- Add DoH tests

diff --git a/services/mesh.c b/services/mesh.c
index 225449fb9ea7c325210f538fec629d5b67ff3983..c2afdbf820d5099e06f668cc0ff540306363ca4a 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -1212,6 +1212,10 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
                rcode = LDNS_RCODE_SERVFAIL;
        if(r->query_reply.c->alpn_h2) {
                r->query_reply.c->h2_stream = r->h2_stream;
+               /* Mesh reply won't exist for long anymore. Make it impossible
+                * for HTTP/2 stream to refer to mesh state, in case
+                * connection gets cleanup before HTTP/2 stream close. */
+               r->h2_stream->mesh_state = NULL;
        }
        /* send the reply */
        /* We don't reuse the encoded answer if either the previous or current

diff --git a/sldns/parseutil.c b/sldns/parseutil.c
index b51a0709d60d21fa6e2c794e3ef7081fa1981aed..dc8354b62b84f80af3043e92b8090537c69aab9b 100644 (file)
--- a/sldns/parseutil.c
+++ b/sldns/parseutil.c
@@ -619,13 +619,18 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize)
  *
  * This routine does not insert spaces or linebreaks after 76 characters.
  */
-int sldns_b64_ntop(uint8_t const *src, size_t srclength,
-       char *target, size_t targsize)
+static int sldns_b64_ntop_base(uint8_t const *src, size_t srclength,
+       char *target, size_t targsize, int base64url, int padding)
 {
-       const char* b64 =
-       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+       char* b64;
        const char pad64 = '=';
        size_t i = 0, o = 0;
+       if(base64url)
+               b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
+                       "456789-_";
+       else
+               b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
+                       "456789+/";
        if(targsize < sldns_b64_ntop_calculate_size(srclength))
                return -1;
        /* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */
@@ -645,18 +650,26 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength,
                target[o] = b64[src[i] >> 2];
                target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ];
                target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ];
-               target[o+3] = pad64;
-               /* i += 2; */
-               o += 4;
+               if(padding) {
+                       target[o+3] = pad64;
+                       /* i += 2; */
+                       o += 4;
+               } else {
+                       o += 3;
+               }
                break;
        case 1:
                /* one at end, converted into A B = = */
                target[o] = b64[src[i] >> 2];
                target[o+1] = b64[ ((src[i]&0x03)<<4) ];
-               target[o+2] = pad64;
-               target[o+3] = pad64;
-               /* i += 1; */
-               o += 4;
+               if(padding) {
+                       target[o+2] = pad64;
+                       target[o+3] = pad64;
+                       /* i += 1; */
+                       o += 4;
+               } else {
+                       o += 2;
+               }
                break;
        case 0:
        default:
@@ -669,6 +682,20 @@ int sldns_b64_ntop(uint8_t const *src, size_t srclength,
        return (int)o;
 }
 
+int sldns_b64_ntop(uint8_t const *src, size_t srclength, char *target,
+       size_t targsize)
+{
+       return sldns_b64_ntop_base(src, srclength, target, targsize,
+               0 /* no base64url */, 1 /* padding */);
+}
+
+int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
+       size_t targsize)
+{
+       return sldns_b64_ntop_base(src, srclength, target, targsize,
+               1 /* base64url */, 0 /* no padding */);
+}
+
 size_t sldns_b64_pton_calculate_size(size_t srcsize)
 {
        return (((((srcsize + 3) / 4) * 3)) + 1);

diff --git a/sldns/parseutil.h b/sldns/parseutil.h
index 852ad3fb54748eb23a1c614be7fb29f778fe42b1..7eb23317f285dcb4dd61ac1371f2c45461b60d0c 100644 (file)
--- a/sldns/parseutil.h
+++ b/sldns/parseutil.h
@@ -92,6 +92,8 @@ size_t sldns_b64_ntop_calculate_size(size_t srcsize);
 
 int sldns_b64_ntop(uint8_t const *src, size_t srclength,
        char *target, size_t targsize);
+int sldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
+       size_t targsize);
 
