DoH: Extend 'doth' test with a check if dig can detect ALPN failure

This commit extends the 'doth' system test to verify if 'dig' can
detect an properly recover after ALPN negotiation failure when making
a DoH query.

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 77acac562d2cc2e72494959da58aee172426bb81..ee25102f2a6e140ba5d2d129249ea680893961cd 100644 (file)
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -116,6 +116,17 @@ grep "$msg_xfrs_not_allowed" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+# Let's try to issue an HTTP/2 query over TLS port to check if dig
+# will detect ALPN token negotiation problem.
+n=$((n + 1))
+echo_i "checking DoH query when ALPN is expected to fail (dot, failure expected) ($n)"
+ret=0
+# shellcheck disable=SC2086
+"$DIG" +https $common_dig_options -p "${TLSPORT}" "$@" @10.53.0.1 . SOA > dig.out.test$n
+grep "ALPN for HTTP/2 failed." dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 n=$((n + 1))
 echo_i "checking DoH query (POST) ($n)"
 ret=0