From 0ccbd59d791f1a999e4e4a468e15bd818a51c420 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Tue, 4 Nov 2025 15:21:04 +0100 Subject: [PATCH] dnsdist: Add a test for the `Date` header in rejected HTTP/1 requests Signed-off-by: Remi Gacogne --- regression-tests.dnsdist/test_DOH.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/regression-tests.dnsdist/test_DOH.py b/regression-tests.dnsdist/test_DOH.py index fe8f1d0320..a7429bf005 100644 --- a/regression-tests.dnsdist/test_DOH.py +++ b/regression-tests.dnsdist/test_DOH.py @@ -410,6 +410,7 @@ class DOHTests(object): wire = query.to_wire() b64 = base64.urlsafe_b64encode(wire).decode('UTF8').rstrip('=') url = self._dohBaseURL + '?dns=' + b64 + responseHeaders = BytesIO() conn = pycurl.Curl() conn.setopt(pycurl.HTTP_VERSION, pycurl.CURL_HTTP_VERSION_1_1) conn.setopt(pycurl.HTTPHEADER, ["Content-type: application/dns-message", @@ -419,14 +420,25 @@ class DOHTests(object): conn.setopt(pycurl.SSL_VERIFYPEER, 1) conn.setopt(pycurl.SSL_VERIFYHOST, 2) conn.setopt(pycurl.CAINFO, self._caCert) + conn.setopt(pycurl.HEADERFUNCTION, responseHeaders.write) data = conn.perform_rb() rcode = conn.getinfo(pycurl.RESPONSE_CODE) + responseHeaders = responseHeaders.getvalue() self.assertEqual(rcode, 400) self.assertEqual(data, b'This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.\r\n') self.assertEqual(self.getHTTPCounter('connects'), httpConnections + 1) self.assertEqual(self.getHTTPCounter('http/1.1'), http1 + 1) self.assertEqual(self.getHTTPCounter('http/2'), http2) + dateFound = False + for header in responseHeaders.decode().splitlines(False): + values = header.split(':') + key = values[0] + if key.lower() == 'date': + dateFound = True + break + self.assertTrue(dateFound) + def testDOHHTTP1NotSelectedOverH2(self): """ DOH: Check that HTTP/1.1 is not selected over H2 when offered in the wrong order by the client -- 2.47.3