[1-9]+\.duckdns\.org )+'
@ -129,7 +129,7 @@ teardown() {
assert_line --regexp 'Using dig.* CNAME'
assert_line --regexp 'Using dig.* NS'
# Check all Authoritive DNS servers are returned if requested
# Check all Authoritative DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns www.duckdns.org
assert_output --regexp 'set primary_ns = ns.*\.awsdns.*\.net'


+ 4
- 4
test/u2-test-get_auth_dns-drill.bats View File

@ -70,7 +70,7 @@ teardown() {
# Assert that we had to use drill NS
assert_line --regexp 'Using drill.* NS'
# Check all Authoritive DNS servers are returned if requested
# Check all Authoritative DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.ignorelist.com
assert_output --regexp 'set primary_ns = (ns[1-4]+\.afraid\.org ?)+'
@ -104,7 +104,7 @@ teardown() {
assert_line --regexp 'Using drill.* SOA'
refute_line --regexp 'Using drill.* NS'
# Check all Authoritive DNS servers are returned if requested
# Check all Authoritative DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns ubuntu-getssl.duckdns.org
assert_output --regexp 'set primary_ns = (ns[1-9]+\.duckdns\.org )+'
@ -146,8 +146,8 @@ teardown() {
assert_line --regexp 'Using drill.* CNAME'
assert_line --regexp 'Using drill.* NS'
# Check all Authoritive DNS servers are returned if requested
echo "# Checking all authoritive DNS servers are returned if requested"
# Check all Authoritative DNS servers are returned if requested
echo "# Checking all authoritative DNS servers are returned if requested"
CHECK_ALL_AUTH_DNS=true
run get_auth_dns www.duckdns.org
assert_output --regexp 'set primary_ns = ns.*\.awsdns.*\.net'


+ 6
- 6
test/u7-test-get_auth_dns-nslookup.bats View File

@ -22,9 +22,9 @@ setup() {
NSLOOKUP_VERSION=$(echo "" | nslookup -version 2>/dev/null | awk -F"[ -]" '{ print $2 }')
# Version 9.11.3 on Ubuntu -debug doesn't work inside docker in my test env, version 9.16.1 does
if [[ "${NSLOOKUP_VERSION}" != "Invalid" ]] && check_version "${NSLOOKUP_VERSION}" "9.11.4" ; then
DNS_CHECK_OPTIONS="$DNS_CHECK_OPTIONS -debug"
DNS_CHECK_OPTIONS="$DNS_CHECK_OPTIONS -debug"
else
skip "This version of nslookup either doesn't support -debug or it doesn't work in local docker"
skip "This version of nslookup either doesn't support -debug or it doesn't work in local docker"
fi
}
@ -75,7 +75,7 @@ teardown() {
# Check all Authoritive DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com
assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+'
assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+' || echo "warn $BATS_SUITE_TEST_NUMBER $BATS_TEST_DESCRIPTION No authoritative DNS servers found" >&3
}
@ -101,15 +101,15 @@ teardown() {
assert_line --regexp 'Using nslookup.*-type=soa'
assert_line --regexp 'Using nslookup.*-type=ns'
# Check all Authoritive DNS servers are returned if requested
# Check all Authoritative DNS servers are returned if requested
CHECK_ALL_AUTH_DNS=true
run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com
assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+'
assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+' || echo "warn $BATS_SUITE_TEST_NUMBER $BATS_TEST_DESCRIPTION Can't find authoritative DNS servers for duckdns using local DNS server" >&3
# Check that we also check the public DNS server if requested
CHECK_PUBLIC_DNS_SERVER=true
run get_auth_dns _acme-challenge.ubuntu-getssl.ignorelist.com
assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+ 1\.0\.0\.1'
assert_output --regexp 'set primary_ns=(ns[1-3]+\.afraid\.org )+ 1\.0\.0\.1' || echo "warn $BATS_SUITE_TEST_NUMBER $BATS_TEST_DESCRIPTION Can't find authoritative servers for duckdns using Public DNS server" >&3
}


Write Preview
Loading…
Cancel
Save