 /**
  * calculates the size needed to store the result of sldns_b64_pton

diff --git a/testdata/doh_downstream.tdir/doh_downstream.conf b/testdata/doh_downstream.tdir/doh_downstream.conf
new file mode 100644 (file)
index 0000000..f0857bb
--- /dev/null
+++ b/testdata/doh_downstream.tdir/doh_downstream.conf
@@ -0,0 +1,27 @@
+server:
+       verbosity: 2
+       # num-threads: 1
+       interface: 127.0.0.1@@PORT@
+       https-port: @PORT@
+       tls-service-key: "unbound_server.key"
+       tls-service-pem: "unbound_server.pem"
+       use-syslog: no
+       directory: .
+       pidfile: "unbound.pid"
+       chroot: ""
+       username: ""
+       do-not-query-localhost: no
+       http-query-buffer-size: 1G
+       http-response-buffer-size: 1G
+       http-max-streams: 200
+
+       local-zone: "example.net" static
+       local-data: "www1.example.net. IN A 1.2.3.1"
+       local-data: "www2.example.net. IN A 1.2.3.2"
+       local-data: "www3.example.net. IN A 1.2.3.3"
+       local-zone: "drop.net" deny
+       tcp-upstream: yes
+
+forward-zone:
+       name: "."
+       forward-addr: "127.0.0.1@@TOPORT@"

diff --git a/testdata/doh_downstream.tdir/doh_downstream.dsc b/testdata/doh_downstream.tdir/doh_downstream.dsc
new file mode 100644 (file)
index 0000000..66b8428
--- /dev/null
+++ b/testdata/doh_downstream.tdir/doh_downstream.dsc
@@ -0,0 +1,16 @@
+BaseName: doh_downstream
+Version: 1.0
+Description: Test DNS-over-HTTPS query processing
+CreationDate: Mon Jun 12 12:00:00 CET 2020
+Maintainer:
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: doh_downstream.pre
+Post: doh_downstream.post
+Test: doh_downstream.test
+AuxFiles: 
+Passed:
+Failure:

diff --git a/testdata/doh_downstream.tdir/doh_downstream.post b/testdata/doh_downstream.tdir/doh_downstream.post
new file mode 100644 (file)
index 0000000..432e0ee
--- /dev/null
+++ b/testdata/doh_downstream.tdir/doh_downstream.post
@@ -0,0 +1,11 @@
+# #-- doh_downstream.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+. ../common.sh
+kill_pid $FWD_PID
+kill_pid $UNBOUND_PID
+cat unbound.log

diff --git a/testdata/doh_downstream.tdir/doh_downstream.pre b/testdata/doh_downstream.tdir/doh_downstream.pre
new file mode 100644 (file)
index 0000000..84734d7
--- /dev/null
+++ b/testdata/doh_downstream.tdir/doh_downstream.pre
@@ -0,0 +1,31 @@
+# #-- doh_downstream.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+get_random_port 2
+UNBOUND_PORT=$RND_PORT
+FWD_PORT=$(($RND_PORT + 1))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+
+# start forwarder
+get_ldns_testns
+$LDNS_TESTNS -p $FWD_PORT doh_downstream.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream.conf > ub.conf
+# start unbound in the background
+PRE="../.."
+$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_unbound_up unbound.log
+

diff --git a/testdata/doh_downstream.tdir/doh_downstream.test b/testdata/doh_downstream.tdir/doh_downstream.test
new file mode 100644 (file)
index 0000000..98a54af
--- /dev/null
+++ b/testdata/doh_downstream.tdir/doh_downstream.test
@@ -0,0 +1,343 @@
+# #-- doh_downstream.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+get_make
+(cd $PRE; $MAKE dohclient)
+
+
+# this test query should just work (server is up)
+echo "> query www1.example.net."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+echo "OK"
+
+# multiple requests (from localdata)
+echo "> query www1.example.net. www2.example.net. www3.example.net."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+# out of order requests, the example.com elements take 2 seconds to wait.
+echo ""
+echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www.example.com" outfile | grep "10.20.30.40"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.com" outfile | grep "10.20.30.42"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+# out of order requests, the example.com elements take 2 seconds to wait.
+# www.example.com present twice, answered twice.
+echo ""
+echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www.example.com" outfile | grep "10.20.30.40"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+# out of order requests, the example.com elements take 2 seconds to wait.
+# www3.example.com present twice, answered twice.
+echo ""
+echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.com" outfile | grep "10.20.30.43"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+echo ""
+echo "> query www4.example.com. www3.example.net."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www4.example.com" outfile | grep "10.20.30.44"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+
+echo ""
+echo "> query a1.example.com. - a90.example.com."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+grep "a.example.com.   IN      A" outfile
+
+echo ""
+echo "> query www5.example.net. www3.example.net. www.drop.net."
+$PRE/dohclient -s 127.0.0.1 -p $UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+
+echo "OK"
+exit 0

