Add a test to query DoT using gnutls-cli

Add a test to check BIND's DoT (DNS-over-TLS) implementation using
gnutls-cli to confirm that it is compatibe with the GnuTLS library.

diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index fc5d264f98d90c401e555eac091df16614c221b7..54c339b8f4fa4be2370dba2cb67da95606a72491 100644 (file)
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -114,6 +114,9 @@ SHELL=@SHELL@
 # CURL will be empty if no program was found by configure
 CURL=@CURL@
 
+# GNUTLS_CLI will be empty if no program was found by configure
+GNUTLS_CLI=@GNUTLS_CLI@
+
 # NC will be empty if no program was found by configure
 NC=@NC@
 

diff --git a/bin/tests/system/doth/clean.sh b/bin/tests/system/doth/clean.sh
index b0fcfdf23f44de67369abaf3457e262046da2e55..b0915f53aa6406079f0c79053b023b713bc14984 100644 (file)
--- a/bin/tests/system/doth/clean.sh
+++ b/bin/tests/system/doth/clean.sh
@@ -20,5 +20,6 @@ rm -f ./*/named.memstats
 rm -f ./*/named.run
 rm -f ./*/named.run.prev
 rm -f ./dig.out.*
+rm -f ./example-soa-*.test*
 rm -f ./*/example*.db
 rm -rf ./headers.*

diff --git a/bin/tests/system/doth/example-soa-answer.good b/bin/tests/system/doth/example-soa-answer.good
new file mode 100644 (file)
index 0000000..d462dc6
Binary files /dev/null and b/bin/tests/system/doth/example-soa-answer.good differ

diff --git a/bin/tests/system/doth/example-soa-request.saved b/bin/tests/system/doth/example-soa-request.saved
new file mode 100644 (file)
index 0000000..d5225b2
Binary files /dev/null and b/bin/tests/system/doth/example-soa-request.saved differ

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index a07e9a584954641c036159f2c860de13643e05ef..e9bcb894057d5b8edf1e19fbc5f7f351e0107583 100644 (file)
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -582,5 +582,29 @@ if [ -n "$testcurl" ]; then
        status=$((status + ret))
 fi
 
+# check whether we can use gnutls-cli for sending test queries.
+if [ -x "${GNUTLS_CLI}" ] ; then
+       GNUTLS_CLI_CHECK="$(${GNUTLS_CLI} --logfile=/dev/null 2>&1 | grep -i 'illegal option')"
+
+       if [ -n "$GNUTLS_CLI_CHECK" ]; then
+               echo_i "The available version of gnutls-cli does not support the required features"
+       else
+               testgnutls=1
+       fi
+fi
+
+if [ -n "${testgnutls}" ] ; then
+       n=$((n + 1))
+       echo_i "checking sending a DoT query using gnutls-cli ($n)"
+       ret=0
+       # use gnutls-cli to query for 'example/SOA',
+       # use a timeout with a second empty `cat` because EOF in `stdin`
+       # causes gnutls-cli to disconnect without waiting for the answer
+       ( cat example-soa-request.saved && timeout 10 cat ) | "${GNUTLS_CLI}" --no-ca-verification --no-ocsp --alpn=dot --logfile=/dev/null --port=${TLSPORT} 10.53.0.1 > example-soa-answer.test$n 2>&1
+       diff example-soa-answer.good example-soa-answer.test$n > /dev/null 2>&1 || ret=1
+       if [ $ret != 0 ]; then echo_i "failed"; fi
+       status=$((status + ret))
+fi
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

diff --git a/configure.ac b/configure.ac
index b525a080d63cd9f438075acd236d69b75ddbd09c..580095ef756a005bc54f1cae606cf78469df4fae 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1259,6 +1259,13 @@ AC_CONFIG_FILES([doc/doxygen/doxygen-input-filter],
 AC_PATH_PROG(CURL, curl, curl)
 AC_SUBST(CURL)
 
+#
+# Look for gnutls-cli
+#
+
+AC_PATH_PROG([GNUTLS_CLI], [gnutls-cli], [])
+AC_SUBST(GNUTLS_CLI)
+
 #
 # Look for nc
 #