chantra/dnscrypt_cert.diff

## dnscrypt_cert.diff
Binary files dnscrypt.old/dnscrypt_cert.dir/2_chacha.cert and dnscrypt.new/dnscrypt_cert.dir/2_chacha.cert differ
diff -ruN dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.conf dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.conf
--- dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.conf	2017-03-06 09:56:29.000000000 -0800
+++ dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.conf	2017-06-01 19:14:27.000000000 -0700
@@ -22,5 +22,6 @@
     dnscrypt-secret-key: 1.key
     dnscrypt-secret-key: 2.key
     dnscrypt-provider-cert: 1.cert
+    dnscrypt-provider-cert: 2_chacha.cert
     dnscrypt-provider-cert: 2.cert

diff -ruN dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.test dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.test
--- dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.test	2017-03-20 08:41:22.000000000 -0700
+++ dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.test	2017-06-01 19:33:26.000000000 -0700
@@ -64,8 +64,23 @@
 for opt in '' '+tcp'
 do
     # Plaintext query on dnscrypt port returns cert when asking for providername/TXT.
-    # Check that it returns cert1.
-    echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 1. DNSCrypt plaintext ${opt}"
+    # Check that it returns 1.cert.
+    echo "> dig TXT 2.dnscrypt-cert.example.com. 1.CERT. DNSCrypt plaintext ${opt}"
+    dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile
+    echo "> cat logfiles"
+    cat fwd.log
+    cat unbound.log
+    echo "> check answer"
+    if grep 'DNSC\\000\\001\\000\\000+WS\\171'"'"'OMF\\003\\240:\\012`uD\\029\\147\\\\\\013\\027f^\\169\\247\\231\\132\\001\\238\\004\\205\\221\\028Z\\243MpaN4\\024\\212l\\177?\\240,\\129f\\028\\147Aj\\184S\\205}1\\176e\\226\\190:\\017\\011O\\157\\007\[s6q\\150\\128\\169\\016J5cD\\237\\242:\\2500\\005U\\203\\161\\146\\132\\133)js./O\\157\\007\[s6q\\150W\\1904\\234W\\1904\\234Y\\159hj' outfile; then
+        echo "OK"
+    else
+        echo "Not OK"
+        exit 1
+    fi
+
+    # Plaintext query on dnscrypt port returns cert when asking for providername/TXT.
+    # Check that it returns 2.cert.
+    echo "> dig TXT 2.dnscrypt-cert.example.com. 2.CERT. DNSCrypt plaintext ${opt}"
     dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile
     echo "> cat logfiles"
     cat fwd.log
@@ -79,14 +94,14 @@
     fi

     # Plaintext query on dnscrypt port returns cert when asking for providername/TXT.
-    # Check that it returns cert2.
-    echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 2. DNSCrypt plaintext ${opt}"
+    # Check that it returns 2_chacha.cert
+    echo "> dig TXT 2.dnscrypt-cert.example.com. 2_CHACHA.CERT. DNSCrypt plaintext ${opt}"
     dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile
     echo "> cat logfiles"
     cat fwd.log
     cat unbound.log
     echo "> check answer"
-    if grep 'DNSC\\000\\001\\000\\000+WS\\171'"'"'OMF\\003\\240:\\012`uD\\029\\147\\\\\\013\\027f^\\169\\247\\231\\132\\001\\238\\004\\205\\221\\028Z\\243MpaN4\\024\\212l\\177?\\240,\\129f\\028\\147Aj\\184S\\205}1\\176e\\226\\190:\\017\\011O\\157\\007\[s6q\\150\\128\\169\\016J5cD\\237\\242:\\2500\\005U\\203\\161\\146\\132\\133)js./O\\157\\007\[s6q\\150W\\1904\\234W\\1904\\234Y\\159hj' outfile; then
+    if grep 'DNSC\\000\\002\\000\\000\\249\\143\\;\\160H$tX\\153\\239^\\171\\160\\204`\\012mjU\\214a\\142\\138u\\161\\160W_\\012\\207x2A\\243=B+\\171X\\167tN\\202\\016\\213\\183\\012\\138\\161\\182\\204\\158\.^\\011ZQ\\003\\0214Nz\\210\\001\\142v\\190R\\193\\167\\011g\\"\\206\\210\\234|\\209\\234\\023\\216\\249eE\\163p\\143\\023)4\\149\\177}0~6\\143v\\190R\\193\\167\\011gX\\200\\231\\160X\\200\\231\\160Z\\170\\027' outfile; then
         echo "OK"
     else
         echo "Not OK"
@@ -95,7 +110,7 @@