diff --git a/testdata/doh_downstream.tdir/doh_downstream.testns b/testdata/doh_downstream.tdir/doh_downstream.testns
new file mode 100644 (file)
index 0000000..c53941b
--- /dev/null
+++ b/testdata/doh_downstream.tdir/doh_downstream.testns
@@ -0,0 +1,74 @@
+; nameserver test file
+$ORIGIN example.com.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www    IN      A
+SECTION ANSWER
+www    IN      A       10.20.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www2   IN      A
+SECTION ANSWER
+www2   IN      A       10.20.30.42
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www3   IN      A
+SECTION ANSWER
+www3   IN      A       10.20.30.43
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www4   IN      A
+SECTION ANSWER
+www4   IN      A       10.20.30.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www5   IN      A
+SECTION ANSWER
+www5   IN      A       10.20.30.45
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www6   IN      A
+SECTION ANSWER
+www6   IN      A       10.20.30.46
+ENTRY_END
+
+; lots of noerror/nodata answers for other queries (a.. queries)
+ENTRY_BEGIN
+MATCH opcode qtype subdomain
+REPLY QR AA NOERROR
+ADJUST copy_id copy_query
+SECTION QUESTION
+a.example.com. IN      A
+SECTION AUTHORITY
+example.com.   IN SOA ns hostmaster 2019 28800 7200 604800 3600
+ENTRY_END

diff --git a/testdata/doh_downstream.tdir/unbound_server.key b/testdata/doh_downstream.tdir/unbound_server.key
new file mode 100644 (file)
index 0000000..4256c42
--- /dev/null
+++ b/testdata/doh_downstream.tdir/unbound_server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
+3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
+RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
+AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
+6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
+sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
+XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
+fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
+CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
+0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
+oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
+In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
+LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
+-----END RSA PRIVATE KEY-----

diff --git a/testdata/doh_downstream.tdir/unbound_server.pem b/testdata/doh_downstream.tdir/unbound_server.pem
new file mode 100644 (file)
index 0000000..aeda3ff
--- /dev/null
+++ b/testdata/doh_downstream.tdir/unbound_server.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
+AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
+y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
+/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
+g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
+9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
+l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
+Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
+-----END CERTIFICATE-----

diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.conf b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf
new file mode 100644 (file)
index 0000000..f0857bb
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.conf
@@ -0,0 +1,27 @@
+server:
+       verbosity: 2
+       # num-threads: 1
+       interface: 127.0.0.1@@PORT@
+       https-port: @PORT@
+       tls-service-key: "unbound_server.key"
+       tls-service-pem: "unbound_server.pem"
+       use-syslog: no
+       directory: .
+       pidfile: "unbound.pid"
+       chroot: ""
+       username: ""
+       do-not-query-localhost: no
+       http-query-buffer-size: 1G
+       http-response-buffer-size: 1G
+       http-max-streams: 200
+
+       local-zone: "example.net" static
+       local-data: "www1.example.net. IN A 1.2.3.1"
+       local-data: "www2.example.net. IN A 1.2.3.2"
+       local-data: "www3.example.net. IN A 1.2.3.3"
+       local-zone: "drop.net" deny
+       tcp-upstream: yes
+
+forward-zone:
+       name: "."
+       forward-addr: "127.0.0.1@@TOPORT@"

diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc
new file mode 100644 (file)
index 0000000..70de750
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.dsc
@@ -0,0 +1,16 @@
+BaseName: doh_downstream_post
+Version: 1.0
+Description: Test DNS-over-HTTPS query processing, using POST method
+CreationDate: Mon Jun 12 12:00:00 CET 2020
+Maintainer:
+Category: 
+Component:
+CmdDepends: 
+Depends: 
+Help:
+Pre: doh_downstream_post.pre
+Post: doh_downstream_post.post
+Test: doh_downstream_post.test
+AuxFiles: 
+Passed:
+Failure:

diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.post b/testdata/doh_downstream_post.tdir/doh_downstream_post.post
new file mode 100644 (file)
index 0000000..f66183b
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.post
@@ -0,0 +1,11 @@
+# #-- doh_downstream_post.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+. ../common.sh
+kill_pid $FWD_PID
+kill_pid $UNBOUND_PID
+cat unbound.log

diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.pre b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre
new file mode 100644 (file)
index 0000000..e32f187
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.pre
@@ -0,0 +1,30 @@
+# #-- doh_downstream_post.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+. ../common.sh
+get_random_port 2
+UNBOUND_PORT=$RND_PORT
+FWD_PORT=$(($RND_PORT + 1))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "FWD_PORT=$FWD_PORT" >> .tpkg.var.test
+
+# start forwarder
+get_ldns_testns
+$LDNS_TESTNS -p $FWD_PORT doh_downstream_post.testns >fwd.log 2>&1 &
+FWD_PID=$!
+echo "FWD_PID=$FWD_PID" >> .tpkg.var.test
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$FWD_PORT'/' < doh_downstream_post.conf > ub.conf
+# start unbound in the background
+PRE="../.."
+$PRE/unbound -vvvv -d -c ub.conf >unbound.log 2>&1 &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+
+cat .tpkg.var.test
+wait_ldns_testns_up fwd.log
+wait_unbound_up unbound.log

diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.test b/testdata/doh_downstream_post.tdir/doh_downstream_post.test
new file mode 100644 (file)
index 0000000..4a49c8b
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.test
@@ -0,0 +1,343 @@
+# #-- doh_downstream_post.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+get_make
+(cd $PRE; $MAKE dohclient)
+
+
+# this test query should just work (server is up)
+echo "> query www1.example.net."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+echo "OK"
+
+# multiple requests (from localdata)
+echo "> query www1.example.net. www2.example.net. www3.example.net."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www2.example.net A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+# out of order requests, the example.com elements take 2 seconds to wait.
+echo ""
+echo "> query www1.example.net. www.example.com. www2.example.net. www2.example.com. www3.example.net."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www2.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www.example.com" outfile | grep "10.20.30.40"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.com" outfile | grep "10.20.30.42"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+# out of order requests, the example.com elements take 2 seconds to wait.
+# www.example.com present twice, answered twice.
+echo ""
+echo "> query www1.example.net. www.example.com. www2.example.net. www.example.com. www3.example.net."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www.example.com. A IN www2.example.net A IN www.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www.example.com" outfile | grep "10.20.30.40"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+# out of order requests, the example.com elements take 2 seconds to wait.
+# www3.example.com present twice, answered twice.
+echo ""
+echo "> query www1.example.net. www3.example.com. www2.example.net. www3.example.com. www3.example.net."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www1.example.net. A IN www3.example.com. A IN www2.example.net A IN www3.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www1.example.net" outfile | grep "1.2.3.1"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www2.example.net" outfile | grep "1.2.3.2"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www3.example.com" outfile | grep "10.20.30.43"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+echo ""
+echo "> query www4.example.com. www3.example.net."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www4.example.com. A IN www3.example.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+if grep "www3.example.net" outfile | grep "1.2.3.3"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+if grep "www4.example.com" outfile | grep "10.20.30.44"; then
+       echo "content OK"
+else
+       echo "result contents not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "result contents not OK"
+       exit 1
+fi
+
+
+echo ""
+echo "> query a1.example.com. - a90.example.com."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www6.example.com. A IN a1.a.example.com. A IN a2.a.example.com. A IN a3.a.example.com. A IN a4.a.example.com. A IN a5.a.example.com. A IN a6.a.example.com. A IN a7.a.example.com. A IN a8.a.example.com. A IN a9.a.example.com. A IN a10.a.example.com. A IN a11.a.example.com. A IN a12.a.example.com. A IN a13.a.example.com. A IN a14.a.example.com. A IN a15.a.example.com. A IN a16.a.example.com. A IN a17.a.example.com. A IN a18.a.example.com. A IN a19.a.example.com. A IN a20.a.example.com. A IN a21.a.example.com. A IN a22.a.example.com. A IN a23.a.example.com. A IN a24.a.example.com. A IN a25.a.example.com. A IN a26.a.example.com. A IN a27.a.example.com. A IN a28.a.example.com. A IN a29.a.example.com. A IN a30.a.example.com. A IN a31.a.example.com. A IN a32.a.example.com. A IN a33.a.example.com. A IN a34.a.example.com. A IN a35.a.example.com. A IN a36.a.example.com. A IN a37.a.example.com. A IN a38.a.example.com. A IN a39.a.example.com. A IN a40.a.example.com. A IN a41.a.example.com. A IN a42.a.example.com. A IN a43.a.example.com. A IN a44.a.example.com. A IN a45.a.example.com. A IN a46.a.example.com. A IN a47.a.example.com. A IN a48.a.example.com. A IN a49.a.example.com. A IN a50.a.example.com. A IN a51.a.example.com. A IN a52.a.example.com. A IN a53.a.example.com. A IN a54.a.example.com. A IN a55.a.example.com. A IN a56.a.example.com. A IN a57.a.example.com. A IN a58.a.example.com. A IN a59.a.example.com. A IN a60.a.example.com. A IN a61.a.example.com. A IN a62.a.example.com. A IN a63.a.example.com. A IN a64.a.example.com. A IN a65.a.example.com. A IN a66.a.example.com. A IN a67.a.example.com. A IN a68.a.example.com. A IN a69.a.example.com. A IN a70.a.example.com. A IN a71.a.example.com. A IN a72.a.example.com. A IN a73.a.example.com. A IN a74.a.example.com. A IN a75.a.example.com. A IN a76.a.example.com. A IN a77.a.example.com. A IN a78.a.example.com. A IN a79.a.example.com. A IN a80.a.example.com. A IN a81.a.example.com. A IN a82.a.example.com. A IN a83.a.example.com. A IN a84.a.example.com. A IN a85.a.example.com. A IN a86.a.example.com. A IN a87.a.example.com. A IN a88.a.example.com. A IN a89.a.example.com. A IN a90.a.example.com. A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+grep "a.example.com.   IN      A" outfile
+
+echo ""
+echo "> query www5.example.net. www3.example.net. www.drop.net."
+$PRE/dohclient -P -s 127.0.0.1 -p $UNBOUND_PORT www5.example.com. A IN www3.example.net A IN www.drop.net A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+       echo "exit status not OK"
+       echo "> cat logfiles"
+       cat outfile
+       cat fwd.log 
+       cat unbound.log
+       echo "Not OK"
+       exit 1
+fi
+
+echo "OK"
+exit 0

