Created
June 6, 2017 16:00
-
-
Save chantra/1270a2247249737d2e74762fb4aa4036 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary files dnscrypt.new/dnscrypt_cert.dir/2_chacha.cert and dnscrypt.old/dnscrypt_cert.dir/2_chacha.cert differ | |
diff -ruN dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.conf dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.conf | |
--- dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.conf 2017-06-01 19:14:27.000000000 -0700 | |
+++ dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.conf 2017-03-06 09:56:29.000000000 -0800 | |
@@ -22,6 +22,5 @@ | |
dnscrypt-secret-key: 1.key | |
dnscrypt-secret-key: 2.key | |
dnscrypt-provider-cert: 1.cert | |
- dnscrypt-provider-cert: 2_chacha.cert | |
dnscrypt-provider-cert: 2.cert | |
diff -ruN dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.test dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.test | |
--- dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.test 2017-06-01 19:33:26.000000000 -0700 | |
+++ dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.test 2017-03-20 08:41:22.000000000 -0700 | |
@@ -64,23 +64,8 @@ | |
for opt in '' '+tcp' | |
do | |
# Plaintext query on dnscrypt port returns cert when asking for providername/TXT. | |
- # Check that it returns 1.cert. | |
- echo "> dig TXT 2.dnscrypt-cert.example.com. 1.CERT. DNSCrypt plaintext ${opt}" | |
- dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile | |
- echo "> cat logfiles" | |
- cat fwd.log | |
- cat unbound.log | |
- echo "> check answer" | |
- if grep 'DNSC\\000\\001\\000\\000+WS\\171'"'"'OMF\\003\\240:\\012`uD\\029\\147\\\\\\013\\027f^\\169\\247\\231\\132\\001\\238\\004\\205\\221\\028Z\\243MpaN4\\024\\212l\\177?\\240,\\129f\\028\\147Aj\\184S\\205}1\\176e\\226\\190:\\017\\011O\\157\\007\[s6q\\150\\128\\169\\016J5cD\\237\\242:\\2500\\005U\\203\\161\\146\\132\\133)js./O\\157\\007\[s6q\\150W\\1904\\234W\\1904\\234Y\\159hj' outfile; then | |
- echo "OK" | |
- else | |
- echo "Not OK" | |
- exit 1 | |
- fi | |
- | |
- # Plaintext query on dnscrypt port returns cert when asking for providername/TXT. | |
- # Check that it returns 2.cert. | |
- echo "> dig TXT 2.dnscrypt-cert.example.com. 2.CERT. DNSCrypt plaintext ${opt}" | |
+ # Check that it returns cert1. | |
+ echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 1. DNSCrypt plaintext ${opt}" | |
dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile | |
echo "> cat logfiles" | |
cat fwd.log | |
@@ -94,14 +79,14 @@ | |
fi | |
# Plaintext query on dnscrypt port returns cert when asking for providername/TXT. | |
- # Check that it returns 2_chacha.cert | |
- echo "> dig TXT 2.dnscrypt-cert.example.com. 2_CHACHA.CERT. DNSCrypt plaintext ${opt}" | |
+ # Check that it returns cert2. | |
+ echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 2. DNSCrypt plaintext ${opt}" | |
dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile | |
echo "> cat logfiles" | |
cat fwd.log | |
cat unbound.log | |
echo "> check answer" | |
- if grep 'DNSC\\000\\002\\000\\000\\249\\143\\;\\160H$tX\\153\\239^\\171\\160\\204`\\012mjU\\214a\\142\\138u\\161\\160W_\\012\\207x2A\\243=B+\\171X\\167tN\\202\\016\\213\\183\\012\\138\\161\\182\\204\\158\.^\\011ZQ\\003\\0214Nz\\210\\001\\142v\\190R\\193\\167\\011g\\"\\206\\210\\234|\\209\\234\\023\\216\\249eE\\163p\\143\\023)4\\149\\177}0~6\\143v\\190R\\193\\167\\011gX\\200\\231\\160X\\200\\231\\160Z\\170\\027' outfile; then | |
+ if grep 'DNSC\\000\\001\\000\\000+WS\\171'"'"'OMF\\003\\240:\\012`uD\\029\\147\\\\\\013\\027f^\\169\\247\\231\\132\\001\\238\\004\\205\\221\\028Z\\243MpaN4\\024\\212l\\177?\\240,\\129f\\028\\147Aj\\184S\\205}1\\176e\\226\\190:\\017\\011O\\157\\007\[s6q\\150\\128\\169\\016J5cD\\237\\242:\\2500\\005U\\203\\161\\146\\132\\133)js./O\\157\\007\[s6q\\150W\\1904\\234W\\1904\\234Y\\159hj' outfile; then | |
echo "OK" | |
else | |
echo "Not OK" | |
@@ -110,7 +95,7 @@ | |
# Certificates are local-data for unbound. We can also retrieve them from unbound | |
# port. | |
- echo "> dig TXT 2.dnscrypt-cert.example.com. 1.CERT. Unbound ${opt}" | |
+ echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 2. Unbound ${opt}" | |
dig ${opt} @127.0.0.1 -p $UNBOUND_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile | |
echo "> cat logfiles" | |
cat fwd.log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment