From: Artem Boldariev <artem@boldariev.com>
Date: Wed, 24 Nov 2021 12:26:40 +0000 (+0200)
Subject: DoH: Extend 'doth' test with a check if dig can detect ALPN failure
X-Git-Tag: v9.17.21~15^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=babc2749b50d7a470d5a6d31cd6c6b1e7c48d8fa;p=thirdparty%2Fbind9.git

DoH: Extend 'doth' test with a check if dig can detect ALPN failure

This commit extends the 'doth' system test to verify if 'dig' can
detect an properly recover after ALPN negotiation failure when making
a DoH query.
---

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 77acac562d2..ee25102f2a6 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -116,6 +116,17 @@ grep "$msg_xfrs_not_allowed" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+# Let's try to issue an HTTP/2 query over TLS port to check if dig
+# will detect ALPN token negotiation problem.
+n=$((n + 1))
+echo_i "checking DoH query when ALPN is expected to fail (dot, failure expected) ($n)"
+ret=0
+# shellcheck disable=SC2086
+"$DIG" +https $common_dig_options -p "${TLSPORT}" "$@" @10.53.0.1 . SOA > dig.out.test$n
+grep "ALPN for HTTP/2 failed." dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 n=$((n + 1))
 echo_i "checking DoH query (POST) ($n)"
 ret=0