diff --git a/testdata/doh_downstream_post.tdir/doh_downstream_post.testns b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns
new file mode 100644 (file)
index 0000000..c53941b
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/doh_downstream_post.testns
@@ -0,0 +1,74 @@
+; nameserver test file
+$ORIGIN example.com.
+$TTL 3600
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www    IN      A
+SECTION ANSWER
+www    IN      A       10.20.30.40
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www2   IN      A
+SECTION ANSWER
+www2   IN      A       10.20.30.42
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id
+SECTION QUESTION
+www3   IN      A
+SECTION ANSWER
+www3   IN      A       10.20.30.43
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www4   IN      A
+SECTION ANSWER
+www4   IN      A       10.20.30.44
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www5   IN      A
+SECTION ANSWER
+www5   IN      A       10.20.30.45
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+REPLY QR AA NOERROR
+ADJUST copy_id sleep=2
+SECTION QUESTION
+www6   IN      A
+SECTION ANSWER
+www6   IN      A       10.20.30.46
+ENTRY_END
+
+; lots of noerror/nodata answers for other queries (a.. queries)
+ENTRY_BEGIN
+MATCH opcode qtype subdomain
+REPLY QR AA NOERROR
+ADJUST copy_id copy_query
+SECTION QUESTION
+a.example.com. IN      A
+SECTION AUTHORITY
+example.com.   IN SOA ns hostmaster 2019 28800 7200 604800 3600
+ENTRY_END

