From: Aram Sargsyan Date: Mon, 10 Jan 2022 12:42:09 +0000 (+0000) Subject: Add a test to query DoT using gnutls-cli X-Git-Tag: v9.18.0~23^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=daf11421df0db6a324433089d68c887e5da7fabe;p=thirdparty%2Fbind9.git Add a test to query DoT using gnutls-cli Add a test to check BIND's DoT (DNS-over-TLS) implementation using gnutls-cli to confirm that it is compatibe with the GnuTLS library. --- diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index fc5d264f98d..54c339b8f4f 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -114,6 +114,9 @@ SHELL=@SHELL@ # CURL will be empty if no program was found by configure CURL=@CURL@ +# GNUTLS_CLI will be empty if no program was found by configure +GNUTLS_CLI=@GNUTLS_CLI@ + # NC will be empty if no program was found by configure NC=@NC@ diff --git a/bin/tests/system/doth/clean.sh b/bin/tests/system/doth/clean.sh index b0fcfdf23f4..b0915f53aa6 100644 --- a/bin/tests/system/doth/clean.sh +++ b/bin/tests/system/doth/clean.sh @@ -20,5 +20,6 @@ rm -f ./*/named.memstats rm -f ./*/named.run rm -f ./*/named.run.prev rm -f ./dig.out.* +rm -f ./example-soa-*.test* rm -f ./*/example*.db rm -rf ./headers.* diff --git a/bin/tests/system/doth/example-soa-answer.good b/bin/tests/system/doth/example-soa-answer.good new file mode 100644 index 00000000000..d462dc684db Binary files /dev/null and b/bin/tests/system/doth/example-soa-answer.good differ diff --git a/bin/tests/system/doth/example-soa-request.saved b/bin/tests/system/doth/example-soa-request.saved new file mode 100644 index 00000000000..d5225b25153 Binary files /dev/null and b/bin/tests/system/doth/example-soa-request.saved differ diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh index a07e9a58495..e9bcb894057 100644 --- a/bin/tests/system/doth/tests.sh +++ b/bin/tests/system/doth/tests.sh @@ -582,5 +582,29 @@ if [ -n "$testcurl" ]; then status=$((status + ret)) fi +# check whether we can use gnutls-cli for sending test queries. +if [ -x "${GNUTLS_CLI}" ] ; then + GNUTLS_CLI_CHECK="$(${GNUTLS_CLI} --logfile=/dev/null 2>&1 | grep -i 'illegal option')" + + if [ -n "$GNUTLS_CLI_CHECK" ]; then + echo_i "The available version of gnutls-cli does not support the required features" + else + testgnutls=1 + fi +fi + +if [ -n "${testgnutls}" ] ; then + n=$((n + 1)) + echo_i "checking sending a DoT query using gnutls-cli ($n)" + ret=0 + # use gnutls-cli to query for 'example/SOA', + # use a timeout with a second empty `cat` because EOF in `stdin` + # causes gnutls-cli to disconnect without waiting for the answer + ( cat example-soa-request.saved && timeout 10 cat ) | "${GNUTLS_CLI}" --no-ca-verification --no-ocsp --alpn=dot --logfile=/dev/null --port=${TLSPORT} 10.53.0.1 > example-soa-answer.test$n 2>&1 + diff example-soa-answer.good example-soa-answer.test$n > /dev/null 2>&1 || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) +fi + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/configure.ac b/configure.ac index b525a080d63..580095ef756 100644 --- a/configure.ac +++ b/configure.ac @@ -1259,6 +1259,13 @@ AC_CONFIG_FILES([doc/doxygen/doxygen-input-filter], AC_PATH_PROG(CURL, curl, curl) AC_SUBST(CURL) +# +# Look for gnutls-cli +# + +AC_PATH_PROG([GNUTLS_CLI], [gnutls-cli], []) +AC_SUBST(GNUTLS_CLI) + # # Look for nc #