     # Certificates are local-data for unbound. We can also retrieve them from unbound
     # port.
-    echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 2. Unbound ${opt}"
+    echo "> dig TXT 2.dnscrypt-cert.example.com. 1.CERT. Unbound ${opt}"
     dig ${opt} @127.0.0.1 -p $UNBOUND_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile
     echo "> cat logfiles"
     cat fwd.log
	Binary files dnscrypt.old/dnscrypt_cert.dir/2_chacha.cert and dnscrypt.new/dnscrypt_cert.dir/2_chacha.cert differ
	diff -ruN dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.conf dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.conf
	--- dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.conf 2017-03-06 09:56:29.000000000 -0800
	+++ dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.conf 2017-06-01 19:14:27.000000000 -0700
	@@ -22,5 +22,6 @@
	dnscrypt-secret-key: 1.key
	dnscrypt-secret-key: 2.key
	dnscrypt-provider-cert: 1.cert
	+ dnscrypt-provider-cert: 2_chacha.cert
	dnscrypt-provider-cert: 2.cert

	diff -ruN dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.test dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.test
	--- dnscrypt.old/dnscrypt_cert.dir/dnscrypt_cert.test 2017-03-20 08:41:22.000000000 -0700
	+++ dnscrypt.new/dnscrypt_cert.dir/dnscrypt_cert.test 2017-06-01 19:33:26.000000000 -0700
	@@ -64,8 +64,23 @@
	for opt in '' '+tcp'
	do
	# Plaintext query on dnscrypt port returns cert when asking for providername/TXT.
	- # Check that it returns cert1.
	- echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 1. DNSCrypt plaintext ${opt}"
	+ # Check that it returns 1.cert.
	+ echo "> dig TXT 2.dnscrypt-cert.example.com. 1.CERT. DNSCrypt plaintext ${opt}"
	+ dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT \| tee outfile
	+ echo "> cat logfiles"
	+ cat fwd.log
	+ cat unbound.log
	+ echo "> check answer"
	+ if grep 'DNSC\\000\\001\\000\\000+WS\\171'"'"'OMF\\003\\240:\\012`uD\\029\\147\\\\\\013\\027f^\\169\\247\\231\\132\\001\\238\\004\\205\\221\\028Z\\243MpaN4\\024\\212l\\177?\\240,\\129f\\028\\147Aj\\184S\\205}1\\176e\\226\\190:\\017\\011O\\157\\007\[s6q\\150\\128\\169\\016J5cD\\237\\242:\\2500\\005U\\203\\161\\146\\132\\133)js./O\\157\\007\[s6q\\150W\\1904\\234W\\1904\\234Y\\159hj' outfile; then
	+ echo "OK"
	+ else
	+ echo "Not OK"
	+ exit 1
	+ fi
	+
	+ # Plaintext query on dnscrypt port returns cert when asking for providername/TXT.
	+ # Check that it returns 2.cert.
	+ echo "> dig TXT 2.dnscrypt-cert.example.com. 2.CERT. DNSCrypt plaintext ${opt}"
	dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT \| tee outfile
	echo "> cat logfiles"
	cat fwd.log
	@@ -79,14 +94,14 @@
	fi

	# Plaintext query on dnscrypt port returns cert when asking for providername/TXT.
	- # Check that it returns cert2.
	- echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 2. DNSCrypt plaintext ${opt}"
	+ # Check that it returns 2_chacha.cert
	+ echo "> dig TXT 2.dnscrypt-cert.example.com. 2_CHACHA.CERT. DNSCrypt plaintext ${opt}"
	dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT \| tee outfile
	echo "> cat logfiles"
	cat fwd.log
	cat unbound.log
	echo "> check answer"
	- if grep 'DNSC\\000\\001\\000\\000+WS\\171'"'"'OMF\\003\\240:\\012`uD\\029\\147\\\\\\013\\027f^\\169\\247\\231\\132\\001\\238\\004\\205\\221\\028Z\\243MpaN4\\024\\212l\\177?\\240,\\129f\\028\\147Aj\\184S\\205}1\\176e\\226\\190:\\017\\011O\\157\\007\[s6q\\150\\128\\169\\016J5cD\\237\\242:\\2500\\005U\\203\\161\\146\\132\\133)js./O\\157\\007\[s6q\\150W\\1904\\234W\\1904\\234Y\\159hj' outfile; then
	+ if grep 'DNSC\\000\\002\\000\\000\\249\\143\\;\\160H$tX\\153\\239^\\171\\160\\204`\\012mjU\\214a\\142\\138u\\161\\160W_\\012\\207x2A\\243=B+\\171X\\167tN\\202\\016\\213\\183\\012\\138\\161\\182\\204\\158\.^\\011ZQ\\003\\0214Nz\\210\\001\\142v\\190R\\193\\167\\011g\\"\\206\\210\\234\|\\209\\234\\023\\216\\249eE\\163p\\143\\023)4\\149\\177}0~6\\143v\\190R\\193\\167\\011gX\\200\\231\\160X\\200\\231\\160Z\\170\\027' outfile; then
	echo "OK"
	else
	echo "Not OK"
	@@ -95,7 +110,7 @@

	# Certificates are local-data for unbound. We can also retrieve them from unbound
	# port.
	- echo "> dig TXT 2.dnscrypt-cert.example.com. CERT 2. Unbound ${opt}"
	+ echo "> dig TXT 2.dnscrypt-cert.example.com. 1.CERT. Unbound ${opt}"
	dig ${opt} @127.0.0.1 -p $UNBOUND_PORT 2.dnscrypt-cert.example.com. TXT \| tee outfile
	echo "> cat logfiles"
	cat fwd.log