From: Alexander Sosedkin Date: Fri, 16 Jan 2026 16:43:35 +0000 (+0100) Subject: tests/suite/testdane.sh: with and w/o --local-dns; 50% success rate X-Git-Tag: 3.8.12~6^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=57832ac993fd548153acb3c0055cede5347fcc5b;p=thirdparty%2Fgnutls.git tests/suite/testdane.sh: with and w/o --local-dns; 50% success rate Signed-off-by: Alexander Sosedkin --- diff --git a/tests/suite/testdane.sh b/tests/suite/testdane.sh index c3b8c3eef7..28d87fa110 100755 --- a/tests/suite/testdane.sh +++ b/tests/suite/testdane.sh @@ -17,6 +17,8 @@ # You should have received a copy of the GNU General Public License # along with GnuTLS. If not, see . +# shellcheck shell=sh + : ${srcdir=.} : ${DANETOOL=../../src/danetool${EXEEXT}} unset RETCODE @@ -48,73 +50,106 @@ HOSTS="${HOSTS} www.huque.com" HOSTS="${HOSTS} www.bortzmeyer.org" HOSTS="${HOSTS} dns.bortzmeyer.org" # used to work: good.dane.verisignlabs.com +total_hosts=0 +ok_hosts=0 for host in ${HOSTS}; do + total_hosts=$(expr ${total_hosts} + 1) nc -w 5 "${host}" 443 >/dev/null <<_EOF GET / HTTP/1.0 _EOF + if test $? != 0; then + echo "${host}: SKIPPED (unreachable)" + echo + continue + fi - if test $? = 0;then - echo "${host}: " - "${DANETOOL}" --check "${host}" 2>&1 - if [ $? != 0 ]; then - echo "Error checking ${host}" - exit 1 - fi + echo "${host}:" + if "${DANETOOL}" --check "${host}" 2>&1; then + ok_hosts=$(expr ${ok_hosts} + 1) echo "ok" + else + echo "retrying with --local-dns" + if "${DANETOOL}" --check "${host}" --local-dns 2>&1; then + ok_hosts=$(expr ${ok_hosts} + 1) + echo "ok (with --local-dns)" + else + echo "FAILED (both attempts)" + fi fi + echo done +echo +echo "Total hosts: ${total_hosts}" +echo "Passed hosts: ${ok_hosts}" +required=$(expr ${total_hosts} / 2) +if test ${ok_hosts} -lt 1; then + echo "FAIL: Not a single good HTTPS host passed!" + exit 1 +fi +if test ${ok_hosts} -lt ${required}; then + echo "FAIL: ${ok_hosts}/${total_hosts} good HTTPS hosts passed (<50%)" + exit 1 +fi +echo "PASS: ${ok_hosts}/${total_hosts} good HTTPS hosts passed (>=50%)" +echo + +echo "*** Testing good SMTP hosts (among reachable SMTP hosts only) ***" +# Note that port 25 is often outright blocked, so here we'd be checking +# ok hosts against reachable hosts, not against total hosts. -echo "" -echo "*** Testing good SMTP hosts ***" HOSTS="nlnetlabs.nl" HOSTS="${HOSTS} nlnet.nl" HOSTS="${HOSTS} jhcloos.com" HOSTS="${HOSTS} openssl.org" HOSTS="${HOSTS} ietf.org" +reachable_hosts=0 +ok_hosts=0 for host in ${HOSTS}; do - nc -w 5 "${host}" 25 >/dev/null <<_EOF QUIT _EOF + if test $? != 0; then + echo "${host}: SKIPPED (unreachable)" + echo + continue + fi - if test $? = 0;then - echo "${host}: " - "${DANETOOL}" --check "${host}" --port 25 2>&1 - if [ $? != 0 ]; then - echo "Error checking ${host}" - exit 1 - fi + reachable_hosts=$(expr ${reachable_hosts} + 1) + echo "${host}:" + if "${DANETOOL}" --check "${host}" --port 25 2>&1; then + ok_hosts=$(expr ${ok_hosts} + 1) echo "ok" + else + echo "retrying with --local-dns" + if "${DANETOOL}" --check "${host}" --port 25 --local-dns 2>&1 + then + ok_hosts=$(expr ${ok_hosts} + 1) + echo "ok (with --local-dns)" + else + echo "FAILED (both attempts)" + fi fi + echo done +echo +echo "Reachable hosts: ${reachable_hosts}" +echo "Passed hosts: ${ok_hosts}" +required=$(expr ${reachable_hosts} / 2) +if test ${ok_hosts} -lt ${required}; then + echo "FAIL: ${ok_hosts}/${reachable_hosts} SMTP hosts passed (<50%)" + exit 1 +fi +echo "PASS: ${ok_hosts}/${reachable_hosts} SMTP hosts passed (>=50%)" +echo -echo "" -echo "*** Testing bad HTTPS hosts ***" +# *** Testing bad HTTPS hosts *** # Unfortunately no intentionally broken ones remain up in 2026 # used to work: dane-broken.rd.nic.fr # used to work: bad-hash.dane.verisignlabs.com # used to work: bad-params.dane.verisignlabs.com # used to work: bad-sig.dane.verisignlabs.com # unintentionally broken ones: www.vulcano.cl www.kumari.net -HOSTS="" -for host in ${HOSTS}; do - - nc -w 5 "${host}" 443 >/dev/null <<_EOF -GET / HTTP/1.0 - -_EOF - if test $? = 0;then - echo "${host}: " - "${DANETOOL}" --check "${host}" 2>&1 - if [ $? = 0 ]; then - echo "Checking ${host} should have failed" - exit 1 - fi - echo "ok" - fi -done - exit 0