diff --git a/testdata/doh_downstream_post.tdir/unbound_server.key b/testdata/doh_downstream_post.tdir/unbound_server.key
new file mode 100644 (file)
index 0000000..4256c42
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/unbound_server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQC3F7Jsv2u01pLL9rFnjsMU/IaCFUIz/624DcaE84Z4gjMl5kWA
+3axQcqul1wlwSrbKwrony+d9hH/+MX0tZwvl8w3OmhmOAiaQ+SHCsIuOjVwQjX0s
+RLB61Pz5+PAiVvnPa9JIYB5QrK6DVEsxIHj8MOc5JKORrnESsFDh6yeMeQIDAQAB
+AoGAAuWoGBprTOA8UGfl5LqYkaNxSWumsYXxLMFjC8WCsjN1NbtQDDr1uAwodSZS
+6ujzvX+ZTHnofs7y64XC8k34HTOCD2zlW7kijWbT8YjRYFU6o9F5zUGD9RCan0ds
+sVscT2psLSzfdsmFAcbmnGdxYkXk2PC1FHtaqExxehralGUCQQDcqrg9uQKXlhQi
+XAaPr8SiWvtRm2a9IMMZkRfUWZclPHq6fCWNuUaCD+cTat4wAuqeknAz33VEosw3
+fXGsok//AkEA1GjIHXrOcSlpfVJb6NeOBugjRtZ7ZDT5gbtnMS9ob0qntKV6saaL
+CNmJwuD9Q3XkU5j1+uHvYGP2NzcJd2CjhwJACV0hNlVMe9w9fHvFN4Gw6WbM9ViP
+0oS6YrJafYNTu5vGZXVxLoNnL4u3NYa6aPUmuZXjNwBLfJ8f5VboZPf6RwJAINd2
+oYA8bSi/A755MX4qmozH74r4Fx1Nuq5UHTm8RwDe/0Javx8F/j9MWpJY9lZDEF3l
+In5OebPa/NyInSmW/wJAZuP9aRn0nDBkHYri++1A7NykMiJ/nH0mDECbnk+wxx0S
+LwqIetBhxb8eQwMg45+iAH7CHAMQ8BQuF/nFE6eotg==
+-----END RSA PRIVATE KEY-----

diff --git a/testdata/doh_downstream_post.tdir/unbound_server.pem b/testdata/doh_downstream_post.tdir/unbound_server.pem
new file mode 100644 (file)
index 0000000..aeda3ff
--- /dev/null
+++ b/testdata/doh_downstream_post.tdir/unbound_server.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBmzCCAQQCCQDsNJ1UmphEFzANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd1
+bmJvdW5kMB4XDTA4MDkxMTA5MDk0MFoXDTI4MDUyOTA5MDk0MFowEjEQMA4GA1UE
+AxMHdW5ib3VuZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtxeybL9rtNaS
+y/axZ47DFPyGghVCM/+tuA3GhPOGeIIzJeZFgN2sUHKrpdcJcEq2ysK6J8vnfYR/
+/jF9LWcL5fMNzpoZjgImkPkhwrCLjo1cEI19LESwetT8+fjwIlb5z2vSSGAeUKyu
+g1RLMSB4/DDnOSSjka5xErBQ4esnjHkCAwEAATANBgkqhkiG9w0BAQUFAAOBgQAZ
+9N0lnLENs4JMvPS+mn8C5m9bkkFITd32IiLjf0zgYpIUbFXH6XaEr9GNZBUG8feG
+l/6WRXnbnVSblI5odQ4XxGZ9inYY6qtW30uv76HvoKp+QZ1c3460ddR8NauhcCHH
+Z7S+QbLXi+r2JAhpPozZCjBHlRD0ixzA1mKQTJhJZg==
+-----END CERTIFICATE-----

diff --git a/util/netevent.c b/util/netevent.c
index 749781934bca1765f059d43d238717e7484aa42c..49ad08a4d9bf27d6c80bf62813118cf704cb9acc 100644 (file)
--- a/util/netevent.c
+++ b/util/netevent.c
@@ -2289,12 +2289,13 @@ struct http2_stream* http2_stream_create(int32_t stream_id)
 }
 
 /** Delete http2 stream. After session delete or stream close callback */
-void http2_stream_delete(struct http2_session* h2_session,
+static void http2_stream_delete(struct http2_session* h2_session,
        struct http2_stream* h2_stream)
 {
        if(h2_stream->mesh_state) {
                mesh_state_remove_reply(h2_stream->mesh, h2_stream->mesh_state,
                        h2_session->c);
+               h2_stream->mesh_state = NULL;
        }
        http2_req_stream_clear(h2_stream);
        free(h2_stream);
@@ -2426,7 +2427,8 @@ comm_point_http2_handle_read(int ATTR_UNUSED(fd), struct comm_point* c)
        /* reading until recv cb returns NGHTTP2_ERR_WOULDBLOCK */
        ret = nghttp2_session_recv(c->h2_session->session);
        if(ret) {
-               if(ret != NGHTTP2_ERR_EOF) {
+               if(ret != NGHTTP2_ERR_EOF &&
+                       ret != NGHTTP2_ERR_CALLBACK_FAILURE) {
                        verbose(VERB_QUERY, "http2: session_recv failed, "
                                "error: %s", nghttp2_strerror(ret));
                }