From: Artem Boldariev <artem@boldariev.com>
Date: Fri, 9 Dec 2022 16:47:07 +0000 (+0200)
Subject: Extend the 'doth' system test with a Mutual TLS resumption check
X-Git-Tag: v9.19.9~82^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5d31c6ba15b42f797a8dab341a97f8f0f6aca1b;p=thirdparty%2Fbind9.git

Extend the 'doth' system test with a Mutual TLS resumption check

This commit adds a simple check to the 'doth' system test which
ensures that session resumption when Mutual TLS is used works as
expected.
---

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 920d6af2141..d22f0ef6497 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -776,6 +776,16 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+# send two requests one after another so that session resumption will happen
+n=$((n + 1))
+echo_i "checking DoH query (client certificate used - session resumption when using Mutual TLS) ($n)"
+ret=0
+# shellcheck disable=SC2086
+dig_with_https_opts +https +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA . SOA > dig.out.test$n
+grep "TLS error" dig.out.test$n > /dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 test_opcodes() {
 	EXPECT_STATUS="$1"
 	shift